TrendAI Vision One™ (PAYG)

I can describe several use cases for TrendAI Vision One , including endpoint security with very nice features such as anti-malware, advanced threat protection, machine learning, device control, application control, web reputation, and DLP  use cases that are very good. Server security includes vulnerability management, virtual patching, integrity and log inspection, anti-malware, and web reputation. Network security provides very holistic views, and XDR  operations correlate multiple layers of security and give an advanced holistic view of multiple layers of investigations easily.

TrendAI Vision One  is a centralized platform-based solution that provides good visibility across endpoint security, email security, server security, cloud security, and XDR  operations. The product offers very good visibility overall.

A good advantage of the product is the threat correlation and attack path visibility, which is helpful to SOC teams for investigating incidents. TrendAI Vision One platform has helped me consolidate my use of security vendors and reduce silos. This is very helpful for protecting organizational assets and daily workloads, allowing SOC teams to investigate threats, perform threat hunting, and take action. TrendAI Vision One is capable of managing risk once assets enter the dashboard and scanning all assets. Network security scans all data and provides information about network vulnerabilities, such as agentless devices and agent devices, easily identifying vulnerabilities and allowing for mitigation.

Email security helps to protect users from phishing emails. Cyber Risk Exposure Management  provides comprehensive visibility and AI attack path visibility for proactive security, protecting the organization's assets and proactively providing the attack path.

I would like to see some areas of the product improved or enhanced in the future. I have used multiple products such as Kaspersky, and I appreciate TrendAI Vision One for its easily viewable dashboard and one-window solution platform-based approach that provides good visibility across all products.

While acknowledging the good aspects, I believe some elements could be improved or new features could be included in TrendAI Vision One. AI-based detection is currently available, but I hope for enhancements in other areas such as encryption, which is not currently available in this security product.

I have a total experience of approximately three years using this product.

Regarding stability, I have not experienced any crashes, downtimes, or performance issues with TrendAI Vision One. Cloud-based solutions have no downtime, whereas on-premises solutions might face some downtime for patch upgrades and version upgrades for the server.

I find TrendAI Vision One scalable and have not encountered limitations or scalability issues with it. The product provides feasibility, and I find this product very helpful.

My evaluation of customer service and technical support is that their support is very good, and I am already satisfied with the technical support of this project.

I rate the technical support as very helpful for issue resolution. I have found use case information already available online and have read articles and performed actions for resolution.

When issues are not resolved at L1 and L2 support, I create tickets. The Trend Micro engineer aligns with the support team and resolves issues quickly.

Regarding the initial setup process, I find it a bit complex with TrendAI Vision One. The integration of multiple products with TrendAI Vision One and configuring the policies is somewhat complex for a new user.

Regarding ROI, my customers have seen returns with TrendAI Vision One. Customers are already using this cloud-based solution, and those who previously used Kaspersky find it useful for encryption aspects. I recommend this product as it is a very good product for various industries with strong signatures for anti-malware and ransomware prevention.

I do not have clear information about the pricing aspect, including setup cost and licensing details. Cost and licensing details are unclear to me.

I am using TrendAI Vision One for integrating multiple security solutions, such as the integration of firewalls and SIEM  solutions for XDR.

The XDR sensor is installed on multiple security layers such as endpoint security and email security. The sensor collects telemetry data from the endpoint security and provides a holistic view of the data. SOC teams find it very helpful to collect telemetry to investigate threats easily.

My organization easily collects assets and reviews the risk score, advanced threat protections, and attack surface. This is a very good product for collecting all asset data and providing a comprehensive dashboard regarding vulnerability protection and risk score, highlighting the risk score and attack surface.

The industry faces top challenges such as server security and email security. The industry uses legacy servers, and TrendAI Vision One workload security protects those legacy servers. TrendAI Vision One provides workload virtual patching, which offers protection for the servers.

I use the Cyber Risk Exposure Management  capabilities in TrendAI Vision One. Cyber Risk Exposure Management is the best product for the live industry, highlighting the company and correlating the industry's risk scores.

My impressions of TrendAI Vision One platform's ability to provide centralized visibility and management across protection layers are very positive. It is a very good solution for providing centralized platform-based solutions while using multiple security tools such as cloud security and cloud email gateway protection and service gateway. I have already experienced this product, and it is very helpful for SOC teams, management, and Cyber Risk Exposure Management for C-level use. This is a very good product.

Having TrendAI Vision One in hybrid environments has affected my ability to manage risk positively. It is important to my organization that TrendAI Vision One has AI built into its platform. TrendAI Vision One is the best for AI-driven security, which is a very good point of the TrendAI Vision One console. AI-driven features are very helpful for user-friendliness. Once a new user uses TrendAI Vision One, AI-driven features assist in understanding the policies and SOC operations.

TrendAI Vision One has helped my organization reduce noise from false positives, as it has significantly reduced false positives. Regarding overall cyber risk, TrendAI Vision One has helped reduce cyber risk for my client's organization. It provides an overall comprehensive dashboard overview of organizations, offering compliance, best practices, and training sessions for threat detection. This is a very helpful dashboard for Cyber Risk Exposure Management, customized for partners and industries.

The amount of risk reduced by switching to TrendAI Vision One platform includes risk metrics that show higher scores when the attack surface is high. The dashboard gives live vulnerability assessments and displays the risk scores of dashboards and organizations.

The main benefits that TrendAI Vision One brings to the table include benefiting my customers by pitching the endpoint security and Cyber Risk Exposure Management project. I have already mentioned to customers the advantages of using one product, and I am also using the demo for other products from the same console and have activated the license.

TrendAI Vision One has helped to reduce my time to detect and respond to threats through proactive security for detection, mitigation, and delivery of the attack path. I had an incident with one user who downloaded a file, and the endpoint security agent detected the malicious file and performed actions to clean and delete it. XDR created the workbench, and I investigated easily for threat scores and performed actions, enabling SOC teams to be helpful in threat hunting.

The key differences of TrendAI Vision One in comparison to other technologies such as Kaspersky include that I have already mentioned the advantages of the product, but drawbacks exist for new users. It is very complex for policy configurations and integration with other products.

Many industries in Pakistan use TrendAI Vision One platform for consolidated security across hybrid environments. More than the usual number of customers are using endpoint security, cloud security, and XDR operations. I purchase TrendAI Vision One through local partners. I give this product a rating of nine to ten out of ten. Given my experience with TrendAI Vision One over three years, I recommend using this product, as it is very helpful for the industry cybersecurity framework.

TrendAI Vision One  is a unified platform and single dashboard where all endpoints, email servers, clouds, and networks are in one place. It provides AI detection and AI-based threat detection. Any abnormality or abnormal behavior of any server or endpoint is caught, and it predicts security in a proactive mode. It correlates across all endpoints, email, network, and cloud to give the full attack story: how the attack happened, what is the location of the attack, and how we can prevent that attack.

I am using TrendAI Vision One  on all our servers with three main components: servers, endpoints, and email security. The unified visibility where one dashboard provides access is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

TrendAI Vision One sensors are basically the data collectors that capture different parts of the IT environment. If there are no sensors, there will be no visibility. Sensors are the eyes and ears of TrendAI Vision One. They are used to collect logs, abnormal behavior, email activity, and network activity. The system correlates everything, detects the attack, and sends alerts to the SOC so we can work effectively. We have endpoint sensors that are installed on laptops and servers.

One of the biggest challenges nowadays is ransomware attacks, which are the most common and damaging threat. Attackers encrypt data and steal it. With the help of TrendAI Vision One, it reduces the data leak risk from our environment. The second main challenge is phishing and social engineering attacks. Technology is growing fast, so phishing and social engineering attacks are more common. The third main challenge is identity and access compromise, where attacks target our active directory, which is the backbone of the industry. If any of the identities are compromised, an attacker can get full access. TrendAI Vision One is helping us prevent that attack. These are the three top challenges that every organization has to face, and TrendAI Vision One is resolving these kinds of issues on a daily basis.

The cyber risk management capability is used in our organization to identify and prioritize cybersecurity risks in a structured way. There are multiple capabilities under that. First, we need to identify the risk and understand what are all the possible risks we have, what are the vulnerabilities, misconfigurations, threats, and asset exposures. The second main thing is asset visibility, which is very important because we should know what type of asset visibility we have. The third main point is risk assessment, which evaluates the impact and likelihood. For example, if something is down and it is of high importance, it will be marked as a high impact. The fourth stage is risk prioritization, which prioritizes the risk and identifies what are the critical assets and what are the high-end critical vulnerabilities. Every risk has its own weightage. Some are critical, some are high, some are low. This helps us to prioritize risk. And then, of course, comes risk mitigation. Once we find the risk, for example, if something is high-end and critical, the last step is to mitigate it. This includes patching vulnerabilities, fixing misconfiguration things, strengthening our hardening controls, and applying security tools to that. And then, we go back to the first step, continuous monitoring. The next day we will start to find new zero-day attacks, new threats, and new external risks.

TrendAI Vision One, which we are using on all our servers, is the most valuable feature. We are using three things: servers, endpoints, and TrendAI Vision One's email security. The unified visibility where one dashboard is one of the best features. The AI-based threat detection model is the best feature, and the attack surface visibility where it discovers external assets and shadow IT is the best part.

My overall experience with TrendAI Vision One is very good. We discuss it every week in our leadership discussions. Overall, this platform is very mature. It is a unified XDR  platform that improves the threat visibility part and the correlation part across the enterprise. The best part is it has strong XDR  correlation. It has centralized visibility with one dashboard that contains all the information: all our risk posture, all our assets, and all our threats. The AI-driven technology, the AI-driven detection, and the scoring part are very good, as is the broad coverage they provide.

Alert noise and false positives are areas that should be improved. The initial deployment generates too many alerts, so we need better AI filtering and more accurate prioritization. Also, the integration complexity can be an issue. Sometimes, integrating TrendAI Vision One with our SIEM  tool or other cloud platforms can be time-consuming. Some improvements should be made there. They need to make easier, plug-and-play integrations and provide better documentation.

One feature is SOAR  (Security Orchestration, Automation and Response), which is an automated response engine. Currently, they have partial automation. If there is an auto-containment feature for endpoints, users, and the network, or if there are many pre-built playbooks for ransomware, phishing, and insider threats, it would be beneficial. For example, we just need to one-click and auto-remediation is done. That is the feature I am looking for. This would be used to help us detect, investigate, and respond automatically.

We have been using TrendAI Vision One for the last two years, and we recently renewed it as well.

We purchased TrendAI Vision One for all our servers. The basics are simple. We signed up, logged in, and provided access to our cloud console. Then, the step-by-step onboarding process started where we had an endpoint agent deployment for each machine. We downloaded the agent and installed it on each machine. Then the migration from the existing solution started. For the deployment part, we use one tool named ManageEngine's ITSM  tool, from where we can write a script for that agent and have a mass deployment.

Regarding cost and licensing transparency, we are using a credit-based model. We have a certain number of credits that we are using. The pricing is mild. They could make simpler pricing for better usage visibility, but I am okay with the pricing because we are getting good quality. I would not say it is a high price because we are getting a good product.

TrendAI Vision One is a powerful XDR platform. However, it requires proper tuning and proper integration. If we have done proper tuning and proper integration with all our servers, endpoints, and cloud platforms, it will give very good, accurate results.

From false positive to true positive, the percentage is almost 60% to 70%, approximately 65%. However, it needs proper tuning every week. We have to tune the policies every week so that we can get better visibility and accuracy.

Regarding mean time to detect, TrendAI Vision One definitely helps. It reduces the mean time to detect compared to traditional tools. It basically detects threats in real time. Real-time detection means it uses AI analytics, global threat intelligence, and correlation signals across all endpoints. Threats are detected almost immediately once any suspicious or malicious activity is observed. It reduces the time to detect by almost 60%.

TrendAI Vision One is a powerful and mature XDR tool. Of course, every tool has room to improve. But for us right now, it is a good tool. There are a number of tools, and every tool has its own capability and its own visibility. This tool is a very good, powerful tool. My overall rating for this solution is nine out of ten.

As a reseller for the Trend Micro solution, I also consult for the product, as we are a reseller cum consultant. TrendAI Vision One  is a platform that supports multiple solutions, including endpoint security solution, identity security solution, email security solution, and network security solution.

In the past few months, I have worked on around twelve to fifteen use cases for Trend Micro's solutions, including endpoint security with web security and zero-trust secure access. I have also provided a cloud security module as a separate use case for a customer, and I have predominantly worked on other use cases such as IPS, TippingPoint, and intrusion prevention systems within the TrendAI Vision One  console.

The major advantages of TrendAI Vision One are its good visibility across our infrastructure, providing detailed visibility on emails within TrendAI Vision One Email Security , including how many emails are received by mail servers on a daily, weekly, and hourly basis.

The second advantage is that since TrendAI Vision One is a single platform, it offers surface attack surface monitoring, allowing me to monitor different types of end nodes, such as servers, mailboxes, and users, which enhances incident response and investigation activities.

Cyber Risk Exposure Management  (CREM) in TrendAI Vision One is one of the best functionalities, as it helps identify blind spots by discovering resources in multiple environments, such as on-premises data centers and various cloud platforms including Google Cloud  Platform and Azure .

Switching to TrendAI Vision One has improved the security posture and endpoint security deployments by around twenty percent compared to the previous vendor.

The ability of TrendAI Vision One to reduce time to detect and respond to threats can be improved. To identify and detect sophisticated attacks effectively, I need a better detection rate and minimal time to respond.

While the major area for improvement in TrendAI Vision One is the time to detect and respond, apart from that, it is actually good, with great visibility and functionalities.

I have not yet examined whether TrendAI Vision One helps to consolidate the use of security vendors and reduce silos, but I believe it may have a partial silos working model as there are certain isolations that happen.

At this stage, we are not utilizing the full potential of AI in TrendAI Vision One, as we have not gathered sufficient feedback on its performance.

I have been working with Trend Micro for the past six to seven years, and the whole company actually evolved from Trend Micro to TrendAI. TrendAI Vision One has evolved in recent months.

Stability and reliability in TrendAI Vision One can be improved, but I would rate it as good, around a seven out of ten. I have faced issues, especially regarding stability, and while improvements have been made, I cannot say it is perfectly stable.

In terms of scalability, TrendAI Vision One is scalable based on license purchases, but it does have some limitations, as it is credit-based licensing to an extent.

I find that customer support from TrendAI has improved, and I would rate it around seven out of ten. Technical support is improving, but there is still potential to be better, particularly in their level of expertise.

TrendAI Vision One differs from Trend Micro Vision One in that key components have been integrated, but more or less, all other functionalities remain very similar.

The installation procedure for TrendAI Vision One is easy, but understanding the console can be quite complex.

In terms of ROI, TrendAI Vision One provides a better return on investment compared to Trend Micro, as it offers multiple solutions that yield more security and a better security posture compared to third-party solutions. I would say the ROI is around fifty to sixty percent better compared to other products.

Regarding the price, setup cost, and licensing, it is quite affordable and the pricing model has improved, making it better than before and not as expensive compared to other brands.

Comparing TrendAI Vision One to competitive vendors including SentinelOne, the detection rate is not that bad, and while there are other vendors with better detection rates, the key selling point of Trend Micro is that it is a platform offering multiple solutions, including third-party integrations, which is unique compared to other vendors.

According to the MITRE framework, the detection rate of TrendAI Vision One is around eighty-four percent.

Regarding false positives, they are common with every other solution, but the generation of false positives heavily depends on the configuration. The purpose of the product is to alert the admin team whenever a suspicious process is triggered, and whether it is generating too much noise is based on how it is configured.

TrendAI Vision One sensors are indeed critical for coverage in our organization's network, but some customers have complained about bandwidth usage; however, I believe it does not consume excessive bandwidth when configured properly.

I would rate TrendAI Vision One around eight to eight point five, possibly even nine, in overall satisfaction.

We are currently working with Trend Micro as a partner, managing multiple OEMs like Trend Micro and Trellix. TrendAI Vision One  is a managed single centralized management console. We are using multiple Trend Micro products and managing them through TrendAI Vision One .

When customers use multiple security solutions in their environment such as email security, EPP, endpoint security, NDR, and data security posture management (DSPM), we manage everything through TrendAI Vision One console for Trend Micro products, while integrating with third-party security tools such as firewalls and Microsoft to capture telemetry and metadata from both sides. TrendAI Vision One then correlates this data and shows us the observed attack techniques, along with options for sandboxing ransomware file samples through TrendAI Vision One.

TrendAI Vision One gathers risk management information such as risk scores at the OS level, account level, and domain level through the endpoint agent that monitors all machines for vulnerabilities. The CREM shows us vulnerabilities at the OS level, application level, and cloud application level while highlighting how we will remediate and mitigate loopholes in our environment or customer environment.

TrendAI Vision One also helps us with consolidated management, but there is a need for improvement if the customer has multiple branches and their IT admin is location-wise. We require location-wise console segregation in TrendAI Vision One, but there are gaps in policy management that hinder that, as all branch IT admins see all policies in the console despite needing to segregate them by location.

There are support challenges when we are using TrendAI Vision One console. If a customer needs a remote session with support, they generate multiple queries and logs, which we escalate to Trend Micro management for remote support, and aligning with remote support becomes a significant challenge.

When dealing with 10,000 users of EPP with the XDR  solution, there are complication issues due to the agent size being between 500 and 700 MB, which hampers our ability for mass deployment through Active Directory. We do use hybrid solutions and cloud solutions in TrendAI Vision One, and face challenges only with mass deployment regarding sizing.

We have been using TrendAI Vision One for over four years.

There are no glitches, and TrendAI Vision One is scalable and stable.

We are not currently facing any risks as TrendAI Vision One platform manages multiple Trend Micro products within a single management console.

Support is low. When we raise a ticket for P0 or P1, the response tends to be quite late.

We are working with Trend Micro, CrowdStrike, and Trellix.

After sharing Trend Micro pricing with the customer and understanding their budget, we chase the Trend Micro OEM sales person to reduce the price given the budget that the customer has, and hopefully Trend Micro sales representatives manage and close these deals.

In terms of price and technical solution, the security solutions provided by TrendAI Vision One stand out as the best offering. Time to action for delete and quarantine is crucial, and it is approximately ten percent.

We are not experiencing any noise on their side, and thus TrendAI Vision One solution is working smoothly in multiple organizations, which helps us reduce attack risks. The overall review rating for this solution is eight out of ten.

TrendAI Vision One  is used for XDR .

TrendAI Vision One  is more limited, but the strong part is its minimalist design, allowing you to know the most important information about the incident. This is the strong point.

TrendAI Vision One helps consolidate security software across hybrid environments, and I think it is useful, especially when integrated with another tool for some clients. It is so useful to get a first analysis or to get some CUs with TrendAI Vision One, so it helps.

The solution saves time approximately by 80 to 90 percent; it is very simple.

To provide centralized visibility and management across various protection layers could be better. I would add different interfaces as I really appreciate how CrowdStrike manages the datasets. An interface where you can select the different events that happened in the incident would be beneficial because in TrendAI Vision One the information is very basic; you get all the information raw in a column, which I would improve by adding an advanced search feature similar to CrowdStrike where events can be filtered. This would make the analysis better for the client who is receiving the information.

TrendAI Vision One has room for improvement regarding different interfaces, specifically similar to the Event Simple part of CrowdStrike where you can identify what happened. It would be helpful to have an integrated identity module, because sometimes I want to see who executed an incident, such as a PowerShell command, to know if it was an admin or the local user of the machine. If I cannot see that, I do not know anything. Integrating the identity module would be beneficial.

I have been working with TrendAI Vision One for one year and a half.

I rate the stability of TrendAI Vision One as a ten because I did not have any problems with it.

The scalability of TrendAI Vision One would be around a six; it is appropriate for smaller companies, but for bigger ones such as Nike, I would say it would not fit as well.

Using TrendAI Vision One has reduced the time to detect and respond by approximately 20 percent up to 80 percent; the strong point is that it is simple, making it fast and easy to learn.

When an incident appears in TrendAI Vision One, I open it and on the first page, you get to see the timeline of where all the different assets appear, including the host and other information. It is helpful because you get directly all the information by taking a look at the host involved. For example, if it is a server and you see SSH commands, it may fit with your conclusion. After that, I open the XDR  part where you see in raw form all the different information. Finally, I can use the XDR view where you can filter using their raw SQL language to filter all the different incidents, for example, by endpoint GUID, something I usually use.

The risk reduction from using TrendAI Vision One depends on various factors. If I only get to use TrendAI Vision One and not any other tools, I think it would be approximately 80 percent, because if you have normal incidents, it is helpful, making it easier for the team of the final client to read the information. However, for real incidents requiring forensics, if you have to activate forensics, I think you would have difficulties, so I would say around 80 percent.

The importance of AI built into TrendAI Vision One is relatively recent for me; it is helpful to have a direct verdict, but I prefer to make my manual verdict. I would say it is important at a level of five for me, but for some inexperienced analysts, it might be at a level of five or seven because they will rely on that.

TrendAI Vision One is more simple compared to other solutions, but it could be useful for controlled cases if you have a small enterprise where the same software is used, making it interesting for situations where you are familiar with specific CUs. In my opinion, it would be more interesting than Cortex  for smaller incidents, while I would prefer Cortex  for larger cases than false positives which will be better managed by TrendAI Vision One.

My clients may be less than average because TrendAI Vision One is not that widely used. I think it is getting used less, but perhaps with the AI update it will be used more. I would estimate around 5 to 10 clients, approximately half of my client base.

Learning TrendAI Vision One can take anywhere from two weeks to one month.

In my opinion, TrendAI Vision One gets the information easily, but it does not really help reduce false positives by itself; you have to do the final work. I would say it helps with false positives around 80 percent because in TrendAI Vision One, you can see the verdict, plus AI is assisting with it.

I would recommend TrendAI Vision One, telling potential users that it is very easy to use, but it would be useful to learn how to use SQL for deeper analysis of different modules, which is important. Knowing how to use the different modules that your client has integrated will make a significant difference.