My company is Kyndryl, and we work for a UK-based financial institution. That client, the financial institution, has TrendAI Vision One. By using TrendAI Vision One, we are monitoring and doing day-to-day tasks.

In this project, it is related to XDR, but there are many modules. Currently, they are using only HIDS and HIPS. There are many other modules available, but all the modules are based on the license, so they are using only a few of them.

Compared to my previous experience where I worked on some other EDR tools, TrendAI Vision One has many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

Basically, each endpoint device has an agent called the TrendAI agent, similar to a CrowdStrike agent. The agent is monitoring two things: system events and security events. Based on the events, they are pulling the data at the console for the security team. We monitor if any unusual things happen, and then we have to react. The agent installed on endpoint devices is helping us monitor and do the work.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features, but I do not remember. However, it has a very good feature, as I mentioned, Cyber Risk Exposure.

Actually, in Cyber Risk, if I want to see the device level and how many devices have some vulnerability, if I click the device, it will show the count. For example, it is showing that two, three, or four devices are detected with this kind of vulnerability. If the devices have Apache Log4j vulnerability or OGNL, then based on the operating system, if the device has Linux, I have to reach the platform team and say "Okay, this system has this kind of vulnerability, and you have to patch the thing" or update the software. From here, I cannot update anything or upgrade the agents. There is some dependency, you could say.

For deployment, I think it is easy and does not require much effort. I have not done the deployment myself, but for some point in time, for a few of the servers, we have done it, and it is easy and does not require much.

For this, it depends on two or three factors. First, we have to confirm why this alert got triggered and what is the IOC. For example, if it is some private IP, then I have to reach out to the different teams. In my case, I have to reach the vulnerability management team because they have Nessus and Qualys tools, which are vulnerability scanner tools. What they mostly do is they try to scan the particular server and devices, targeting the server. When the IP, let us say the Nessus IP, leads to a server, TrendAI Vision One tries to understand "Okay, I think someone is trying to recon this particular server. This is not a usual thing," so they generate the alert. I have to go through each and every alert, and based on whether the IP is private, I have to reach out to the VM team and other teams and try to confirm whether the IP is genuine or from somewhere else. After that, I have to fine-tune inside TrendAI Vision One, and then they will automatically reduce the false positives.

In my case, I can say that earlier we received many alerts related to recon alerts. If I closed and whitelisted two, three, or five IP addresses, the total has been reduced by approximately 40 percent. Earlier, we received more than 400 or 500 false positive alerts, but nowadays we receive hardly 10 or 15 alerts.

My client is not a small bank. I think it is one of the big banks in the UK, but I do not want to tell you the name. It is very big.

In TrendAI Vision One, there are many interesting features. There is one module called Cyber Risk Exposure. Inside Cyber Risk Exposure, there are multiple features such as risk overview, exposure overview, and attack overview. In these different overviews, we can easily monitor the overall cyber risk score at an organization level, identify where the loopholes are, and determine where we need to improve security. It monitors the device level, internet-facing assets, accounts, application level, and the cloud. It will show the overall risk based on the different components of the organization. This is a very cool feature for me.

They have another feature called Workbench inside the XDR. What Workbench does is that if you receive 100 alerts one day, the Workbench correlates all the alerts and tries to find similar ones. Then it generates one ID. Inside one ID, if 10 alerts are similar, it will consolidate all 10 alerts as one Workbench ID. Inside the Workbench ID, if I investigate and close the Workbench ID, on behalf of that Workbench ID, all 10 alerts will be closed automatically. There is no need to go through each and every alert one by one. This is also a very good feature inside TrendAI Vision One.

In terms of centralized visibility, I can say that it saves much more time. If for one thing I have to go through different tools, obviously I have to invest much more time for a single alert. But here, if one alert triggers, I can correlate with the help of different modules, which is nothing but easy for me.

There is also an inbuilt AI tool inside TrendAI Vision One. Sometimes if I get stuck somewhere during the investigation, I use this AI chatbot, which is known as a companion inside TrendAI Vision One. If I put a use case or ask "Okay, I am here, what do I have to do?" That companion, which is nothing but a chatbot, will go through whatever I put inside the chat, analyze it, and mention some steps. It will say "Okay, from here you can go" and "You can do these things." It is also a very good feature and it makes it easy for me.

As I mentioned, because of that one feature, Workbench ID inside the XDR module, it reduced much more time compared to other tools. But I cannot say a specific number. It is very difficult for me. However, it saves a lot of time. As I mentioned, if 10 alerts are received, in another tool, I have to go through each and every alert one by one. But here, they correlate the alerts based on whatever the IOCs are and why this alert got triggered. Based on the alert, they consolidate the alert. If all 10 alerts have a similar property, they consolidate and generate one ID, a Workbench ID, and they consider it as one. So if I investigate one and close it, all 10 will be closed automatically.

It is very nice and very helpful. It reduces the overall response time. It is very helpful. It is known as a companion, and that one chatbot is known as a companion inside TrendAI Vision One.

In TrendAI Vision One, a few days ago, there was one issue related to resource utilization at some servers. It was not clear whether the reason was the Trend agent or some other security agents such as Sentinel or something else. In this kind of situation, we get stuck. Then we have to reinstall and do all those things.

In Tanium, we have an advantage where even the security team from their end can update the patch. But in TrendAI Vision One, there are no features such as this. We have to depend on the platform team.

They could improve the support case experience because whenever we reach out to the support team, in response, they first put what I think are some ready-made templates, and they just put it as a reply. If I raise a case, they have some ready-made templates. This is my opinion and thought from following some different cases. They can improve here because they just simply reply with whatever they have. Then again, we have to mention more things, and after that, they reply with some genuine points. But initially, they just put some ready-made templates, I think. They can improve here.

I have been using this product for more than a year. In this project, it has been more than a year.

It is stable. I think it rates 9 or 10.

Regarding scalability, if we are talking about it, and if we currently have a thousand servers and increase the count, then we can test the scalability. As of now, I have not gone through it, so it is very hard for me to say much about the scalability.

I do not have that much level of access to other parts due to policy, and they are not using all other modules due to licensing limitations. I cannot say much more about other things because TrendAI Vision One has many modules.

In a previous company, I used CrowdStrike. Compared to CrowdStrike, TrendAI Vision One is more advanced, I think. I have not used CrowdStrike for more than one year, and maybe they have updated some more features.

For deployment, I think it is easy and does not require much effort.

You could say 5+. I started my career as a SOC analyst.

I have not used other products, but there is another product called Tanium, which I learned about. In Tanium, we have an advantage.

I need to note that the overall rating I would give this product is 7. It is not bad, but initially, they put some ready-made templates, which I do not like.

I do not know about other projects because here they segregate the team based on the project. I am working for the UK-based project, and some other people are working for the AU-based project. Different people worked in different countries. I do not have any other idea about other projects or whether they are using TrendAI Vision One or not. I cannot say anything.

Definitely, it requires maintenance. If agents are not compatible with particular devices, we have to reach the support team and take help from there, and then we have to upgrade and update based on the risk and compliance policy.

There are many other modules available, but all the modules are based on the license, and they are using only a few of them.

We use TrendAI Vision One for endpoint security.

For example, we use XSIAM, which is Palo Alto's XDR plus SIEM solution. When we get an incident, we need to do some hunting in that system. It takes approximately 45 minutes. However, with TrendAI Vision One, because most of the information is already enriched, we get only high fidelity incidents. This saves us around 25% of time compared to other solutions.

TrendAI Vision One mostly delivers high-fidelity incidents. We receive nearly 60% of incidents as true positives, with the remaining 40% being false positives. Comparatively, with XSIAM we have around 40% true positives and 60% false positives.

We are an MSSP with nearly 60 people working in SCI, which is Shared Commercial Infrastructure. We have approximately 60 people dedicated to TrendAI Vision One.

One feature I appreciate about TrendAI Vision One is that compared to other solutions, the alerts we receive are already enriched. We use it in a shared commercial infrastructure which was inherited from IBM. During investigation, it is much easier to work with TrendAI Vision One compared to other solutions.

Compared to CrowdStrike sensor, TrendAI Vision One consumes more compute power. CrowdStrike is more optimized than this solution.

TrendAI Vision One is a niche product because XSIAM is a combination of SIEM plus XDR, while this is an XDR solution. If I need to do deep hunting, for example, we had an incident in Microsoft Defender yesterday which required advanced hunting capabilities. This is not possible in TrendAI Vision One, which I see as a drawback. TrendAI Vision One is a very good product, but it has a specific use case. If you want less customization, you can use TrendAI Vision One. If you need more customization, you need to use a SIEM plus XDR solution. Nowadays, they are integrating SIEM with XDR solutions. For example, we have XSIAM and Microsoft Defender is going to integrate SIEM as well going forward. In that case, TrendAI Vision One is a niche product. As a product with its specific use case, it is good.

Specifically regarding sensors, they consume comparatively more compute capacity, so we need to plan our workloads accordingly. Additionally, the user interface could be improved. When I investigate one alert, all the indicators appear jumbled together in one area. If they improve the user interface, it would be better.

We have been using TrendAI Vision One for the last one and a half years.

I would rate the technical support an eight.

Since the alerts are high fidelity and TrendAI Vision One requires less overall from the security analyst perspective, it reduces cyber risk effectively. Regarding downtime compared to XSIAM, I would rate this a nine because its downtime is considerably less. In terms of scalability, it is pretty scalable, though somewhat complex, so I would rate it an eight point five. I would recommend TrendAI Vision One if the organization is less mature in terms of SOC. However, if you want to do advanced SOC hunting, this is not the right product in my opinion. The overall review rating for this product is eight point five.

My use case for TrendAI Vision One is more focused on the XDR.

In my opinion, the best features of TrendAI Vision One are the UI itself, which is very user-friendly. I consider that to be the most intricate part about TrendAI Vision One compared to other XDR platforms.

I use the sensors in TrendAI Vision One, and they are critical for our network coverage. They help us considerably because we are using TrendAI Vision One in the corporate environment, where people come and go. The sensors are very helpful because when you want to release the sensor on a laptop that is not used, you can simply release it.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers are very interesting because other solutions do not actually provide a centralized platform to view everything. Trend Micro introduced TrendAI Vision One, which allows all that to be in one central console, enabling you to have all features enabled or disabled based on credits.

TrendAI Vision One helps consolidate my use of security vendors and reduces silos. Currently, we are mainly using the XDR function, but we are also looking at the sandboxing feature. It is a good platform because in our environment, the engineering team uses the XDR function while the Digital Forensic & Incident Response team uses the sandboxing analysis functions, allowing two cross-entities to use one platform for their own tools.

In TrendAI Vision One, an area that has room for improvement is the DLP policy governance, particularly around data leakage protection. I believe the main focus is currently on thumb drives and external drives, but in older environments, we also use CDs and DVDs for read and write functions.

I have been using TrendAI Vision One for approximately eight months in totality.

I would rate the stability of TrendAI Vision One as very stable, giving it a nine out of ten.

In terms of scalability, I would say TrendAI Vision One is a ten out of ten because it is based on credits.

From one to ten, I would rate the technical support that TrendAI Vision One provides as a nine because we are subscribed to premium support.

I found the deployment of TrendAI Vision One to be very easy; I was very surprised because we had a seamless migration from Apex One.

It took less than a day to implement TrendAI Vision One; in fact, it was completed in just one day.

In my organization, we have a team of five engineers and close to three hundred endpoints using TrendAI Vision One.

I estimate that I have seen approximately fifteen to twenty percent return on investment from using TrendAI Vision One.

Regarding the pricing of TrendAI Vision One, I think it is on the costlier side compared to other solutions due to the functions they offer, but in totality, it is cost-efficient.

I have tested other vendors for endpoint solutions, including Kaspersky and Symantec.

The top security challenges in my industry include finding people who can operate TrendAI Vision One as an operator, and actually, TrendAI Vision One's user interface is so user-friendly that it takes maybe an experienced cybersecurity engineer about two to three weeks to get used to it.

The solution does not require any maintenance in terms of patching because we are on SaaS; we have a proxy, so there is no maintenance for it.

TrendAI Vision One has reduced my time to detect and respond to threats by approximately forty to fifty percent.

It has reduced noise from false positives by approximately twenty percent, which has saved me a significant amount of time.

By switching to TrendAI Vision One, I have reduced my risk by approximately eighty percent.

I would recommend TrendAI Vision One to other users because it is user-friendly and offers good support. I would rate this review a nine out of ten.

TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.

The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.

I have been using TrendAI Vision One for almost two years.

I would rate the stability of TrendAI Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure cloud was down, which was from Azure's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.

Almost fifty people use the solution. They are all in Pakistan and working on-site.

The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.

Maintaining TrendAI Vision One is very easy and very handy.

I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.

TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.

I rate this review nine overall.