TrendAI Vision One™ (PAYG)
Centralized protection has simplified hybrid security and has reduced incident response time
What is our primary use case?
I am currently dealing with Trend Micro and TrendAI Vision One. I started working on an on-premises option for Trend Micro called the Deep Security Manager in 2014. After changing companies, I continued working on the Deep Security Manager for approximately a year or one and a half years. Later, we moved to Cloud One, and after that transition, we had customers interested in the XDR solution, so we migrated those customers to TrendAI Vision One. Altogether, starting from 2014, I have extensive experience with Trend Micro.
We use TrendAI Vision One platform for consolidated security across hybrid environments. We have onboarded one AWS customer recently and have also onboarded multiple on-premises servers, though we have not onboarded Google Cloud. Our solutions include AWS and on-premises deployments.
I am the point of contact in my company, dealing with the customer and with the Trend Micro seller and partner.
What is most valuable?
The IPS module is the best module in Trend Micro and helps us address the top security challenges. We have many ways to modify it, including enabling detection only mode or using it after a month or two of monitoring to move to prevent mode. When we come across any CVEs and submit them to Trend Micro, they immediately create an IPS rule, and detection happens within the next moment. IPS is one of the greatest parts of Trend Micro, followed by Anti-Malware and then Web Reputation. These three modules are my favorites in Trend Micro, and they are seamless with very frequent detection. Mostly malicious or suspicious detections occur, and I have rarely seen negative detections with Web Reputation or Anti-Malware.
TrendAI Vision One provides centralized visibility and management across protection layers. TrendAI Vision One is quite simple when compared to CrowdStrike, and Microsoft is simpler, but when we compare it with CrowdStrike, it is much simpler. I do not feel any complexity in that. TrendAI Vision One was a bit new for us, but after working on it for a couple of years and exploring all the options, it seems to provide quite a seamless feature. The navigations are easy and help us understand exactly what we need to do. We have run around the playbook and workflow, which makes it better. When it comes to CrowdStrike, TrendAI Vision One is quite simpler in terms of complexity.
TrendAI Vision One has helped reduce our time to detect and respond to threats. The important aspect is that we can customize the playbook and workflow, which makes our SOC workload easier. TrendAI Vision One has helped consolidate our use of security vendors and reduce silos to an extent. There are some inputs that we have to gather and enforce based on our experience. No product has given us 100% satisfaction so far, but unless we experience it and put in our experience and talk to Trend Micro and make some changes, it will not help.
I do not find TrendAI Vision One difficult because I have been working with Trend Micro since 2014. When it comes to CrowdStrike, it is a bit complicated. They do have documentation, but if we miss a small single point, we might end up not connecting our resources to CrowdStrike. That is not the case with Trend Micro; it is quite simple. I feel more comfortable with Trend Micro rather than CrowdStrike.
TrendAI Vision One has AI built into its platform. It is not only Trend Micro; even when we talk about CrowdStrike, the SALET AI is also awesome. The AI narrows down the time. If I receive an incident, I can ask the AI to give a description or a client-facing email template, which is quite helpful. This has reduced our response time by more than 70%.
Approximately 30 to 40% of false positives have been reduced. This all depends on how long we have been working with TrendAI Vision One. As we gain more experience, we learn what exactly it is. I am actually an intermediate between the TrendAI Vision One console and the SOC team. The SOC team comes to us stating there is a lot of noise around certain alerts and asking what can be done about it. Then we go ahead and do some workflow automation and exclusions. Exclusions are quite simpler when it comes to TrendAI Vision One, and even the workflow automation and playbooks are quite easier. I have deep knowledge of the playbook when it comes to Microsoft, so I know how to build those playbooks within TrendAI Vision One. I would say there is a 30% to 40% reduction of false positives, and we are still working to reduce it further.
What needs improvement?
When we talk about improvements in TrendAI Vision One, the first thing I consider is to bring the pricing down, considering there are many competitors in the market. The second thing is that once CrowdStrike came into the market, it became the biggest competitor for Trend Micro. The way CrowdStrike exposes themselves or makes themselves public, Trend Micro is not doing. That is one concern where they lag in the market as of now.
Previously, there were some issues navigating between Cloud One and TrendAI Vision One, but now they have migrated completely to TrendAI Vision One and we can use it for everything. We are not even logging into Cloud One anymore. If they remove Cloud One completely and bring all its options into TrendAI Vision One, that would be a great option. They are working on it and I believe the migration should be completed by this year, so we will no longer see Cloud One.
The updates are quite frequent when it comes to Trend Micro. As of now, I know there are six cycles of security updates happening. If they could break down this process, that would be beneficial because we have recently seen that there were some security updates missed. Based on our feedback, we found there are actually six security updates available per day. We have gone ahead and configured the security update scanning. That could also be a point we can discuss with Trend Micro, and the discussion is in place.
An additional feature I would like to see in the future is for the dashboard they present to be made more interactive, more visual, or more attractive. That would be a gaining point for me.
For how long have I used the solution?
I joined the security field in 2020. I was an endpoint solution engineer since 2014, but I came to the SOC team in 2020, so I have been in this field for six years.
How are customer service and support?
I have no problem with the technical support of TrendAI Vision One. I would rate them an eight, ten being the highest.
What other advice do I have?
We have a customer now who is interested in the Cyber Risk Exposure Management capabilities, and we are exploring around it. We have been using exposure for Microsoft and CrowdStrike, but we have not used it for TrendAI Vision One so far. We have a customer now who is interested and we are preparing a draft for them.
We are both a partner and a reseller of Trend Micro, purchasing and selling licenses. We have also been a partner with CrowdStrike. We are a partner and reseller for both CrowdStrike and Trend Micro.
The pricing of Trend Micro is a bit high, but when we compare it with Microsoft products, the pricing is a bit high. When we compare it with CrowdStrike, it is competitive, both providing a similar kind of solution. When it comes to pricing, both are a bit higher. Considering the security that they provide, it is acceptable to go ahead with that price.
There are two options for purchasing TrendAI products. Some old customers still rely on AWS Marketplace, whereas for new customers, we directly engage with Trend Micro to buy and resell licenses. There are legacy customers who have the license through AWS Marketplace, but any new customer that comes in, we directly have a word with Trend Micro and we purchase and sell the license or we do an MSSP for them.
My overall rating for this review is eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Unified security platform has strengthened hybrid protection and improved threat detection speed
What is our primary use case?
I am using it as a reseller. I use its platform for consolidated security across hybrid environments, and it is absolutely possible to manage your cloud and on-prem workloads and secure them. That is something which is also one of the main features.
What is most valuable?
The most valuable features I find in TrendAI Vision One are the XDR part, which is something that is very much in use, and the cloud solution for server protection, which is also very much in use. They also integrated email security into it, so that integration is very helpful. Overall, it is a complete platform that is very much in demand.
TrendAI Vision One has absolutely helped my customers consolidate their use of security vendors and reduce silos. As I mentioned, it is a complete platform, allowing you to replace many other technologies with a single platform of TrendAI Vision One.
TrendAI Vision One has definitely helped my customers reduce the time to detect and respond to threats, and this is one of the key features of the solution's detection capability.
Whether it has helped my customers reduce noise from false positives depends upon the configuration. With the passage of time and experience with the solution, it takes time to mature. Once you deploy it, it gets better over two to three months, and the noise gets reduced. That is a normal roadmap when deploying such a solution.
Overall, it has certainly helped them reduce cyber risk in my customers' companies.
The fact that TrendAI Vision One has AI built into its platform is one of the key features; it is super important these days. Without it, I think it will be difficult.
When it comes to functionalities and AI capabilities, I am absolutely satisfied with TrendAI Vision One.
What needs improvement?
There could be improvements in TrendAI Vision One, especially when comparing it with other products in the industry. It competes very solidly, but I would say the cost perspective poses a challenge we normally face. If they can become more competitive cost-wise, that might help both customers and resellers.
For how long have I used the solution?
I have been dealing with TrendAI Vision One for almost two years.
How are customer service and support?
I would rate TrendAI technical support as very decent, with the exception of one or two issues. We never received any major complaints, so I think it is very decent.
How was the initial setup?
The initial setup for TrendAI Vision One is not that difficult. You just need to set up the tenant, and after the tenant is set up, you roll out the agents, which need to coordinate with the centralized server. You just need to ensure that the centralized server is reachable to the tenant, so you can set it up easily within one week.
Which other solutions did I evaluate?
I usually recommend multiple other solutions, such as SentinelOne, which is comparatively cheaper, and then we have Kaspersky. I think Microsoft is also expensive, so these two products compete very well when it comes to cost.
What other advice do I have?
Regarding the cyber risk exposure management capabilities, we did try to sell it, but there are too many competitors, and frankly speaking, there are other products better in the market. However, if the customer is going for an entire package and this comes at a lower cost, then it is being sold.
My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it is very strong and an amazing product. From the centralized management perspective and also from detection and threat hunting, it is something which is very strong.
It is difficult to say how much time it has reduced approximately, but the detection capability itself proves to be very useful for my customers. I never see any complaints about not being able to detect any threats with the help of the platform. It is something that is easy to manage, easy to deploy, easy to use, helping in threat hunting and analysis quickly. Overall, I would say it is a great product.
When it comes to performance, I do agree that TrendAI Vision One is indeed the best option on the market.
I rate TrendAI Vision One overall at 9.5.
I do not have any additional features on top of my head that I would like to see in the future. I think it is reasonable at the moment with all the features required to compete with other industry leaders.
Unified security platform has simplified hybrid protection but needs smoother agent connectivity
What is our primary use case?
I work as a partner with Trend Micro as an MSSP provider and partner with TrendAI Vision One. I have installed, configured, and deployed TrendAI Vision One across several sectors including pharmaceuticals, a digital bank, and the biggest hospital in Pakistan.
The usual use cases for TrendAI Vision One that I work with are server and workload security and standard endpoint protection. These are the EDR modules that TrendAI Vision One offers. I have already worked on the CReM, which is Cyber Risk Exposure Management. I have worked with the network security module and zero trust as well.
I have a hospital and a digital bank that use TrendAI Vision One platform for consolidated security across hybrid environments. The digital bank has on-premises servers and cloud servers hosted on AWS and Azure environments. All of these are integrated into the single platform. I have deployed TrendAI Vision One in a hybrid environment.
What is most valuable?
TrendAI Vision One has really good features, but I think the malware detection feature stands out because it offers both types of detections. It offers signature-based detection as well as behavioral-based detection. What the agent does is create a baseline for a profile. For example, if I'm Asad and I'm doing a job from nine to five and it knows that these are certain tasks that I do in my daily shift, if I'm trying to violate that baseline, it will generate an alert and notify the relevant stakeholders that I am doing something that normally I don't do. This is something suspicious, and this is something where TrendAI Vision One takes the edge.
The top security challenges in my industry are that there are so many cybersecurity vendors and lots of products. Some offer DLP solutions, some offer endpoint security, some offer network security. These separate products for every aspect create silos or difficulties in management. TrendAI Vision One offers a complete XDR solution that integrates all of these aspects into a single application. Instead of starting my shift and logging on to separate products for all of these, I just need to log in to TrendAI Vision One and I have single-click access to all of these applications.
TrendAI Vision One provides a single platform or single view for me as an analyst or architect to work with. It has around fourteen to fifteen applications that I will be using on a single platform. Instead of logging onto the separate EDR console, separate ZTNA or zero trust console, instead of logging onto the separate network security console, I just have to log on to TrendAI Vision One portal and I have single-click access to all of these applications. This helps in saving time and helps in correlating these different logs as well. TrendAI Vision One, if it collects the network logs as well and EDR logs, it knows how to correlate them and how to provide a big picture instead of just telling a single story.
TrendAI Vision One has all of these modules integrated on the single platform. That's the really advantage that TrendAI Vision One provides and that's the benefit that it competes with several competitors. I haven't seen any of the products apart from Microsoft Azure or CrowdStrike. These are some of the competitors that do provide this kind of visibility. Apart from these, I don't see any vendor that is closely aligned with the kind of single-page environment TrendAI Vision One offers.
What needs improvement?
I don't see any straightforward issues with TrendAI Vision One at this time. Troubleshooting the disconnectivity of the agent is a bit of a difficult task because the server might have connectivity with the portal and agent services will be working fine, but still it shows disconnected on the portal. This is the issue that I have faced for two to three clients, but after doing nothing, it went up automatically. This is something where I think TrendAI Vision One has to improve.
For how long have I used the solution?
I have been working with TrendAI Vision One for around three years. Since I started my job here as a SOC analyst, I have been working on the same product.
What do I think about the stability of the solution?
TrendAI Vision One is a reliable and stable solution. Whenever there is some technical issue, I simply raise a ticket and the team that is sitting in the Philippines is really supportive. They come jump on the call and immediately resolve the issue. There are some technical issues in all of the products. Microsoft has some technical issues, and CrowdStrike does have technical issues, but whenever there are issues, their team is supportive and they sort the issue.
What do I think about the scalability of the solution?
The level of scalability of TrendAI Vision One is great because it's a cloud native solution. Whenever the product is a cloud native solution, it does provide great scalability. I have an environment with fifty servers, I have environments with four hundred and five hundred servers as well. I don't see any issues with scalability. It runs smoothly. It doesn't matter how big the organization is.
How are customer service and support?
TrendAI Vision One is a reliable and stable solution. Whenever there is some technical issue, I simply raise a ticket and the team that is sitting in the Philippines is really supportive. They jump on the call and immediately resolve the issue. There are some technical issues in all products. Microsoft has some technical issues, and CrowdStrike does have technical issues, but whenever there are issues, their team is supportive and they sort the issue.
I have communicated with their team for many queries that clients might have. It doesn't matter if there is a technical query, a non-technical query, or generalized questions that my customers might have. If I don't have a straightforward or right answer to that, I immediately raise a ticket to the support team so that I can have a correct answer from a subject matter expert.
How was the initial setup?
For the usual installation process of TrendAI Vision One, I first have to create some user accounts that the organization provides. After that, I have to check the license. If the organization has just purchased the endpoint or standard endpoint protection or server workload protection, then I just have to deploy those sensors on their laptops, servers, and other assets. If they have other protection modules like email security or network security, then I have to deploy the network sensor for their network traffic and I have to configure email security by deploying MX records and configuring their DNS to capture those emails and then checking if it's a phishing or spam email or not.
I usually find the initial setup straightforward and relatively easy. Whenever there is an issue while deploying the agent, it sometimes shows that it is disconnected from the portal for a longer period and I have to wait for around two to three hours sometimes based on the environment of the organization. After two to three hours, it goes up. This is a small challenge that I face, in that it does not show immediately connected on the portal. Sometimes it takes time.
What other advice do I have?
TrendAI Vision One is a cloud native solution. It doesn't have any on-premises deployment. It is only hosted on AWS environment and I have to buy it on the cloud. I don't have the ability to deploy it on premises.
TrendAI Vision One has really good detection rules that sweep the environment in near real time. It doesn't wait for something to happen for a longer period and then detect it. The rules are configured to immediately detect it. Some tools offer detections where if this logic activity happens within sixty minutes, it should trigger. Instead, in TrendAI Vision One, it continuously checks for those detection logics and triggers an alert if it is found.
TrendAI Vision One has helped my customers reduce noise from false positives because I can tune the detection rules to reduce the false positives because every organization has their own policies and procedures. It might create some noise, but the good part is that I can whitelist those events and reduce the noise.
By using CReM or Cyber Risk Exposure Management, TrendAI Vision One helps my customers reduce their overall organizational risk by managing their assets, reducing the vulnerabilities, and mitigating the threats that they might have.
I am aware of the pricing and licensing of TrendAI Vision One as they offer a credit model. If I want to purchase any of their products or features, I should purchase the credits and I can allocate them to the protection modules that I am using. They don't bind me only to one module. For example, if I want to use the EDR for just one hundred endpoints or laptops and I have purchased the credit for them, but after mid-year, I found that the laptop count has reduced to eighty and those twenty are abandoned as of now, I can use those twenty laptops credits to other protection modules like email security or Cyber Risk Exposure Management. This is really a great part of TrendAI Vision One. They don't bind me to a protection module. They provide credits and I can utilize them in whichever protection module I want to use.
The importance of AI built into TrendAI Vision One is that it does provide the ability to summarize those security events. If there is an incident considering eighteen alerts and an analyst tries to investigate those eighteen events for a single incident, it might take forty or forty-five minutes. But if a client is sensitive and has an SLA of thirty minutes, TrendAI Vision One AI companion will provide a detailed summary with actionable recommendations within seconds. This really helps in meeting the SLA and resolving incidents.
I rate technical support from TrendAI Vision One as seven and a half or eight out of ten. The issue with agent deployment influences my overall rating because the main core protection module that TrendAI Vision One has is the agent deployment or the agent connectivity because normally the client wants to protect their servers. Clients want to protect their endpoints. These are the core things that every organization wants to protect. If the client faces difficulty in deploying or managing those assets, it will have a bad impact on that product. My overall rating for TrendAI Vision One is seven out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Advanced threat detection has improved reporting and response for our distributed endpoints
What is our primary use case?
I am currently using TrendAI Vision One and a center, but I find TrendAI Vision One to be working; however, the option is not there right now.
Using TrendAI Vision One is beneficial for us, beneficial for our organization, and for your administrator as well, because it is easy to use and maintain the clients.
For my environment, we are using TrendAI Vision One for some attacking and some system tampering, so we are seeing the report and working on that.
I am using TrendAI Vision One sensors in India and Chhattisgarh, which is one state there.
We have right now 600 licenses for TrendAI Vision One, but we are using almost 520 approximately.
TrendAI Vision One coverage is completely critical for our organization's network, and it is actually beneficial for us.
What is most valuable?
The best features in TrendAI Vision One that I prefer include its AI function, reporting, and the way it collects all clients' data and shows attacks; so it is prompting in that way, which is very useful.
When I am using TrendAI Vision One, it is very useful for me and my organization; the report is there, a smart wall is there, customization is possible, and it shows many attacks—first it generates a report and blocks everything, so it is very nice.
TrendAI Vision One helps me consolidate my use of security vendors, and many options are there for consolidation, plus customization is possible, so you can put all the options that your organization requires under a single umbrella, which is a nice feature.
TrendAI Vision One helps me reduce the time to detect and respond to threats, and the response time is very good; if any issue arises then, definitely the prompt response is there.
What needs improvement?
I used TrendAI Vision One in the past before six months, but right now it is not opening and gives some error, so I am not using it in that way.
Actually, mostly we are not using TrendAI Vision One regularly.
There is an AI function in TrendAI Vision One, but I want some smart wall and categorization; if a categorization option is available, then customization can be done, which I hope is available for your clients in the future.
We are facing some issues regarding TrendAI Vision One since we are not using any centralized system, such as AD and no LDAP system is there, so all my clients are in a workgroup. This sometimes makes it difficult to make changes or perform updates, such as removing the AV and reinstalling it, but it is working very fine and is definitely nice.
I think TrendAI Vision One has not helped me reduce the noise from false positives.
I find TrendAI Vision One not scalable; it is not easy to scale it up or out.
For how long have I used the solution?
I worked with TrendAI Vision One for the last one year.
What do I think about the stability of the solution?
I have had no crashes, downtimes, or performance issues with TrendAI Vision One.
Since I have redundancy servers, there has not been any downtime required.
What do I think about the scalability of the solution?
I find TrendAI Vision One not scalable; it is not easy to scale it up or out.
How are customer service and support?
Regarding tech support, there is no issue; I have not escalated any questions to the technical support.
I rate the tech support as very nice; there is also good response.
Which solution did I use previously and why did I switch?
Before TrendAI Vision One, we were using Symantec antivirus.
How was the initial setup?
The initial setup of TrendAI Vision One is easy; it is not difficult.
What about the implementation team?
TrendAI Vision One deployment is in-house.
What was our ROI?
TrendAI Vision One is great and is very helpful for our organization, and if you use the full features, then definitely it is a very powerful system.
What other advice do I have?
I am not using TrendAI Vision One's Cyber Risk Exposure Management capabilities.
My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers are that it is a very nice product with very nice features. The reports are sent to my email even when I am not logged into TrendAI Vision One, so I always see the report, and if there is any hurdle or issue, then we are using it and working on that one.
We are using the on-premises deployment for TrendAI Vision One, and we are not using the cloud.
TrendAI Vision One's main benefits include its response to cyber attacks, new viruses, vulnerabilities, ransomware prevention, and data loss protection, which are all very nice.
I give this review an overall rating of 9.
Centralized AI-driven security has improved investigations and reduced cyber risk across layers
What is our primary use case?
I can describe several use cases for TrendAI Vision One, including endpoint security with very nice features such as anti-malware, advanced threat protection, machine learning, device control, application control, web reputation, and DLP use cases that are very good. Server security includes vulnerability management, virtual patching, integrity and log inspection, anti-malware, and web reputation. Network security provides very holistic views, and XDR operations correlate multiple layers of security and give an advanced holistic view of multiple layers of investigations easily.
What is most valuable?
TrendAI Vision One is a centralized platform-based solution that provides good visibility across endpoint security, email security, server security, cloud security, and XDR operations. The product offers very good visibility overall.
A good advantage of the product is the threat correlation and attack path visibility, which is helpful to SOC teams for investigating incidents. TrendAI Vision One platform has helped me consolidate my use of security vendors and reduce silos. This is very helpful for protecting organizational assets and daily workloads, allowing SOC teams to investigate threats, perform threat hunting, and take action. TrendAI Vision One is capable of managing risk once assets enter the dashboard and scanning all assets. Network security scans all data and provides information about network vulnerabilities, such as agentless devices and agent devices, easily identifying vulnerabilities and allowing for mitigation.
Email security helps to protect users from phishing emails. Cyber Risk Exposure Management provides comprehensive visibility and AI attack path visibility for proactive security, protecting the organization's assets and proactively providing the attack path.
What needs improvement?
I would like to see some areas of the product improved or enhanced in the future. I have used multiple products such as Kaspersky, and I appreciate TrendAI Vision One for its easily viewable dashboard and one-window solution platform-based approach that provides good visibility across all products.
While acknowledging the good aspects, I believe some elements could be improved or new features could be included in TrendAI Vision One. AI-based detection is currently available, but I hope for enhancements in other areas such as encryption, which is not currently available in this security product.
For how long have I used the solution?
I have a total experience of approximately three years using this product.
What do I think about the stability of the solution?
Regarding stability, I have not experienced any crashes, downtimes, or performance issues with TrendAI Vision One. Cloud-based solutions have no downtime, whereas on-premises solutions might face some downtime for patch upgrades and version upgrades for the server.
What do I think about the scalability of the solution?
I find TrendAI Vision One scalable and have not encountered limitations or scalability issues with it. The product provides feasibility, and I find this product very helpful.
How are customer service and support?
My evaluation of customer service and technical support is that their support is very good, and I am already satisfied with the technical support of this project.
I rate the technical support as very helpful for issue resolution. I have found use case information already available online and have read articles and performed actions for resolution.
When issues are not resolved at L1 and L2 support, I create tickets. The Trend Micro engineer aligns with the support team and resolves issues quickly.
How was the initial setup?
Regarding the initial setup process, I find it a bit complex with TrendAI Vision One. The integration of multiple products with TrendAI Vision One and configuring the policies is somewhat complex for a new user.
What was our ROI?
Regarding ROI, my customers have seen returns with TrendAI Vision One. Customers are already using this cloud-based solution, and those who previously used Kaspersky find it useful for encryption aspects. I recommend this product as it is a very good product for various industries with strong signatures for anti-malware and ransomware prevention.
What's my experience with pricing, setup cost, and licensing?
I do not have clear information about the pricing aspect, including setup cost and licensing details. Cost and licensing details are unclear to me.
What other advice do I have?
I am using TrendAI Vision One for integrating multiple security solutions, such as the integration of firewalls and SIEM solutions for XDR.
The XDR sensor is installed on multiple security layers such as endpoint security and email security. The sensor collects telemetry data from the endpoint security and provides a holistic view of the data. SOC teams find it very helpful to collect telemetry to investigate threats easily.
My organization easily collects assets and reviews the risk score, advanced threat protections, and attack surface. This is a very good product for collecting all asset data and providing a comprehensive dashboard regarding vulnerability protection and risk score, highlighting the risk score and attack surface.
The industry faces top challenges such as server security and email security. The industry uses legacy servers, and TrendAI Vision One workload security protects those legacy servers. TrendAI Vision One provides workload virtual patching, which offers protection for the servers.
I use the Cyber Risk Exposure Management capabilities in TrendAI Vision One. Cyber Risk Exposure Management is the best product for the live industry, highlighting the company and correlating the industry's risk scores.
My impressions of TrendAI Vision One platform's ability to provide centralized visibility and management across protection layers are very positive. It is a very good solution for providing centralized platform-based solutions while using multiple security tools such as cloud security and cloud email gateway protection and service gateway. I have already experienced this product, and it is very helpful for SOC teams, management, and Cyber Risk Exposure Management for C-level use. This is a very good product.
Having TrendAI Vision One in hybrid environments has affected my ability to manage risk positively. It is important to my organization that TrendAI Vision One has AI built into its platform. TrendAI Vision One is the best for AI-driven security, which is a very good point of the TrendAI Vision One console. AI-driven features are very helpful for user-friendliness. Once a new user uses TrendAI Vision One, AI-driven features assist in understanding the policies and SOC operations.
TrendAI Vision One has helped my organization reduce noise from false positives, as it has significantly reduced false positives. Regarding overall cyber risk, TrendAI Vision One has helped reduce cyber risk for my client's organization. It provides an overall comprehensive dashboard overview of organizations, offering compliance, best practices, and training sessions for threat detection. This is a very helpful dashboard for Cyber Risk Exposure Management, customized for partners and industries.
The amount of risk reduced by switching to TrendAI Vision One platform includes risk metrics that show higher scores when the attack surface is high. The dashboard gives live vulnerability assessments and displays the risk scores of dashboards and organizations.
The main benefits that TrendAI Vision One brings to the table include benefiting my customers by pitching the endpoint security and Cyber Risk Exposure Management project. I have already mentioned to customers the advantages of using one product, and I am also using the demo for other products from the same console and have activated the license.
TrendAI Vision One has helped to reduce my time to detect and respond to threats through proactive security for detection, mitigation, and delivery of the attack path. I had an incident with one user who downloaded a file, and the endpoint security agent detected the malicious file and performed actions to clean and delete it. XDR created the workbench, and I investigated easily for threat scores and performed actions, enabling SOC teams to be helpful in threat hunting.
The key differences of TrendAI Vision One in comparison to other technologies such as Kaspersky include that I have already mentioned the advantages of the product, but drawbacks exist for new users. It is very complex for policy configurations and integration with other products.
Many industries in Pakistan use TrendAI Vision One platform for consolidated security across hybrid environments. More than the usual number of customers are using endpoint security, cloud security, and XDR operations. I purchase TrendAI Vision One through local partners. I give this product a rating of nine to ten out of ten. Given my experience with TrendAI Vision One over three years, I recommend using this product, as it is very helpful for the industry cybersecurity framework.
Unified XDR dashboard has improved real-time threat detection and reduced ransomware risk
What is our primary use case?
TrendAI Vision One is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.
I am using TrendAI Vision One on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.
TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.
One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.
The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.
What is most valuable?
TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.
My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.
What needs improvement?
Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.
One feature is SOAR (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.
For how long have I used the solution?
We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.
How was the initial setup?
We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM tool, from where we can write a script for that agent and have a mass deployment.
What's my experience with pricing, setup cost, and licensing?
Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.
What other advice do I have?
TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.
From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.
Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.
TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.
Platform has improved visibility and security posture across endpoints, email, and cloud
What is our primary use case?
As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.
In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One console.
What is most valuable?
The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security, including how many emails are received by mail servers on a daily, weekly, and hourly basis.
The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.
Cyber Risk Exposure Management (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud Platform and Azure.
Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.
What needs improvement?
The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.
While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.
I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.
At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.
For how long have I used the solution?
I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.
What do I think about the stability of the solution?
Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.
What do I think about the scalability of the solution?
In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.
How are customer service and support?
I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.
Which solution did I use previously and why did I switch?
TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.
How was the initial setup?
The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.
What was our ROI?
In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.
What's my experience with pricing, setup cost, and licensing?
Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.
Which other solutions did I evaluate?
Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.
What other advice do I have?
According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.
Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.
TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.
I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.
Centralized security management has unified risk visibility and simplifies attack response
What is our primary use case?
We are currently working with Trend Micro as a partner, managing multiple OEMs like Trend Micro and Trellix. TrendAI Vision One is a managed single centralized management console. We are using multiple Trend Micro products and managing them through TrendAI Vision One.
When customers use multiple security solutions in their environment such as email security, EPP, endpoint security, NDR, and data security posture management (DSPM), we manage everything through TrendAI Vision One console for Trend Micro products, while integrating with third-party security tools such as firewalls and Microsoft to capture telemetry and metadata from both sides. TrendAI Vision One then correlates this data and shows us the observed attack techniques, along with options for sandboxing ransomware file samples through TrendAI Vision One.
What is most valuable?
TrendAI Vision One gathers risk management information such as risk scores at the OS level, account level, and domain level through the endpoint agent that monitors all machines for vulnerabilities. The CREM shows us vulnerabilities at the OS level, application level, and cloud application level while highlighting how we will remediate and mitigate loopholes in our environment or customer environment.
TrendAI Vision One also helps us with consolidated management, but there is a need for improvement if the customer has multiple branches and their IT admin is location-wise. We require location-wise console segregation in TrendAI Vision One, but there are gaps in policy management that hinder that, as all branch IT admins see all policies in the console despite needing to segregate them by location.
What needs improvement?
There are support challenges when we are using TrendAI Vision One console. If a customer needs a remote session with support, they generate multiple queries and logs, which we escalate to Trend Micro management for remote support, and aligning with remote support becomes a significant challenge.
When dealing with 10,000 users of EPP with the XDR solution, there are complication issues due to the agent size being between 500 and 700 MB, which hampers our ability for mass deployment through Active Directory. We do use hybrid solutions and cloud solutions in TrendAI Vision One, and face challenges only with mass deployment regarding sizing.
For how long have I used the solution?
We have been using TrendAI Vision One for over four years.
What do I think about the stability of the solution?
There are no glitches, and TrendAI Vision One is scalable and stable.
What do I think about the scalability of the solution?
We are not currently facing any risks as TrendAI Vision One platform manages multiple Trend Micro products within a single management console.
How are customer service and support?
Support is low. When we raise a ticket for P0 or P1, the response tends to be quite late.
Which other solutions did I evaluate?
We are working with Trend Micro, CrowdStrike, and Trellix.
What other advice do I have?
After sharing Trend Micro pricing with the customer and understanding their budget, we chase the Trend Micro OEM sales person to reduce the price given the budget that the customer has, and hopefully Trend Micro sales representatives manage and close these deals.
In terms of price and technical solution, the security solutions provided by TrendAI Vision One stand out as the best offering. Time to action for delete and quarantine is crucial, and it is approximately ten percent.
We are not experiencing any noise on their side, and thus TrendAI Vision One solution is working smoothly in multiple organizations, which helps us reduce attack risks. The overall review rating for this solution is eight out of ten.
Incident analysis has become faster and clearer but event interfaces still need improvement
What is our primary use case?
TrendAI Vision One is used for XDR.
What is most valuable?
TrendAI Vision One is more limited, but the strong part is its minimalist design, allowing you to know the most important information about the incident. This is the strong point.
TrendAI Vision One helps consolidate security software across hybrid environments, and I think it is useful, especially when integrated with another tool for some clients. It is so useful to get a first analysis or to get some CUs with TrendAI Vision One, so it helps.
The solution saves time approximately by 80 to 90 percent; it is very simple.
What needs improvement?
To provide centralized visibility and management across various protection layers could be better. I would add different interfaces as I really appreciate how CrowdStrike manages the datasets. An interface where you can select the different events that happened in the incident would be beneficial because in TrendAI Vision One the information is very basic; you get all the information raw in a column, which I would improve by adding an advanced search feature similar to CrowdStrike where events can be filtered. This would make the analysis better for the client who is receiving the information.
TrendAI Vision One has room for improvement regarding different interfaces, specifically similar to the Event Simple part of CrowdStrike where you can identify what happened. It would be helpful to have an integrated identity module, because sometimes I want to see who executed an incident, such as a PowerShell command, to know if it was an admin or the local user of the machine. If I cannot see that, I do not know anything. Integrating the identity module would be beneficial.
For how long have I used the solution?
I have been working with TrendAI Vision One for one year and a half.
What do I think about the stability of the solution?
I rate the stability of TrendAI Vision One as a ten because I did not have any problems with it.
What do I think about the scalability of the solution?
The scalability of TrendAI Vision One would be around a six; it is appropriate for smaller companies, but for bigger ones such as Nike, I would say it would not fit as well.
What was our ROI?
Using TrendAI Vision One has reduced the time to detect and respond by approximately 20 percent up to 80 percent; the strong point is that it is simple, making it fast and easy to learn.
What other advice do I have?
When an incident appears in TrendAI Vision One, I open it and on the first page, you get to see the timeline of where all the different assets appear, including the host and other information. It is helpful because you get directly all the information by taking a look at the host involved. For example, if it is a server and you see SSH commands, it may fit with your conclusion. After that, I open the XDR part where you see in raw form all the different information. Finally, I can use the XDR view where you can filter using their raw SQL language to filter all the different incidents, for example, by endpoint GUID, something I usually use.
The risk reduction from using TrendAI Vision One depends on various factors. If I only get to use TrendAI Vision One and not any other tools, I think it would be approximately 80 percent, because if you have normal incidents, it is helpful, making it easier for the team of the final client to read the information. However, for real incidents requiring forensics, if you have to activate forensics, I think you would have difficulties, so I would say around 80 percent.
The importance of AI built into TrendAI Vision One is relatively recent for me; it is helpful to have a direct verdict, but I prefer to make my manual verdict. I would say it is important at a level of five for me, but for some inexperienced analysts, it might be at a level of five or seven because they will rely on that.
TrendAI Vision One is more simple compared to other solutions, but it could be useful for controlled cases if you have a small enterprise where the same software is used, making it interesting for situations where you are familiar with specific CUs. In my opinion, it would be more interesting than Cortex for smaller incidents, while I would prefer Cortex for larger cases than false positives which will be better managed by TrendAI Vision One.
My clients may be less than average because TrendAI Vision One is not that widely used. I think it is getting used less, but perhaps with the AI update it will be used more. I would estimate around 5 to 10 clients, approximately half of my client base.
Learning TrendAI Vision One can take anywhere from two weeks to one month.
In my opinion, TrendAI Vision One gets the information easily, but it does not really help reduce false positives by itself; you have to do the final work. I would say it helps with false positives around 80 percent because in TrendAI Vision One, you can see the verdict, plus AI is assisting with it.
I would recommend TrendAI Vision One, telling potential users that it is very easy to use, but it would be useful to learn how to use SQL for deeper analysis of different modules, which is important. Knowing how to use the different modules that your client has integrated will make a significant difference.
Integrated email and endpoint protection has boosted threat detection and simplified deployments
What is our primary use case?
I am from a partner firm and I deploy TrendAI Vision One at multiple customers. I implement the solution to multiple customers.
What is most valuable?
The main use cases which I have heard from customers are that, from the email point of view, email security is the first priority. They are searching for a solution which provides email security, which is able to block the files with an integrated DLP.
One of the best parts of TrendAI Vision One is its email security and the endpoint. Email security it provides at the API level, so it offers both MX Gateway and API, but usually we deploy it using API.
TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves, or the agent handles it. In this case, the agent will give you the logs.
TrendAI Vision One also has an XDR. This XDR helps you collect logs from multiple sources. It will correlate the logs of your databases, your endpoint, your servers, your mail, and using all these data silos, it will give you a report if any anomaly or any malicious file is detected or any virus pattern is detected.
Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.
It uses AI to check the logs, to find the malware or to find any phishing attack. It uses an AI and ML engine for that. There is also another AI agent inside the console. For example, if I want to find a policy or check a user, the AI agent can assist me.
They have recently launched a Zero Trust Secure Access, which is a version of SASE. Using their single agent, which is for endpoint, the same agent you can use for Zero Trust Secure Access. So you do not have to install multiple agents. One single agent can work for multiple things for SASE and for endpoint.
Its deployment is easy and fast. TrendAI Vision One console has all the features, like one single console provides email, email security, endpoint security, server and workload protection, XDR, cyber risk management, all the things in one console. It provides a good overview from a CISO and manager level. Whenever I have a meeting with the management, I show them that. Your cyber risk score is this much, from a comparison point of view.
It has another feature which can detect the unknown processes or malicious processes using its AI technology, which may be forming or in the initial stage of a ransomware attack. It is quite good in capturing that also.
From the functionalities perspective, the agent is quite heavy as it can scan different types of files.
None of my customers have faced any attack. We have detected many attacks using ransomware protection and phishing detection.
What needs improvement?
Although there is a point of improvement in the endpoint protection.
Email security sometimes may lead to some true positive attachments.
One thing I would say is not a good point is they do not have a specific licensing structure. If I bought licensing for 500 users, they convert the licenses to a credit system.
If I am a mid-level enterprise, it provides everything like an integrated DLP. I do not have to spend more money buying other solutions. One solution is enough to cover my DLP needs, endpoints, XDRs, and email security.
In endpoint also, if I have 500 customers, and if I want to change a policy, I have to make a new policy for them and add them to it and then change the policy. This is a complex process.
Management is a bit complex and it could have been easier.
The positive point is centralized management. If you are a mid-level enterprise looking for a solution for most of your cybersecurity products, TrendAI Vision One is a good centralized platform. You should go for it.
For how long have I used the solution?
I have been working with TrendAI Vision One for almost one year.
What do I think about the stability of the solution?
Since TrendAI Vision One is a SaaS-based platform, I have never faced the issue of the platform going down or any issues on the console. It is hosted on the cloud, so it is good. I have never faced that issue.
How are customer service and support?
TrendAI Vision One has an investigation team and a support team. Whenever an alert is generated of a virus or malware, we usually have to deal with it ourselves. But in this case, the agent will give you the logs. They have an investigation team that will give you an EXE to collect the log and EXE to clean your system, a diagnostic tool.
Their support portal is quite good, quite on time, and gives you a detailed analysis. I personally have used it a lot and they are quite helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used other tools such as Check Point. In email security, the number of false positives is less in TrendAI Vision One in comparison to Check Point.
How was the initial setup?
Within a day, you can deploy the whole solution in your whole company, maybe 500 users, 1000, or 2000. Within a day, you can deploy the solution of email security.
The first benefit is the ease of deployment using API. You simply have to link the Outlook or the Google Workspace API and within two minutes it is synced.
For endpoints, you have a script. You can simply run that script in your AD server and you can install multiple agents in a few minutes on most of your machines in the network.