We deploy Trend Vision One - Cloud Security on all systems as part of the standard package. When rolling out new devices, it allows me to monitor East-West traffic between our endpoints. Previously, I had no visibility into communication between Trend user A and end user B within the network. XDR now grants me this insight, while also sending alerts for suspicious activity. I can click on these alerts, investigate in Trend Vision One - Cloud Security, and visualize the communication flow in a user-friendly diagram. This helps me distinguish genuine threats from warnings or false positives. For example, one day I saw an alert indicating someone attempting to reinstall Chrome on a PC. Trend Vision One - Cloud Security confirmed this activity. Additionally, XDR enables me to directly block malicious attempts from the workbench.
Trend Vision One - Cloud Security operates entirely in the cloud, enabling remote access to user devices for necessary changes, virus removal, and patch implementation.
The biggest problem was that I couldn't see our East-West network traffic between our endpoints. However, I could see North-South traffic, meaning anything that went up to the firewall and back. This meant if, for example, a coworker and I were sending something malicious to each other, I wouldn't be able to see it or tell where it was coming from. I might get an alert saying suspicious activity was detected, but wouldn't have specific details.
Implementing an XDR system changed this. Now, I can see all East-West traffic and set up rules for specific actions if certain events occur. I can also filter the information to focus on what's most important. Every day, I review XDR alerts, investigate them, and determine if they're suspicious or not.
We use Trend Vision One - Cloud Security across all our endpoints, including PCs, laptops, and servers. The coverage it provides is extremely important. We leverage Trend Vision's XDR capabilities for enhanced threat detection and response. Additionally, we utilize the Trend Vision One - Cloud Security app security solution. We have Trend Vision One - Cloud Security as a service, and I also manage TippingPoint. Our cybersecurity posture is significantly stronger than it was four years ago. Back then, we were hit by a ransomware attack, which exposed vulnerabilities in our security measures. We were only spending around eight thousand dollars annually on cybersecurity, and as the company grew rapidly, investments in cybersecurity weren't prioritized. While achieving absolute security is impossible, we are demonstrably more secure than ever before.
Trend Vision One - Cloud Security provides centralized visibility. Every day, I log into Vision One and the first thing I check is my risk score. Based on my score, I take action. For example, if my score jumps from 36 to 50, I investigate the change in Vision One. Vision One tells me what caused the increase and offers specific recommendations. I can then easily see what actions will reduce my risk. For example, I might see that fixing a specific vulnerability will lower my score by six points, but another fix won't help. Trend Vision One - Cloud Security is a powerful tool, and that's just a glimpse of its capabilities. It shows me my OS vulnerabilities, application vulnerabilities, and even critical business exposures. For example, it might alert me to an Adobe CBE and tell me which devices are affected. This allows me to quickly identify and patch vulnerable devices. Furthermore, I can directly initiate patching from Vision One. Additionally, I can use integrated products like Container Security for AWS to gain comprehensive security insights across different environments, all within the same platform.
Every day, I start by logging into the Executive Dashboard. It's the first thing I check, as it provides me with my risk index and a summary of potential issues. Furthermore, I can view information about our devices, risk levels, and other relevant data points. After reviewing the Executive Dashboard, I transition to the Operations Dashboard for a more granular look at individual devices and their associated risks.
Before XDR, I could spend hours trying to track down the issue behind an alert. Now, everything is at my fingertips within Vision One. I simply click on the link, and it gives me all the information I need: who the user is, the PC name, and relevant context depending on the alert type e.g., a suspicious email. So, instead of spending hours figuring out the source of the alert, I can now resolve it in just a couple of minutes.
With the managed XDR service, I have peace of mind knowing that if they find something suspicious, they will alert me immediately. They can even call me and say, "Hey, we found some unusual activity and stopped it. Do you want us to continue investigating or revert to the previous state?" I can then confidently say yes and trust that they are handling the situation effectively. I've received calls in the past late at night about suspicious activity, and I'm grateful that I don't have to be the one monitoring everything 24/7. Now, I have a team of experts who do it for me, providing a significant advantage over-relying on a single person. They only alert me when something serious arises, allowing me to focus on other matters.
The managed XDR service has freed up our team's time by eliminating the need for 24/7 on-call duty with Vision One. This allows us to focus on other tasks instead of spending hours diagnosing potential issues. Now, we're able to resolve concerns in minutes, freeing up additional time for projects and other responsibilities.
While I find the Attack Surface Risk Management module to be a valuable addition to the executive dashboard, I don't utilize the Attack Surface Discovery feature as frequently, maybe once a week. This is primarily because I rely on the XDR management system to monitor for potential threats and alert me to anything critical. Manually reviewing the detailed discovery overview doesn't add significant value at present, as I trust the XDR system to flag any urgent issues.
The Attack Surface Risk Management module helps to identify blind spots in our environment, especially where assets are highly exposed. It presents explainable CDZs and provides a rich asset score for each PC or device. This allows me to easily identify high-risk devices and investigate further. For example, when I saw a server with a suspicious file flagged as a 96 high-risk alert, I could investigate and find that it was an Excel file with a macro, explaining the risk. I can then determine if it's a false positive and communicate this appropriately. The module's continuous learning ensures improved accuracy over time.
Implementing the managed XDR has significantly reduced our time to detect and respond to threats. Previously, I received security alerts via email, which could be delayed. Additionally, I often needed to manually review logs and scan results, which was time-consuming and inefficient. Now, the managed XDR provides timely alerts directly in the platform, streamlining my workflow and keeping me informed promptly. This has saved me one to two hours per day.
Implementing a managed XDR solution has significantly reduced the number of false positives I encounter. This allows me to identify and address real issues much faster. Instead of spending 45 minutes tracking down potential threats, I can now simply click a link and determine if an alert is legitimate within three minutes.
We use playbooks that have certain rules and are set up to automatically take action when they find something suspicious. This way, I don't have to sit there and make judgment calls every single day. If a certain event occurs, or if we discover something unexpected, I can create a playbook to automatically start looking for it everywhere on the network.
Trend Vision One - Cloud Security does not utilize a lot of resources which allows our users to keep working even during a scan.
The workbook insights generate a massive list, making it inconvenient to review. Ideally, we could easily filter or view items by selecting multiple lines and marking them as false positives. Unfortunately, the current process requires manually clicking on each item, opening Trend, and then closing it again.
We are an organization of 900 users and I have seen organizations with tens of thousands of users. If we want to add users we just need to add credits and it automatically installs and starts reporting.
We have a dedicated technical account manager assigned to us. I have contacted technical support on two occasions - once for an outage and another time for device cleanup of some old, unused assets that we needed to remove. They responded to me promptly on the same day and resolved the issue the following day.
Before adopting Trend Vision One - Cloud Security, we relied on Kaspersky for endpoint protection. Unfortunately, within the first three months of deployment, we experienced three security incidents. Consequently, we transitioned to OfficeScan, followed by Apex One, and ultimately migrated to Vision One for enhanced protection.
We participate in a VIP program that grants us monthly meetings with Trend, where we provide feedback and receive previews of upcoming features and products.
Trend provided us with a dedicated support person to assist with the initial deployment, which was smooth due to my prior familiarity with their platform. They walked us through the process, outlining the best practices. On our end, we had a team of three, including a sales representative, an engineer, and one other individual, to deploy Trend Vision One - Cloud Security on 900 machines. We implemented the deployment via our group policy, utilizing a simple click-through link for all users.
The number of staff and time saved by using the managed XDR pays for itself and we saw these savings right away.
One year ago, Trend transitioned to a credit system for licensing, which has confused users. While each user receives a set number of credits initially, adding more credits becomes complex. Previously, purchasing a license based on user count was much simpler. Now, even mid-contract, if Trend increases the cost of a product, they also raise the required number of credits until the year's end, further compounding the confusion.
I would rate Trend Vision One - Cloud Security ten out of ten.
No maintenance is required from our end because it automatically updates to the latest version. The only maintenance that we would ever have to do is if a manual patch is required on a device.
Organizations can avoid alert fatigue by filtering their managed XDR solution to only display suspicious activity, allowing the rest of the traffic to flow through unhindered. Additionally, ensuring all patches are applied before running scans can significantly reduce false positives and alert noise. We learned this the hard way, initially receiving 50-100 email alerts daily. By implementing these changes, we've successfully minimized alerts to a maximum of two per day.
