I use Vision One for security monitoring. We monitor any alerts triggered in the console and detections based on the rules we've set. We analyze those and raise tickets when we find something suspicious that needs to be escalated.
We deploy and configure the solution based on the client's needs. Some clients are multinational companies with many locations we monitor throughout various regions. It might require different frameworks for privacy laws and regulatory compliance.
TrendAI™ Cloud One
Trend MicroExternal reviews
192 reviews
from
and
External reviews are not included in the AWS star rating for the product.
It's flexible, customizable, and easy to integrate via API, but the licensing model may limit scalability
What is our primary use case?
How has it helped my organization?
Vision One is versatile and can be integrated with many SIEMs. You're not limited to only one SIEM, such as Microsoft Sentinel. The API integrations are seamless, and we have all the documentation needed to integrate Vision One via API.
It takes a few months to realize the solution's full benefits. To get complete visibility and control of your cloud environment, you need to configure it correctly and have the right policies in place for response.
What is most valuable?
I like the degree to which you can fine-tune Vision One's policies. It takes some time to get them how you want them, but it has helped us. Vision One's detection capabilities stand out because they work at every level, from the network to the endpoint and application levels.
It monitors in real-time. There's no lag in the live detection and response. The multi-cloud protection is excellent, but you need to have a specialized understanding of the cloud framework, the policies you want in place, and what you are monitoring. Once you set that up, it becomes easier in terms of analyzing the logs and alerts. All the information is well structured on the console, giving you detailed visibility.
Vision One protects workloads on all the major cloud providers. You can use it with AWS, GCP, or Azure. It's highly useful with AWS. The integrations mostly primarily benefit AWS if I'm not mistaken.
What needs improvement?
The licensing model could be improved. To gain full coverage, you need to spend more to buy subscriptions for each kind of service they offer. It will start to be pricey if you want full coverage.
For how long have I used the solution?
I have used Vision One for about two years.
What do I think about the stability of the solution?
I have had no issues with the console regarding stability that required me to escalate to support or ask for technical assistance.
What do I think about the scalability of the solution?
Scalability could be an issue in terms of cost, but integration is effortless, so it's easy to scale when deploying but not cost-effective.
Which solution did I use previously and why did I switch?
I've used many tools, and many of them offer the same coverage or features. They have the same capabilities, but every console is different. Vision One ranks highly among EDR or XDR systems on Gartner's rankings. It has so many possibilities. I would compare it to Sentinel because it works on so many levels. However, I can't say that it's beating everyone. It ranks up there, but it still isn't surpassing the leaders.
How was the initial setup?
Deploying Vision One can be straightforward if you have the expertise and understand the architecture. API is the easiest way to connect. It's a little more complicated if you're connecting it through another SIEM or forwarding the logs. That's a more archaic method, but everyone uses API integration. It took a couple of weeks from the initial installation to go live.
There are many deployment phases. The first is the information-gathering stage. We provide clients with questionnaires asking what they need. We only needed two staff members to deploy it. Vision One requires some maintenance. We need to perform health checks to ensure that everything is working properly.
What other advice do I have?
I rate Trend Micro Vision One Cloud Security 7 out of 10. It's one of the top three EDR/XDR solutions I've used.
Provides good compliance frameworks, but the visualization features need improvement
What is our primary use case?
We use Trend Vision One - Cloud Security in demo capabilities for features like endpoint detection response, monitoring, and cloud storage. Our company uses products like Jira, Confluence, and Slack. Trend Vision integration allows us to scan data and code for application security.
The product's main use case is detecting and alerting suspicious activity. We haven't fully rolled it over. We are still in the evaluation stage, looking for a vendor that offers one encompassing solution primarily for the on-cloud environment. We might use Trend Vision as a primary tool as it has better integration features than previously used EDR and network monitoring tools.
How has it helped my organization?
We already have existing EDR products. However, Trend Vision One - Cloud Security provides one encompassing tool that seamlessly integrates all the security functionalities. It is the biggest use case we are concerned with, as we find integrating multiple security products complicated in terms of monitoring accounts.
What is most valuable?
Trend Vision One - Cloud Security offers good compliance frameworks by default. It is a major feature for us being a high trust company. It has the best EDR functionality for cloud and typical endpoints. We can enjoy the usage of seamless EDR for cloud products and online storage without a need for integration with other compliance solutions like Slack and Jira.
What needs improvement?
Trend Vision One - Cloud Security could improve connections with different types of authentication and user groups concerning cloud services. There should be better visualization for architecture with graphical features.
For how long have I used the solution?
I have been using Trend Vision One - Cloud Security for two months.
What do I think about the stability of the solution?
I have been impressed with the product's stability. I am happy to find a solution with all the essential features we require in one tool. It helps our security team. They don't have to worry about various things, especially new areas in fields, specifically for on-cloud environments that we otherwise had a bit tougher time finding consistent monitoring.
What do I think about the scalability of the solution?
Trend Vision One - Cloud Security has 12-13 users in our security and DevSecOps teams. I haven't encountered any issues with scalability for adding or removing devices.
Which solution did I use previously and why did I switch?
We are using CrowdStrike and SentinelOne.
Compared with Trend Vision One - Cloud Security, SentinelOne works well, focusing on EDR functions specifically. However, Trend Vision offers all the essential security options, including container security. It helps us leverage Kubernetes deployments and containers. Additionally, its cloud file storage features benefit us as data is extremely important for our company being a healthcare niche. It works like a pro in that category for us.
How was the initial setup?
They provide automated updates for the product's maintenance.
What about the implementation team?
Our infrastructure team implemented the product.
What other advice do I have?
We first saw Trend Vision One - Cloud Security on Amazon Web Service Marketplace while looking for security solutions. From my experience using it in a demo capacity, it has a pretty good documentation section. I can find any resource easily.
I have set up virtual networks on the cloud for the demo and conducted the test. The product gives us full visibility and control over the cloud environment. Its automated reporting features make the frequent audit processes easier and faster for our company instead of occupying a huge team of executives for several days.
As we work with cloud products, having visualization and control capacity is crucial. Here, the product helps us save unnecessary charges due to poor monitoring of applications on the EC2 server. With more visualization, it becomes easier to look at the bigger picture.
The insights are not completely visible, but it gives enough oversight by monitoring the environment and sending alerts. With a good defensive team, we can protect the architecture from attacks using this tool.
I don't have enough experience with it to determine the level of accuracy in terms of alerting and finding bypasses for attacks. I will develop more confidence in its ability after experiencing different attacks and incidents. I am not discrediting the tool at all. However, trust is developed with time and familiarity with the product over time for many users. I can say CrowdStrike and SentinelOne are good EDR solutions as I have a bit more experience working with them than Trend Vision One - Cloud Security. I advise new users to focus on the product's basic features first and then dive into a few more advanced and unique features.
Based on my time working with Trend Vision One - Cloud Security, I rate it a seven out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
showing 1 - 2