We use TrendAI Vision One for endpoint security.

For example, we use XSIAM, which is Palo Alto's XDR plus SIEM solution. When we get an incident, we need to do some hunting in that system. It takes approximately 45 minutes. However, with TrendAI Vision One, because most of the information is already enriched, we get only high fidelity incidents. This saves us around 25% of time compared to other solutions.

TrendAI Vision One mostly delivers high-fidelity incidents. We receive nearly 60% of incidents as true positives, with the remaining 40% being false positives. Comparatively, with XSIAM we have around 40% true positives and 60% false positives.

We are an MSSP with nearly 60 people working in SCI, which is Shared Commercial Infrastructure. We have approximately 60 people dedicated to TrendAI Vision One.

One feature I appreciate about TrendAI Vision One is that compared to other solutions, the alerts we receive are already enriched. We use it in a shared commercial infrastructure which was inherited from IBM. During investigation, it is much easier to work with TrendAI Vision One compared to other solutions.

Compared to CrowdStrike sensor, TrendAI Vision One consumes more compute power. CrowdStrike is more optimized than this solution.

TrendAI Vision One is a niche product because XSIAM is a combination of SIEM plus XDR, while this is an XDR solution. If I need to do deep hunting, for example, we had an incident in Microsoft Defender yesterday which required advanced hunting capabilities. This is not possible in TrendAI Vision One, which I see as a drawback. TrendAI Vision One is a very good product, but it has a specific use case. If you want less customization, you can use TrendAI Vision One. If you need more customization, you need to use a SIEM plus XDR solution. Nowadays, they are integrating SIEM with XDR solutions. For example, we have XSIAM and Microsoft Defender is going to integrate SIEM as well going forward. In that case, TrendAI Vision One is a niche product. As a product with its specific use case, it is good.

Specifically regarding sensors, they consume comparatively more compute capacity, so we need to plan our workloads accordingly. Additionally, the user interface could be improved. When I investigate one alert, all the indicators appear jumbled together in one area. If they improve the user interface, it would be better.

We have been using TrendAI Vision One for the last one and a half years.

I would rate the technical support an eight.

Since the alerts are high fidelity and TrendAI Vision One requires less overall from the security analyst perspective, it reduces cyber risk effectively. Regarding downtime compared to XSIAM, I would rate this a nine because its downtime is considerably less. In terms of scalability, it is pretty scalable, though somewhat complex, so I would rate it an eight point five. I would recommend TrendAI Vision One if the organization is less mature in terms of SOC. However, if you want to do advanced SOC hunting, this is not the right product in my opinion. The overall review rating for this product is eight point five.

My use case for TrendAI Vision One is more focused on the XDR.

In my opinion, the best features of TrendAI Vision One are the UI itself, which is very user-friendly. I consider that to be the most intricate part about TrendAI Vision One compared to other XDR platforms.

I use the sensors in TrendAI Vision One, and they are critical for our network coverage. They help us considerably because we are using TrendAI Vision One in the corporate environment, where people come and go. The sensors are very helpful because when you want to release the sensor on a laptop that is not used, you can simply release it.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers are very interesting because other solutions do not actually provide a centralized platform to view everything. Trend Micro introduced TrendAI Vision One, which allows all that to be in one central console, enabling you to have all features enabled or disabled based on credits.

TrendAI Vision One helps consolidate my use of security vendors and reduces silos. Currently, we are mainly using the XDR function, but we are also looking at the sandboxing feature. It is a good platform because in our environment, the engineering team uses the XDR function while the Digital Forensic & Incident Response team uses the sandboxing analysis functions, allowing two cross-entities to use one platform for their own tools.

In TrendAI Vision One, an area that has room for improvement is the DLP policy governance, particularly around data leakage protection. I believe the main focus is currently on thumb drives and external drives, but in older environments, we also use CDs and DVDs for read and write functions.

I have been using TrendAI Vision One for approximately eight months in totality.

I would rate the stability of TrendAI Vision One as very stable, giving it a nine out of ten.

In terms of scalability, I would say TrendAI Vision One is a ten out of ten because it is based on credits.

From one to ten, I would rate the technical support that TrendAI Vision One provides as a nine because we are subscribed to premium support.

I found the deployment of TrendAI Vision One to be very easy; I was very surprised because we had a seamless migration from Apex One.

It took less than a day to implement TrendAI Vision One; in fact, it was completed in just one day.

In my organization, we have a team of five engineers and close to three hundred endpoints using TrendAI Vision One.

I estimate that I have seen approximately fifteen to twenty percent return on investment from using TrendAI Vision One.

Regarding the pricing of TrendAI Vision One, I think it is on the costlier side compared to other solutions due to the functions they offer, but in totality, it is cost-efficient.

I have tested other vendors for endpoint solutions, including Kaspersky and Symantec.

The top security challenges in my industry include finding people who can operate TrendAI Vision One as an operator, and actually, TrendAI Vision One's user interface is so user-friendly that it takes maybe an experienced cybersecurity engineer about two to three weeks to get used to it.

The solution does not require any maintenance in terms of patching because we are on SaaS; we have a proxy, so there is no maintenance for it.

TrendAI Vision One has reduced my time to detect and respond to threats by approximately forty to fifty percent.

It has reduced noise from false positives by approximately twenty percent, which has saved me a significant amount of time.

By switching to TrendAI Vision One, I have reduced my risk by approximately eighty percent.

I would recommend TrendAI Vision One to other users because it is user-friendly and offers good support. I would rate this review a nine out of ten.

TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.

The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.

One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.

I have been using TrendAI Vision One for almost two years.

I would rate the stability of TrendAI Vision One as nine because in the last two years, we have never had downtime except for one recent incident when Azure cloud was down, which was from Azure's side, not from Trend Micro. Overall, we have not received any downtime from Trend Micro's end.

TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.

I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.

The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.

We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.

The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.

My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.

Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.

The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.

Almost fifty people use the solution. They are all in Pakistan and working on-site.

The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.

Maintaining TrendAI Vision One is very easy and very handy.

I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.

I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.

TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.

I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.

I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.

It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.

I rate this review nine overall.

My use case for TrendAI Vision One is deploying it for an entity within a company. I deployed TrendAI Vision One to protect all kinds of endpoints, including mobiles, machines, mailboxes, and servers.

The best features of TrendAI Vision One that I appreciate include its centralized nature, the Copilot AI agent, its simplicity of use, and the quality of their API.

TrendAI Vision One has helped reduce my time to detect and time to respond to threats by approximately 10%.

To improve TrendAI Vision One to a perfect score, I believe better pricing and more support would be ideal.

I have been using TrendAI Vision One for one year.

I would rate the stability of TrendAI Vision One highly, as there were no bugs. I would give it a 10.

Regarding scalability, TrendAI Vision One is scalable. I would give it an eight.

I rate the technical support an eight.

The coverage for my organization's network is critical. When we have questions, we return to them. When we need something, we return to them, and they were always available.

The risk reduced by switching to TrendAI Vision One is similar to other EDR or XDR solutions. It can detect malicious operations and threats, but the exact percentage is difficult to quantify. For the company I was deploying it for, we detected many threats. I would rate the risk reduction as a 10 because the company in question did not have an XDR or EDR solution in place before.

The deployment of TrendAI Vision One is easy; it is just an executable.

It takes almost one day for TrendAI Vision One to appear in the console.

In my organization, we had four specialists working with TrendAI Vision One: myself and three security engineers. I was the project manager.

I can estimate the ROI seen from TrendAI Vision One to be approximately 15%.

When it comes to pricing, I find TrendAI Vision One not expensive compared to other products.

I compare TrendAI Vision One with other solutions and vendors on the market, and we can see that it is well-placed in Gartner, so it is one of the best products.

TrendAI Vision One helps with centralized visibility and protection across multiple layers.

The visibility and protection provided by TrendAI Vision One allow us to see all the assets in one console, which is beneficial. We can also see all the features in one console, which is equally advantageous.

I did not use the cyber risk exposure management capabilities with TrendAI Vision One, nor did my clients use that for identifying blind spots.

The top security challenges in the industry include handling the decommissioning of old products, specifically a Microsoft product. Additionally, not all features are centralized in one console, which is not ideal for the correlation of investigations.

TrendAI Vision One is deployed as a cloud solution and a SaaS solution.

I used TrendAI Vision One sensors.

I would recommend TrendAI Vision One to other users because it is easy to use and easy to deploy, as these are the most important factors. The importance of having AI built into TrendAI Vision One is significant; I use the AI aspects. When I want to look for a feature, I go to AI. When I want to create, for example, an IOC, I go to AI, and it assists with this.

TrendAI Vision One is our centralized platform for managing multiple security products, specifically on endpoint and workload security.

We have integrated TrendAI Vision One with Microsoft and AWS cloud accounts that we use. Our SOC team monitors TrendAI Vision One and the platform provides them with multiple views of data sets and detections that have occurred, helping them to quickly onboard with all the relevant data they should be aware of.

We are using TrendAI Vision One sensors across endpoint and workload security.

We were facing multiple cybersecurity incidents in our endpoint and workload security, including attacks such as ransomware and malware. TrendAI Vision One solves these problems by providing greater detection capabilities and automated response across all of these layers.

TrendAI Vision One helps with integration and correlation of multiple security solutions and provides us with better dashboard and reporting capabilities to showcase the data to our board.

We are seeing fewer threats and events across these security layers since we invested in TrendAI Vision One. The platform has been particularly useful in protecting against ransomware.

We are able to respond faster and quicker compared to earlier because of the automated response that TrendAI Vision One offers, which reduces our dependency on manual effort that was previously required.

TrendAI Vision One could bring in more data loss prevention capabilities specifically on the endpoints, as the current offering lacks some important capabilities.

They could also bring in data loss prevention capability and integrate with patch management solutions, which is overdue.

We have been using TrendAI Vision One for the past three and a half years.

It is extremely important to protect sensitive and critical data that resides on servers.

I would say TrendAI Vision One is a really good platform overall, and we found it fitting into our budget compared to competitive solutions. I would rate this product highly.

TrendAI Vision One use cases are mostly related to endpoints, such as detecting registry modifications or new software being added, as well as monitoring for malicious activities including PowerShell scripts, double extension files, ransomware, and crypto miners. Since I work for the financial sector, it is crucial to ensure there are no remote software programs running, especially regarding banking security.

TrendAI Vision One has two types of alerts that help reduce the time to detect and respond to threats. The first is based on alerts and workbench ID, while the second is host-based detections, allowing me to see all different threats on particular endpoints over a selected time frame. I can check for various endpoints affected by different alerts and customize this for specific time frames. Monitoring critical assets, threat hunting, and running queries are feasible tasks, providing a comprehensive overview of endpoint security and the ability to remove malicious files quickly.

One of the best features of TrendAI Vision One is its ability to let me remediate endpoints without disturbing branch users, as long as the endpoint is online and connected. I can delete files or take control through the console by informing the bank's security team to get approval. Another great feature is viewing alerts, segregating them by type and host, which makes it easier to fine-tune security and monitor critical resources. Additionally, the ability to create reference sets for known malicious hashes enhances detection capabilities across endpoints.

TrendAI Vision One saves resources and time. It provides better visibility of endpoints compared to other security management tools, which makes it invaluable. For smaller organizations that may not afford multiple tools, an XDR solution can handle their security needs effectively.

TrendAI Vision One allows mitigation of threats without interrupting branch users' regular work, which is its unique selling point.

The area for improvement is to provide more clarity on the query part, including examples for creating reference sets and documenting capabilities thoroughly so future users can benefit without needing to experiment.

Documenting the capabilities of endpoint consoles would also be beneficial for new users understanding what can be done effectively.

I initially used the first EDR approximately two years ago, and now I have been using TrendAI Vision One for eight to nine months.

The stability of TrendAI Vision One is good; I would rate it an eight.

I would rate the scalability at eight and a half.

I have not worked with technical support yet, so I cannot rate it.

I have not worked with other solutions yet, so I can only speak to my experience with TrendAI Vision One XDR, which I find to be good for handling threats across endpoints.

I am not aware of the deployment process since I have not been involved with it.

Only a few of us are using the solution currently—my manager and I. Due to my background in threat hunting, I have admin access to monitor various alerts and create reference sets for potential threats effectively.

Only three or four users have access to TrendAI Vision One, including my manager and me from the vendor side, and two from the bank end.

I am a vendor hired for SOC security and threat hunting, working for IBM clients.

I cannot estimate the return on investment accurately, as I do not have insight into the financials. However, I can say that the tool is good, particularly the basic subscription which provides me with necessary tools and knowledge to protect security.

I do not have any information regarding the pricing, so I cannot comment on that.

Every organization typically installs antivirus agents on their endpoints and servers.

My false positives have decreased, but reducing them requires thorough investigation. For example, each endpoint has its own scanning device, such as Windows Defender.

Apex Central is attempting to stop the services of Windows Defender, leading to alerts when malicious behavior is detected. Through thorough investigation, I have identified that while Apex Central might not directly stop processes, it does so using CMDlets. Hence, I decided to whitelist that.

TrendAI Vision One reduces endpoint risk by approximately 60 to 70 percent; the remaining 30 percent can be due to other factors such as phishing and web interactions.

For small organizations, implementing TrendAI Vision One is a wise choice because it delivers great visibility and clarity on endpoint threats, enabling effective monitoring and quarantining regardless of the environment.

TrendAI Vision One sensors are being used on the endpoints.

I do not know if Cyber Risk Exposure Management comes under the basic subscription, as I mostly focus on threat hunting and do not recall using it.

If the suggested improvements are implemented, it will be even more flexible and feasible.

I give this review an overall rating of 9 out of 10, and I definitely recommend TrendAI Vision One to other users because it provides solid security for endpoint protection.

I have experience with TrendAI Vision One, specifically using endpoint security, email security, and all of the modules that are used most commonly.

We mostly install TrendAI Vision One endpoint security in all client organizations, configure everything covering endpoints, servers, emails, and then work on the alerts for them as the need arises.

We are using the sensors that are included in TrendAI Vision One.

TrendAI Vision One has helped me to consolidate my use of security vendors quite a lot. Many of my clients were using different brands of antivirus for the server security and endpoint security, and another product for email security. Because of TrendAI Vision One, they were able to combine all of them in the same console. This reduced a lot of siloed tools.

I am quite impressed by the speed with which the server policy gets deployed. While the endpoint policy takes about 15 minutes to get assigned to the system, server policy is quite quick in that regard.

The coverage of these sensors is quite vast. When compared to other antiviruses, we found that TrendAI Vision One does cover quite a lot of ground.

The endpoint security policy for standard endpoints with TrendAI Vision One takes a lot of time. It would be beneficial if there were DLP features in it, as many customers require that. While TrendAI Vision One's full suite is quite impressive, customers have to find another product for DLP and file monitoring. TrendAI Vision One does have a not fully-fledged DLP in the endpoint security part, and it sometimes hangs up the PC when we apply it.

The alerts could be better because when an alert comes for an email that has been compromised and found on the dark web, we cannot quite find where it got compromised from.

The network part is something that needs to be worked on because most of the time we have to look at the firewall to get the full scenario or coverage.

We have found a lot of performance issues with TrendAI Vision One agents. They are not lightweight. The first time I used TrendAI Vision One, the agent was 500 MB. Now that I am using them, the initial size is 800 MB. Sometimes the CPU utilization is so high that the computer crashes or lags behind. This is a really big concern for everyone using TrendAI Vision One.

TrendAI Vision One is quite a good tool because there are not any issues in scalability. We can easily add more licenses to it and increase our organization security. Scalability-wise, it is good.

I have contacted the technical support or customer support of TrendAI Vision One quite a lot.

The engineers are quite helpful when they respond, but I have found that sometimes the assigned engineer responds to the first query a bit too late. I can see in the portal that the engineer has been assigned to my case, but we have to prompt them to give us a reply because nobody is answering. We have to call TrendAI Vision One support sometimes. Once we start the case, the responses are quite helpful, though we have had to escalate some of the cases quite a lot when customers need it.

I have not basically used any alternatives to TrendAI Vision One. I have tried CrowdStrike and Symantec. Symantec is so far out of TrendAI Vision One's reach and CrowdStrike, I have not used it much, but it is a bit harder to configure than TrendAI Vision One. I find TrendAI Vision One's UI much easier.

The initial deployment of TrendAI Vision One is quite easy since it is basically a cloud-based app, and you just have to deploy the agent.

If integrating AD with TrendAI Vision One, I am sure only one person would be needed. If you have to deploy and install the agents directly into the systems, at least four to five people are needed if the size of the organization is for 1,000 to 2,000 employees.

It would take one or two months to deploy TrendAI Vision One for a client, but mostly because sometimes things get delayed on the client side.

No maintenance is required on our side for TrendAI Vision One.

I am not into sales, but we have lost a few customers because of the pricing of TrendAI Vision One. They seem to gravitate to Symantec and others because their pricing range is quite less than TrendAI Vision One, and we have lost them because of that.

My review rating for TrendAI Vision One is 9 out of 10.

My use case is to monitor my entire infrastructure, investigate the latest vulnerabilities, identify loopholes, and monitor live threat detections to mitigate these threats.

TrendAI Vision One's best features are the ESRM and its email gateways, along with its playbooks, which are useful for testing any threat or vulnerability.

It helps in identifying blind spots by providing comprehensive knowledge about risk assessment and a method to compare our organization with others, allowing us to understand our current stage in cybersecurity.

TrendAI Vision One needs to work on its logging system as the logging systems are very complex, and they need to reform their logs in a more informative way.

I have been using TrendAI Vision One for the last three years.

I would rate the stability an eight.

I would rate the scalability a nine.

Their response rate is approximately 80 to 90%, and they mitigate the issue.

I would rate the technical support a nine.

I compare TrendAI Vision One with Trellix and Kaspersky, and compared to both of these, TrendAI Vision One is very useful with one-window operation and is a market-gaining product.

The deployment is easy and very moderate, taking approximately one month.

It was a partner purchase.

The ROI is positive, and I see a reduction of 100%.

TrendAI Vision One is not so expensive; it is very moderate.

TrendAI Vision One is very effective and very market competitive, which is why we are using it.

I will definitely recommend this product because of its deep knowledge and deep features, such as ESRM, playbooks, and other email gateways.

We have approximately 50 users.

I do use TrendAI Vision One sensors, and they totally cover our network as we are using network sensors and service gateways to scan the whole network and gather information about our loopholes, mitigations, and vulnerabilities with respect to the latest CVEs.

I give this product a rating of 9.

I work on TrendAI Vision One endpoint security in the XDR part. I have been working with TrendAI Vision One for approximately two years. We manage multiple endpoints, approximately 3,000 endpoints. We collect telemetric data from there and check all the servers in our inventory, whether they are online or offline. We troubleshoot whether there is unusual activity happening on the endpoint. TrendAI Vision One generates alerts for any suspicious activity, and then we mitigate accordingly. We are using TrendAI Vision One's sensors on endpoints and servers.

The versatility of TrendAI Vision One is what I like the most; we have a lot of options. The segregation is best, with endpoints divided into separate parts and servers into different parts. The policies are well-figured and well-maintained. We have the threat hunting part, the mitigation part, and the sandboxing capabilities. The areas to explore in TrendAI Vision One are fabulous. We can divide the endpoint on our own, and the server part is also great. It is very user-friendly, and we can segregate it on our basis. We can generate alerts on the basis of what we want. We have the option of playbooks, which makes it a more user-friendly and understandable environment that gives us exactly what we want.

TrendAI Vision One is very critical for us because we do not use an EDR tool; we use an XDR tool only, and we have integrated it with the SIM solution. If we did not have TrendAI Vision One, we would not be receiving the traffic or SIM data, and if there is any individual traffic or any individual behavior in the network, we would not be able to recognize it without it.

The biggest challenge is that users take care of their laptops approximately 80% of the time, but when there is an outbound connection, the user is not able to do anything. The user does not understand if he gets redirected from a legitimate site to another site through backtracking. At that time, the user is not itself involved in this, but TrendAI Vision One blocks the site on its own. It blocks the traffic on its own, which is the greatest thing and the live working thing with TrendAI Vision One that helps us.

We have the Cyber Risk Exposure Management capabilities in TrendAI Vision One. It shows us how much risk is in our environment based on the data it takes from the endpoints and the environment. We check that on a regular basis and develop a report every day on the basis of that. It is very great and gives us much more visualization. We do not need to go anywhere; we just need to open that and check where it is happening, and it gives us the best results.

In exposure management, we have multiple parts covering spyware and malware. Approximately six or seven months ago, one of the users was trying to access a website and it was getting linked to another website which was carrying grayware, which is a kind of spyware. Usually, the EDR solution does not track that because it is a web traffic issue, and EDR solutions are not able to track spyware much because it is only a bit suspicious without anything malicious in it. However, in the exposure management part, we received an alert of unusual traffic. We checked the telemetric data and all other things through our VTA and other tools. We did not find much that was malicious, but TrendAI Vision One was generating an alert again and again. We deep-dived into it and found that the website itself was not malicious, but it was carrying some spyware and was redirecting to something different. That was the best experience I had from the past two years.

When we started to use the product, the policies were not fitted properly. At that time, we used to receive a lot of false positive alerts. After doing some fine-tuning and adjusting some playbooks, the noise has been reduced to 80 to 90 percent. A lot of data has started coming in, and the data we get now is mostly true positive. We get to segregate it easily because the noise is reduced.

The AI of Trend Micro is really very good. If we are getting an alert and analyzing it, people sometimes ask to charge ChatGPT, but that is not good because that data is going to ChatGPT and that is not safe either. If we are asking the AI model of Trend Micro only, that is the best thing because our data is not going to anyone external, and Trend Micro already has that data. At that time, the threat gets less. However, the area where it should improve is that it gets stuck. It does not have that much amount of data. It does not understand easily, and we have to explain it more. I suggest that you make sure to train that model a bit more.

Apart from that, the rest of the things are really very fine. Only the AI part needs to be learned more. The AI should be given more data and should be made to understand more how to work. The rest of things are great, really great.

I have been working with TrendAI Vision One for approximately two years.

On Diwali, I do not remember the exact date, but it may have coincided with the AWS outage. We were not able to log into TrendAI Vision One due to a problem in the back end, which I believe was due to the AWS outage. We were not able to log in for approximately an hour or two. At that time, it caused us a lot of crisis because anything could have happened at that time. Fortunately, everything was on its case after we logged in. No attack happened during that one to two hours, and everything was fixed.

I found TrendAI Vision One to be very scalable because it is adaptive in nature. It takes care of vulnerabilities on its own. Its core services and AI-driven capabilities are also good. It has threat management on its own, and its effectiveness is also good; it is efficient.

I would rate customer service as 4 out of 10.

The setup process of TrendAI Vision One is pretty quite easy. We set up a path and keep the sensor there and then run it as an illustrator and perform some basic steps. We check the telnet of the URL and ping the IPs. If everything is working fine, then the connectivity is perfect and we are good to go.

I work in the Cybersecurity department. We do the deployment and take care of the security part end-to-end. I have not personally done the implementation myself, but I have done this work and I have knowledge about this all.

I have used Centra one, which is a very small product compared to TrendAI Vision One. TrendAI Vision One has many things in it and takes care of many servers. In Centra one, we have global sites and endpoints, but all the policies are at one place with all the endpoints and servers at one place, which is a bit of a hurdle when we take care of compliance. In TrendAI Vision One, we have that at different places, which makes it help us a lot. Centra one is an EDR solution that takes care of endpoints only and does not take care of the network. TrendAI Vision One takes care of the network also. If we have ten laptops in the environment and only eight of them are integrated with the XDR, then the remaining two will sometimes generate an alert on the basis of network. In EDR, if the eight endpoints are integrated, we will get the data of those eight only. That is the plus point here. If there is anything in the network, we will get to know. I also use other India solutions like Sentinel One and CrowdStrike.

I gave my highest consideration to TrendAI Vision One based on its integration and its user-friendly nature. Everything is segregated properly. The servers we get on the different part, and the endpoints we get on the different part. The alerts for the servers we get on the different part and for the endpoints we get on the different part. One more thing that is great is the workbench part. We have OAT, we have EPR, we have other things, but the best thing about it is its workbench. If we get an alert anywhere in the EDR XDR part and if that is much critical and it is getting an alert again and again, then TrendAI Vision One on its own generates its workbench. What makes it easy is the check that this one is more critical, and we should go and check this one first and then move to another part. It helps us to reduce the time to check which one we should go first and which we should check second. As an incident responder, it is very good to segregate the criticality of the function. If TrendAI Vision One gives that on its own, it becomes really very helpful.

We do face vulnerabilities. I know of Zbot, which is one vulnerability. We were getting an OAT alert over that vulnerability, and we were getting many more alerts also. We got approximately 40 to 50 alerts in an hour. For an incident responder, it becomes hard to decide which one to pick first and which one to resolve first. The workbench came here and analyzed all of the data and generated one workbench indicating that we should first go for this host and check the details here because it is more crucial than the other one. Security is never complete, so we can go for the more critical one which will be affecting the business more, and then we should resolve that first and then move to the other part. That is the best thing ever.

Whenever TrendAI Vision One gets connected to any malicious IPs or URLs or anything, it blocks it first and then generates the alert. If it is not blocked, it generates the alert, and then we analyze the telemetric data and find the URL and IPs from it. We then make sure to block it from our end, not from the XDR only, but from the SIM and other firewalls and all the tools. We do threat hunting from it. We check the telemetric data on a regular basis and find some URLs and IPs, and then we block it from the firewall and our SIM, EDR, XDR, and another tool. What happens from it is we know that this IP is malicious. We get the advisory, we block it from our side, and we give these IPs and URLs to another security tool so they block it. In the future, if a user clicks that malicious IP or visits those malicious links, TrendAI Vision One will block it on its own.

I would also like to mention that we do isolate the machines from the back end when they are not compliant or when the version is older. After isolation, the network gets completely isolated, the user tends to work faster, and our compliance gets maintained much more easily. The data encryption and access controls across the isolated system for the non-compliance does not get much of the risk, and our data also gets out of the control. The inconsistency of security comes into the point, and then our compliance gets maintained properly, and it is all because of the silo performance. I know that Trend Micro works for the hybrid environment, but right now we do not use that. We have on-premises for all the things. We are thinking to shift over the cloud, but right now we have not shifted.

One thing I would like to suggest is the user login and log out time. If we have ten users integrated with the XDR solution, it should show us when the user was last logged in and when it was logged out. That time should reflect over the console. The blocking capability works most of the time, but it does not work every time, which is a bit problematic.

I rate this product 9 out of 10.