Listing Thumbnail

    TrendAI Vision One™

     Info
    Sold by: Trend Micro 
    Deployed on AWS
    Free Trial
    Vendor Insights
    AWS Free Tier
    Stop threats before they strike with TrendAI Vision One™ - the AI-powered enterprise cybersecurity platform built to predict, prevent, and respond to threats across AWS, hybrid, and multi-cloud environments. Gain unified visibility, streamline cloud risk management, accelerate cloud investigations, and empower your security teams with proactive, layered protection that works at cloud speed. Proactive security starts here.
    4.6

    Overview

    Play video

    TrendAI Vision One™ gives enterprises and security leaders the power to see, secure, and control their entire multi-cloud and hybrid environments from a single, unified platform. Gain complete visibility with real-time risk scoring, threat exposure mapping, and centralized monitoring all from one intuitive dashboard.

    Backed by AI, machine learning, and predictive analytics, TrendAI Vision One™ empowers proactive cloud security by automating threat detection, risk mitigation, and response. Streamline operations, reduce security complexity, and offload the pressure on your teams with modern CNAPP capabilities so you can stay ahead of every attack.

    Trusted by industry leaders and recognized as a 2024 Gartner Peer Insights™ Customers' Choice for CNAPP, Trend Vision One is proven to reduce operational costs by up to 79% and accelerate detection and response times by 70%. It's also a Leader in the 2025 Gartner® Magic Quadrant for Endpoint Protection Platforms, delivered a 100% detection rate in MITRE evaluations, and was named a Leader in the IDC MarketScape for Cloud-Native Application Protection Platforms 2025, solidifying its position as the most trusted platform for securing the cloud.

    Confidently secure your cloud transformation with a platform built for the modern enterprise. From hybrid to multi-cloud, TrendAI Vision One™ delivers unmatched protection, visibility, and control - wherever your workloads live.

    Trend provides custom pricing via Private Offer. Please contact us if you're interested in personalized pricing options.

    Highlights

    • Identify and eliminate hidden cloud risks with unified Cyber Risk Exposure Management - discover assets, prioritize vulnerabilities, and manage posture and attack surface all from one place.
    • Stay steps ahead of threats with XDR for Cloud, which extends visibility into cloud environments and streamlines SOC investigations through powerful correlation and alerting.
    • Secure every application and workflow - from containers and code to S3 files and cloud workloads - with holistic protection via the integrated stack: Container Security, File Security, Workload Security, and Code Security.

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Vendor Insights

     Info
    Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
    Security credentials achieved
    (3)

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.
    Pricing is based on the duration and terms of your contract with the vendor, and additional usage. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. Usage-based pricing is in effect for overages or additional usage not covered in the contract. These charges are applied on top of the contract price. If you choose not to renew or replace your contract before the contract end date, access to your entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    TrendAI™ Flex (credits)
    A credit-based licensing model that offers flexibility, simplifying purchasing, deployment, and management of Trend Vision One solutions.
    $1.00

    Additional usage costs (14)

     Info

    The following dimensions are not included in the contract terms, which will be charged based on your usage.

    Dimension
    Description
    Cost/unit
    Cyber Risk Exposure Management - Cloud Risk Management
    Per 500 resources per cloud account per hour
    $0.12
    Container Security
    Per Amazon ECS instance or Kubernetes node per hour
    $0.168
    Container Security
    Per serverless container pod or task per hour
    $0.017
    File Security SDK
    Per file scan
    $0.013
    File Security Storage
    Per cloud storage per hour
    $1.155
    Endpoint Security - Essentials
    Per workload (Anti-Malware, Web Reputation, and XDR only) per hour
    $0.007
    Endpoint Security - Small
    Per EC2 instance (micro to medium), WorkSpace, or other cloud (1 vCPU) per hour
    $0.011
    Endpoint Security - Medium
    Per EC2 instance (large), WorkSpace, or other cloud (2 vCPU) per hour
    $0.032
    Endpoint Security - Large
    Per EC2 instance (XL), WorkSpace, or other cloud (4 vCPU) per hour
    $0.047
    Endpoint Security - Non-Cloud
    Per data center or non-cloud instance per hour
    $0.047

    AI Insights

     Info

    Dimensions summary

    Trend Vision One's pricing dimensions on AWS Marketplace are structured across multiple security capabilities. The core offering includes Endpoint Security with tiered pricing based on instance sizes (from Essentials to Large) and deployment type (cloud vs. non-cloud). Additional components include Container Security priced per node/task, File Security charged per scan and storage hour, Cyber Risk Management billed per cloud resources, and XDR for Cloud billed by data ingestion volume. All services can be accessed through Trend Vision One credits under a 12-month contract model with additional usage options. Credits are for customers interested in annual comitments while the additional usage costs offers PAYG. Credits and PAYG can be combined to best fit the needs of the customer.

    Top-of-mind questions for buyers like you

    How do Trend Vision One credits work in the 12-month contract model?
    Trend Vision One credits are the primary currency for purchasing and consuming Trend Vision One services under a 12-month commitment with additional usage options. Credits can be flexibly allocated across different security services including endpoint security, container security, and file security, allowing customers to adjust their security coverage based on changing needs throughout the contract period.
    How do the additional usage costs differ from credits?
    Additional usage costs offer flexible, monthly pay-as-you-go (PAYG) billing, while credits are for customers with annual commitments. Both can be used across services—for example, credits for File Security and PAYG for Endpoint Security. Monthly billing requires purchasing one credit for account registration, after which services can be enabled in the Credits & Billing app.
    How is Endpoint Security pricing structured in Trend Vision One?
    Endpoint Security follows a tiered pricing model based on the size and type of instances being protected. The tiers range from Essentials (basic anti-malware and XDR) to Large (XL instances with 4+ vCPUs), with separate pricing for non-cloud instances, ensuring customers only pay for the level of protection needed for each endpoint.
    What determines the cost for Container and File Security services?
    Container Security is priced per instance/node for Amazon ECS or Kubernetes, or per pod/task for serverless deployments. File Security combines two pricing components: a per-scan fee for the SDK and Virtual Appliance usage, and an hourly rate for cloud storage protection, making it scalable based on actual usage patterns.

    Vendor refund policy

    No refunds

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Your purchase also includes 24x7 support from Trend Micro. You can log a support ticket for any issues directly from your TrendAI Vision One™ console. If you experience any issues or have questions, please contact our AWS Security experts by email at aws.marketplace@trendmicro.com .

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    25
    In Security
    Top
    10
    In Vulnerability and Patch Management, Data Governance
    Top
    25
    In Observability, Software Development

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Unified Risk Management Platform
    Centralized cyber risk exposure management with asset discovery, vulnerability prioritization, and attack surface management from a single dashboard
    Extended Detection and Response for Cloud
    XDR capabilities that extend visibility into cloud environments with correlation and alerting to streamline security operations center investigations
    AI-Powered Threat Detection
    Machine learning and predictive analytics for automated threat detection, risk mitigation, and response across multi-cloud and hybrid environments
    Comprehensive Application Security
    Integrated security stack covering container security, file security, workload security, and code security for end-to-end application protection
    Real-Time Risk Scoring and Monitoring
    Real-time risk scoring and threat exposure mapping with centralized monitoring capabilities across AWS, hybrid, and multi-cloud environments
    Attack Surface Management
    Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
    Vulnerability Management
    Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
    Cloud Security
    Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
    Next-Generation SIEM and XDR
    Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
    Threat Intelligence
    Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
    Offensive Security Engine
    Simulates external exploits to produce Verified Exploit Paths for prioritizing exposures that are reachable by outside attackers and reducing cloud attack surface.
    Cloud Security Posture Management
    Continuously monitors and manages security of AWS configurations to prevent public exposure and ensure compliance.
    Secrets Scanning
    Identifies more than 750 types of secrets across public and private repositories.
    Cloud Infrastructure Entitlements Management
    Detects and manages excessive or unused permissions to mitigate the risk of privilege escalation.
    Real-Time Malware Detection
    Detects malware including zero-days in milliseconds with scanning performed directly in cloud environment for object storage services like Amazon S3 and file storage services.

    Security credentials

     Info
    Validated by AWS Marketplace
    FedRAMP
    GDPR
    HIPAA
    ISO/IEC 27001
    PCI DSS
    SOC 2 Type 2
    -
    -
    -
    No security profile
    No security profile

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.6
    306 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    80%
    19%
    1%
    0%
    0%
    16 AWS reviews
    |
    290 external reviews
    External reviews are from G2  and PeerSpot .
    Manish K.

    Streamlined Security, But Licenses Are Confusing

    Reviewed on Feb 13, 2026
    Review provided by G2
    What do you like best about the product?
    I like that Trend Vision One's xDR is very easy to use. It's really helpful to have workbenches that let us see whether malware is occurring and have playbooks to mitigate and secure our systems. The platform provides one control solution for securing our endpoint servers, email, network, and cloud, which I find valuable.
    What do you dislike about the product?
    I find the training module could improve more visibility. A lot of features are not recognized because it's complex there. The complexity of integrations, especially for agentless security and HDR, is a bit challenging. Also, the relicensing process is quite complex. It’s confusing to figure out what type of license we need, like core, essential, or professional, and whether HDR is included.
    What problems is the product solving and how is that benefiting you?
    I use Trend Vision One to manage all security features, providing one control solution for endpoint, server, email, and cloud security. It's easy to use, helping us get workbenches and playbooks to identify malware and mitigate attacks with in-depth analysis and remote executions.
    Monish Kumar V

    Improved incident investigations have reduced analyst effort with enriched high-fidelity alerts

    Reviewed on Feb 12, 2026
    Review provided by PeerSpot

    What is our primary use case?

    We use TrendAI Vision One  for endpoint security.

    For example, we use XSIAM, which is Palo Alto's XDR  plus SIEM  solution. When we get an incident, we need to do some hunting in that system. It takes approximately 45 minutes. However, with TrendAI Vision One , because most of the information is already enriched, we get only high fidelity incidents. This saves us around 25% of time compared to other solutions.

    TrendAI Vision One mostly delivers high-fidelity incidents. We receive nearly 60% of incidents as true positives, with the remaining 40% being false positives. Comparatively, with XSIAM we have around 40% true positives and 60% false positives.

    We are an MSSP  with nearly 60 people working in SCI, which is Shared Commercial Infrastructure. We have approximately 60 people dedicated to TrendAI Vision One.

    What is most valuable?

    One feature I appreciate about TrendAI Vision One is that compared to other solutions, the alerts we receive are already enriched. We use it in a shared commercial infrastructure which was inherited from IBM. During investigation, it is much easier to work with TrendAI Vision One compared to other solutions.

    What needs improvement?

    Compared to CrowdStrike sensor, TrendAI Vision One consumes more compute power. CrowdStrike is more optimized than this solution.

    TrendAI Vision One is a niche product because XSIAM is a combination of SIEM  plus XDR , while this is an XDR solution. If I need to do deep hunting, for example, we had an incident in Microsoft Defender yesterday which required advanced hunting capabilities. This is not possible in TrendAI Vision One, which I see as a drawback. TrendAI Vision One is a very good product, but it has a specific use case. If you want less customization, you can use TrendAI Vision One. If you need more customization, you need to use a SIEM plus XDR solution. Nowadays, they are integrating SIEM with XDR solutions. For example, we have XSIAM and Microsoft Defender is going to integrate SIEM as well going forward. In that case, TrendAI Vision One is a niche product. As a product with its specific use case, it is good.

    Specifically regarding sensors, they consume comparatively more compute capacity, so we need to plan our workloads accordingly. Additionally, the user interface could be improved. When I investigate one alert, all the indicators appear jumbled together in one area. If they improve the user interface, it would be better.

    For how long have I used the solution?

    We have been using TrendAI Vision One for the last one and a half years.

    How are customer service and support?

    I would rate the technical support an eight.

    How would you rate customer service and support?

    Positive

    What other advice do I have?

    Since the alerts are high fidelity and TrendAI Vision One requires less overall from the security analyst perspective, it reduces cyber risk effectively. Regarding downtime compared to XSIAM, I would rate this a nine because its downtime is considerably less. In terms of scalability, it is pretty scalable, though somewhat complex, so I would rate it an eight point five. I would recommend TrendAI Vision One if the organization is less mature in terms of SOC. However, if you want to do advanced SOC hunting, this is not the right product in my opinion. The overall review rating for this product is eight point five.

    Zhaffi Ibrahim

    Centralized threat visibility has streamlined investigations and now reduces risk significantly

    Reviewed on Jan 29, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My use case for TrendAI Vision One is more focused on the XDR .

    What is most valuable?

    In my opinion, the best features of TrendAI Vision One  are the UI itself, which is very user-friendly. I consider that to be the most intricate part about TrendAI Vision One compared to other XDR  platforms.

    I use the sensors in TrendAI Vision One, and they are critical for our network coverage. They help us considerably because we are using TrendAI Vision One in the corporate environment, where people come and go. The sensors are very helpful because when you want to release the sensor on a laptop that is not used, you can simply release it.

    My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers are very interesting because other solutions do not actually provide a centralized platform to view everything. Trend Micro introduced TrendAI Vision One, which allows all that to be in one central console, enabling you to have all features enabled or disabled based on credits.

    TrendAI Vision One helps consolidate my use of security vendors and reduces silos. Currently, we are mainly using the XDR function, but we are also looking at the sandboxing feature. It is a good platform because in our environment, the engineering team uses the XDR function while the Digital Forensic & Incident Response  team uses the sandboxing analysis functions, allowing two cross-entities to use one platform for their own tools.

    What needs improvement?

    In TrendAI Vision One, an area that has room for improvement is the DLP  policy governance, particularly around data leakage protection. I believe the main focus is currently on thumb drives and external drives, but in older environments, we also use CDs and DVDs for read and write functions.

    For how long have I used the solution?

    I have been using TrendAI Vision One for approximately eight months in totality.

    What do I think about the stability of the solution?

    I would rate the stability of TrendAI Vision One as very stable, giving it a nine out of ten.

    What do I think about the scalability of the solution?

    In terms of scalability, I would say TrendAI Vision One is a ten out of ten because it is based on credits.

    How are customer service and support?

    From one to ten, I would rate the technical support that TrendAI Vision One provides as a nine because we are subscribed to premium support.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    I found the deployment of TrendAI Vision One to be very easy; I was very surprised because we had a seamless migration from Apex One.

    It took less than a day to implement TrendAI Vision One; in fact, it was completed in just one day.

    What about the implementation team?

    In my organization, we have a team of five engineers and close to three hundred endpoints using TrendAI Vision One.

    What was our ROI?

    I estimate that I have seen approximately fifteen to twenty percent return on investment from using TrendAI Vision One.

    What's my experience with pricing, setup cost, and licensing?

    Regarding the pricing of TrendAI Vision One, I think it is on the costlier side compared to other solutions due to the functions they offer, but in totality, it is cost-efficient.

    Which other solutions did I evaluate?

    I have tested other vendors for endpoint solutions, including Kaspersky and Symantec.

    What other advice do I have?

    The top security challenges in my industry include finding people who can operate TrendAI Vision One as an operator, and actually, TrendAI Vision One's user interface is so user-friendly that it takes maybe an experienced cybersecurity engineer about two to three weeks to get used to it.

    The solution does not require any maintenance in terms of patching because we are on SaaS; we have a proxy, so there is no maintenance for it.

    TrendAI Vision One has reduced my time to detect and respond to threats by approximately forty to fifty percent.

    It has reduced noise from false positives by approximately twenty percent, which has saved me a significant amount of time.

    By switching to TrendAI Vision One, I have reduced my risk by approximately eighty percent.

    I would recommend TrendAI Vision One to other users because it is user-friendly and offers good support. I would rate this review a nine out of ten.

    Mehtab Hashim

    Centralized visibility has improved threat detection and has reduced response time significantly

    Reviewed on Jan 26, 2026
    Review provided by PeerSpot

    What is our primary use case?

    TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response . We are moving forward towards its complete suite.

    What is most valuable?

    The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

    What needs improvement?

    One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP  solution, and FIM , so there is nothing left behind.

    For how long have I used the solution?

    I have been using TrendAI Vision One for almost two years.

    What do I think about the stability of the solution?

    I would rate the stability of TrendAI Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure  cloud was down, which was from Azure 's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

    What do I think about the scalability of the solution?

    TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

    How are customer service and support?

    I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

    What other advice do I have?

    We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

    The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM  solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

    My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

    Regarding the Cyber Risk Exposure Management , it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

    The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.

    Almost fifty people use the solution. They are all in Pakistan and working on-site.

    The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.

    Maintaining TrendAI Vision One is very easy and very handy.

    I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

    I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.

    TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

    I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

    I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP , and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

    It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.

    I rate this review nine overall.

    Manish Kumar Twinkle

    Integrated XDR has strengthened endpoint protection and reduces false positives in daily incident response

    Reviewed on Jan 20, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for Trend Micro Trend Vision One  is for endpoint security and XDR , as we need to handle incidents effectively.

    What is most valuable?

    Trend Micro Trend Vision One  provides all the details for incident handling in our bank security operations, such as identifying where a threat is coming from, its impact, and a workbench to manage responses, making it easy to mitigate issues. In my daily work, Trend Micro Trend Vision One helps us first on the endpoint by preventing threats, allowing us not to worry about the types of daily updates, which we schedule based on preferences. Additionally, with XDR , we receive all threat events and their impacts, which helps us mitigate cyber risks and create playbooks.

    The best features of Trend Micro Trend Vision One are its integration capabilities with third-party intelligence such as STIX and MISP , along with collaboration and integration with tools such as Splunk, IBM QRadar , and DSPM and SASE  products. The integrations with third-party tools such as Splunk and QRadar help our team significantly; we utilize syslog to gather all endpoint logs and QRadar logs. We simply generate an API and API key to facilitate integration with Splunk or QRadar.

    Trend Micro Trend Vision One has in-depth analysis and recognition features that provide a diagram of a workbench if a preventive attack is happening or has occurred, allowing me to access all logs and additional information regarding the threat's origin, impact, and mitigation strategies.

    Trend Micro Trend Vision One has positively impacted our organization by giving us fewer false positive alerts, and with its support, we are securing our environment against upcoming vulnerabilities such as zero-day attacks. Reducing false positives and handling zero-day attacks has streamlined our team's daily workflow and improved our overall security posture. For example, we integrated with Netskope  and IBM QRadar , which reduced our workload by decreasing alerts, as QRadar detects genuine files that may have been previously flagged.

    What needs improvement?

    I do not have any specific suggestions for improving Trend Micro Trend Vision One.

    For how long have I used the solution?

    I have been using Trend Micro Trend Vision One for three years.

    What do I think about the stability of the solution?

    In my experience, Trend Micro Trend Vision One is stable.

    What do I think about the scalability of the solution?

    The scalability of Trend Micro Trend Vision One is notably low maintenance, and their support for the agent is long-term. We update the agent quarterly, and their Basecamp  services share a data lake, making information gathering effortless.

    How are customer service and support?

    The customer support for Trend Micro Trend Vision One is very good. We create a case, and Trend support connects remotely, typically within twenty-four hours.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, we used Sophos, which was very bulky and caused slowness issues, prompting us to switch to Trend Micro Trend Vision One.

    How was the initial setup?

    The setup cost is reasonable, and the licensing is relatively low.

    What about the implementation team?

    We have directly purchased Trend Micro Trend Vision One from Trend Micro and did not acquire it through the AWS  marketplace.

    What was our ROI?

    We have seen a return on investment because it is easy to use. One agent installed on the endpoint saves both money and time, as we only need L1 engineers to support the endpoints, reducing the number of employees needed to manage them.

    What's my experience with pricing, setup cost, and licensing?

    In my opinion, the pricing for Trend Micro Trend Vision One is somewhat high.

    Which other solutions did I evaluate?

    Before choosing Trend Micro Trend Vision One, we evaluated other options such as SentinelOne and CrowdStrike.

    What other advice do I have?

    I rate Trend Micro Trend Vision One a ten out of ten. Most importantly, I chose ten out of ten because it is easy to control and install the product, and the support from Trend engineers is exceptional along with the help we receive from salespersons. I advise those looking into using Trend Micro Trend Vision One to consider it seriously, as it offers XDR features, endpoint security features, and ZTNA  features, eliminating the need for multiple agents or plugins. Trend Micro Trend Vision One is a very good solution that is easy to use. Their knowledge-based articles are extremely helpful, allowing us as techies to troubleshoot issues independently without always relying on senior staff or support.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    View all reviews