TrendAI Vision One serves as my use case starting simply with its sensor agent as a basic Endpoint Detection and Response solution. After that, we started using its endpoint protection, and now we are integrated with its NDR solution, which is Network Detection and Response. We are moving forward towards its complete suite.
TrendAI Vision One™
Trend MicroExternal reviews
295 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Centralized visibility has improved threat detection and has reduced response time significantly
What is our primary use case?
What is most valuable?
The best features of TrendAI Vision One that I prefer most are two main ones. One of them is its Attack Surface Discovery, which gives us the overall security posture of our network. The second is its Observed Attack Techniques section, which is mapped on MITRE ATT&CK and gives us an overall view of what is happening in our system and provides us with automatic detections based on the telemetry data.
What needs improvement?
One area that has room for improvement is the interface of TrendAI Vision One, which is very slow due to its data center being based in America. If the data center were in a nearby location, its response would be very quick. I think just the interface because everything else we can find in TrendAI Vision One such as endpoint protection, D-SIM security, DLP solution, and FIM, so there is nothing left behind.
For how long have I used the solution?
I have been using TrendAI Vision One for almost two years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
TrendAI Vision One is very scalable. We can integrate different solutions with it and perform some type of automation with this solution, so it is very scalable. I would rate it nine.
How are customer service and support?
I would rate the technical support that Trend Micro provides as seven point five. It depends on the functionality we are using. In most cases, the support quickly resolves the issue, and in some cases, they take some time.
How was the initial setup?
The deployment of TrendAI Vision One is very handy. There are not any complex issues I faced during the deployment, and it is a very quick deployment. The different guides they provide during deployment and for other configurations help us a lot in the overall deployment of the solution. The deployment process took approximately one point five to two months overall. We are working on an enterprise solution, so for each step, we have to do some testing on the configuration and then we do a full deployment. We are still testing its new features and enhancing it, so it is an ongoing process for us.
What other advice do I have?
We are using the sensors of TrendAI Vision One to cover almost seven thousand endpoints. It is covering our enterprise endpoints, and it is very critical to get overall telemetry data from all of the endpoints. It gives us better visibility into what is actually happening on these systems.
The top security challenges I faced in my industry before using TrendAI Vision One were about getting the whole telemetry data, meaning what is actually happening on the system. SIEM solutions only get limited logs, and secondly, we could not calculate our attack surface, which means what is our proper security posture and where we are standing according to our security level.
My impressions of TrendAI Vision One's ability to provide centralized visibility and management across protection layers is that it provides overall very good visibility in the network. It gets integrated with other security solutions, and we can centrally manage it. It can be integrated with our Active Directory, our firewalls, and security solutions for automatic IOCs blocking. In that respect, it is very much better.
Regarding the Cyber Risk Exposure Management, it helps my organization identify blind spots by calculating based on the vulnerabilities identified on our endpoints, the configuration settings on different endpoints, and on the Active Directory level, the number of alerts we are getting from different points. By calculating all of these, it gives us an overall percentage. Based on that, we assess how we are actually standing in terms of our security posture.
The solution has helped consolidate the use of security vendors because we are also using its MDR service for critical and high-level alerts, and it is cloud-based, so we do not usually need any type of vendor support to solve daily issues. If we get anyone, we can directly open a case with TrendAI Vision One, and the issue can be solved within one or two days.
Almost fifty people use the solution. They are all in Pakistan and working on-site.
The Service Gateway Management machine we use in our network requires maintenance on a monthly basis or every one to two months when we get a new update from them. To manage the different types of functionalities it provides, its license is credit-based, so we have to carefully use all of the functionalities provided by TrendAI Vision One. So it requires some type of maintenance as well.
Maintaining TrendAI Vision One is very easy and very handy.
I do not know the exact pricing of TrendAI Vision One, but the type of structure licenses they provide is very useful for us. We purchase overall credits and can use these credits according to our needs. So the structure of licensing is very much better than other vendors.
I chose TrendAI Vision One here in Pakistan because we have their principal support here in Pakistan, and we can directly connect with them and reach out to them. So the main purpose of purchasing TrendAI Vision One was its principal support.
TrendAI Vision One has reduced our time to detect and respond to threats almost sixty-five to seventy percent. We get alerts in real-time on the Observed Attack Techniques section, and for the higher critical alerts, our MDR service from Trend Micro sends us an email alert within approximately thirty minutes, and they also give us a call reminder to respond to that alert. Then it depends on us how we respond to that alert with different teams and come to the solution.
I cannot quantify by how much TrendAI Vision One has reduced our false positives, as we get false positive alerts on a daily basis. But in the high and critical section, we only get the most relevant alerts. In the medium and low sections, there are very false positive alerts and we are working with Trend Micro and our vendor to reduce these observed attack techniques.
I would recommend TrendAI Vision One because it provides many services in a single console, such as Attack Surface Discovery, awareness session, vulnerability, attack simulation, DLP, and many other EDR services, NDR services, and email security gateway. I would recommend this suite as one console can be used for many solutions.
It is very important for us that TrendAI Vision One has AI built into the platform as we are doing a proof of concept for its new technology, which is called ZTSA. The industry is evolving with respect to artificial intelligence, and we have to secure that area from both data leakage and data protection. So it is very important, and we are doing a proof of concept of ZTSA, which is its new feature of TrendAI Vision One.
I rate this review nine overall.
Integrated XDR has strengthened endpoint protection and reduces false positives in daily incident response
What is our primary use case?
My main use case for TrendAI Vision One is for endpoint security and XDR, as we need to handle incidents effectively.
What is most valuable?
TrendAI Vision One provides all the details for incident handling in our bank security operations, such as identifying where a threat is coming from, its impact, and a workbench to manage responses, making it easy to mitigate issues. In my daily work, TrendAI Vision One helps us first on the endpoint by preventing threats, allowing us not to worry about the types of daily updates, which we schedule based on preferences. Additionally, with XDR, we receive all threat events and their impacts, which helps us mitigate cyber risks and create playbooks.
The best features of TrendAI Vision One are its integration capabilities with third-party intelligence such as STIX and MISP, along with collaboration and integration with tools such as Splunk, IBM QRadar, and DSPM and SASE products. The integrations with third-party tools such as Splunk and QRadar help our team significantly; we utilize syslog to gather all endpoint logs and QRadar logs. We simply generate an API and API key to facilitate integration with Splunk or QRadar.
TrendAI Vision One has in-depth analysis and recognition features that provide a diagram of a workbench if a preventive attack is happening or has occurred, allowing me to access all logs and additional information regarding the threat's origin, impact, and mitigation strategies.
TrendAI Vision One has positively impacted our organization by giving us fewer false positive alerts, and with its support, we are securing our environment against upcoming vulnerabilities such as zero-day attacks. Reducing false positives and handling zero-day attacks has streamlined our team's daily workflow and improved our overall security posture. For example, we integrated with Netskope and IBM QRadar, which reduced our workload by decreasing alerts, as QRadar detects genuine files that may have been previously flagged.
What needs improvement?
I do not have any specific suggestions for improving TrendAI Vision One.
For how long have I used the solution?
I have been using TrendAI Vision One for three years.
What do I think about the stability of the solution?
In my experience, TrendAI Vision One is stable.
What do I think about the scalability of the solution?
The scalability of TrendAI Vision One is notably low maintenance, and their support for the agent is long-term. We update the agent quarterly, and their Basecamp services share a data lake, making information gathering effortless.
How are customer service and support?
The customer support for TrendAI Vision One is very good. We create a case, and Trend support connects remotely, typically within twenty-four hours.
Which solution did I use previously and why did I switch?
Previously, we used Sophos, which was very bulky and caused slowness issues, prompting us to switch to TrendAI Vision One.
How was the initial setup?
The setup cost is reasonable, and the licensing is relatively low.
What about the implementation team?
We have directly purchased TrendAI Vision One from Trend Micro and did not acquire it through the AWS marketplace.
What was our ROI?
We have seen a return on investment because it is easy to use. One agent installed on the endpoint saves both money and time, as we only need L1 engineers to support the endpoints, reducing the number of employees needed to manage them.
What's my experience with pricing, setup cost, and licensing?
In my opinion, the pricing for TrendAI Vision One is somewhat high.
Which other solutions did I evaluate?
Before choosing TrendAI Vision One, we evaluated other options such as SentinelOne and CrowdStrike.
What other advice do I have?
I rate TrendAI Vision One a ten out of ten. Most importantly, I chose ten out of ten because it is easy to control and install the product, and the support from Trend engineers is exceptional along with the help we receive from salespersons. I advise those looking into using TrendAI Vision One to consider it seriously, as it offers XDR features, endpoint security features, and ZTNA features, eliminating the need for multiple agents or plugins. TrendAI Vision One is a very good solution that is easy to use. Their knowledge-based articles are extremely helpful, allowing us as techies to troubleshoot issues independently without always relying on senior staff or support.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Centralized protection has improved threat response and simplified endpoint security management
What is our primary use case?
My use case for TrendAI Vision One is deploying it for an entity within a company. I deployed TrendAI Vision One to protect all kinds of endpoints, including mobiles, machines, mailboxes, and servers.
What is most valuable?
The best features of TrendAI Vision One that I appreciate include its centralized nature, the Copilot AI agent, its simplicity of use, and the quality of their API.
TrendAI Vision One has helped reduce my time to detect and time to respond to threats by approximately 10%.
What needs improvement?
To improve TrendAI Vision One to a perfect score, I believe better pricing and more support would be ideal.
For how long have I used the solution?
I have been using TrendAI Vision One for one year.
What do I think about the stability of the solution?
I would rate the stability of TrendAI Vision One highly, as there were no bugs. I would give it a 10.
What do I think about the scalability of the solution?
Regarding scalability, TrendAI Vision One is scalable. I would give it an eight.
How are customer service and support?
I rate the technical support an eight.
The coverage for my organization's network is critical. When we have questions, we return to them. When we need something, we return to them, and they were always available.
Which solution did I use previously and why did I switch?
The risk reduced by switching to TrendAI Vision One is similar to other EDR or XDR solutions. It can detect malicious operations and threats, but the exact percentage is difficult to quantify. For the company I was deploying it for, we detected many threats. I would rate the risk reduction as a 10 because the company in question did not have an XDR or EDR solution in place before.
How was the initial setup?
The deployment of TrendAI Vision One is easy; it is just an executable.
It takes almost one day for TrendAI Vision One to appear in the console.
What about the implementation team?
In my organization, we had four specialists working with TrendAI Vision One: myself and three security engineers. I was the project manager.
What was our ROI?
I can estimate the ROI seen from TrendAI Vision One to be approximately 15%.
What's my experience with pricing, setup cost, and licensing?
When it comes to pricing, I find TrendAI Vision One not expensive compared to other products.
Which other solutions did I evaluate?
I compare TrendAI Vision One with other solutions and vendors on the market, and we can see that it is well-placed in Gartner, so it is one of the best products.
What other advice do I have?
TrendAI Vision One helps with centralized visibility and protection across multiple layers.
The visibility and protection provided by TrendAI Vision One allow us to see all the assets in one console, which is beneficial. We can also see all the features in one console, which is equally advantageous.
I did not use the cyber risk exposure management capabilities with TrendAI Vision One, nor did my clients use that for identifying blind spots.
The top security challenges in the industry include handling the decommissioning of old products, specifically a Microsoft product. Additionally, not all features are centralized in one console, which is not ideal for the correlation of investigations.
TrendAI Vision One is deployed as a cloud solution and a SaaS solution.
I used TrendAI Vision One sensors.
I would recommend TrendAI Vision One to other users because it is easy to use and easy to deploy, as these are the most important factors. The importance of having AI built into TrendAI Vision One is significant; I use the AI aspects. When I want to look for a feature, I go to AI. When I want to create, for example, an IOC, I go to AI, and it assists with this.
Centralized visibility has simplified web access control but user management still needs improvement
What is our primary use case?
We use TrendAI Vision One as a web proxy to block and allow users to access web pages. We are a customer and an end user.
What is most valuable?
The best feature about TrendAI Vision One is the GUI; the platform is very user-friendly. The GUI of TrendAI Vision One is amazing and very useful, simple to understand, and simple to configure and learn. It saves my time and money, reducing approximately 20% of my time. AI in TrendAI Vision One was very important. If we integrate AI in TrendAI Vision One, it will provide more detail; all the data can be fetched from the internet to provide detailed network scalability and threats details, vulnerability scans, and port scans. It would be very good if the OEM integrates AI in TrendAI Vision One.
What needs improvement?
Stability can also be improved. Sometimes when we perform user management or when we go to log in to create the user, there will be some lagging on the network or it will automatically log out, and then we have to log in again on the web page.
When I tried to explore the web gateway and the email gateway, they are present under some options. If they can be provided in a simple interface, it will be very beneficial for the users and end users to understand and configure TrendAI Vision One.
For how long have I used the solution?
I have used TrendAI Vision One for approximately five to six months, and I have used it in the past 12 months.
What do I think about the stability of the solution?
I will rate the stability at six to seven.
What do I think about the scalability of the solution?
I will rate scalability at eight or nine, around eight.
How are customer service and support?
Technical support for TrendAI Vision One was perfect; I will rate it at nine.
How would you rate customer service and support?
Positive
What was our ROI?
The ROI is around 10 to 15%.
What's my experience with pricing, setup cost, and licensing?
The pricing of TrendAI Vision One is moderate.
Which other solutions did I evaluate?
In comparison to other vendors, the GUI is perfect; it is cost-effective and easy to understand and easy to operate. Overall, the comparison is good for TrendAI Vision One.
What other advice do I have?
TrendAI Vision One provides overall network performance, such as CPU utilization, how many ports are open in the network, and how we can configure the attack in the network. Blind spots in the network can be identified through the platform.
The centralized visibility was also good; we can manage all things in a simple GUI management. It can be consolidated within a hybrid environment.
I would recommend everyone to use TrendAI Vision One because it is the simplest GUI management; a network engineer with one year of experience can also manage TrendAI Vision One, and it can be deployed in any environment such as AWS, Azure, GCP, and also in a hybrid model.
TrendAI Vision One provides detailed network performance, CPU utilization of devices, and malware functions in the devices; it is all the details in one simple GUI where we can manage it, and we can see which end user and which end system is at risk, which is not, and which has updated the antivirus or not. I rate TrendAI Vision One at eight overall. My review rating for this product is seven.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Robust Security Tool with Centralized Management, Needs Improved License Control
What do you like best about the product?
I really like Trend Vision One because of its centralized login feature, which is excellent for managing everything. It's easy to manage every end user and provide them with role-based access. This way, they can see what's wrong in their logins and how many threats are detected. I can also pull reports and take necessary actions, making it easy to manage through the console.
What do you dislike about the product?
Currently, there is no option for control license deployments, which makes it not easy to manage the license part. They need to improve more on that part where we can centralized push the license to whichever user needs it.
What problems is the product solving and how is that benefiting you?
I use Trend Vision One as an antivirus tool to protect our system, neutralize network threats, and provide a secure environment for users.
Unified Security Dashboard and Effortless Integration
What do you like best about the product?
Dear Trend Micro Team,
I've been using Trend Vision One for [1-2 Years] in our company, Amagi Media Labs Ltd, and wanted to share what I like best.
1. Unified Dashboard - The single pane of glass for threat detection across endpoints and cloud workloads. Real-time correlation of alerts reduces noise and speeds up investigation.
2. Easy Deployment & Integration - Third-party integrations and flexible licensing make onboarding simple, even for smaller teams.
3. Advanced Detection - Signatureless anomaly detection, user behavior analysis, and proactive risk assessment catch threats.
4. Reliable Performance - Minimal resource impact and strong endpoint protection provide peace of mind for our infrastructure.
I've been using Trend Vision One for [1-2 Years] in our company, Amagi Media Labs Ltd, and wanted to share what I like best.
1. Unified Dashboard - The single pane of glass for threat detection across endpoints and cloud workloads. Real-time correlation of alerts reduces noise and speeds up investigation.
2. Easy Deployment & Integration - Third-party integrations and flexible licensing make onboarding simple, even for smaller teams.
3. Advanced Detection - Signatureless anomaly detection, user behavior analysis, and proactive risk assessment catch threats.
4. Reliable Performance - Minimal resource impact and strong endpoint protection provide peace of mind for our infrastructure.
What do you dislike about the product?
Dear Trend Mcro team,
I've been using Trend Vision One for [1-2 Years] in our company, Amagi Media Labs Ltd, and appreciate its unified detection capabilities. Here's the honest feedback on pain points to help prioritize roadmap items.
1. Frequent UI changes/UI Navigation - The interface is feature-rich but sometimes overwhelming - streamlined workflows for common tasks would improve usability. Navigation feels unstable and disrupts workflows.
2. False Positives and Alert Noise - low-quality alerts require excessive investigation time.
3. Support response times - Tier 1 support is slow to escalate
I've been using Trend Vision One for [1-2 Years] in our company, Amagi Media Labs Ltd, and appreciate its unified detection capabilities. Here's the honest feedback on pain points to help prioritize roadmap items.
1. Frequent UI changes/UI Navigation - The interface is feature-rich but sometimes overwhelming - streamlined workflows for common tasks would improve usability. Navigation feels unstable and disrupts workflows.
2. False Positives and Alert Noise - low-quality alerts require excessive investigation time.
3. Support response times - Tier 1 support is slow to escalate
What problems is the product solving and how is that benefiting you?
I've been using Trend Vision One for [1-2 Years] in our company, Amagi Media Labs Ltd environment has delivered clear value. Here are the problems it solved and how it benefits us.
Problems solved:
Complex Threat Hunting - Manual investigations took hours/days. XDR now provides attack path visualization, MITRE ATT&CK mapping, and automated playbooks for rapid response.
Scaling Security Operations: Growing threats overwhelmed our small team. Unified console and automation handles multi‑cloud, OT, and hybrid environments efficiently.
Vision One correlates events across layers with AI, reducing noise by 99.6% and dwell time by 65%.
Benefits:
Proactive Defense: AI‑powered anomaly detection catches zero‑days and advanced persistent threats (APTs) early.
Team Efficiency: 92% cyber risk reduction lets our SOC focus on high‑value tasks instead of false positives.
Vision One has transformed our security posture from reactive to proactive. It’s now our central platform for endpoint, cloud, and email protection.
Problems solved:
Complex Threat Hunting - Manual investigations took hours/days. XDR now provides attack path visualization, MITRE ATT&CK mapping, and automated playbooks for rapid response.
Scaling Security Operations: Growing threats overwhelmed our small team. Unified console and automation handles multi‑cloud, OT, and hybrid environments efficiently.
Vision One correlates events across layers with AI, reducing noise by 99.6% and dwell time by 65%.
Benefits:
Proactive Defense: AI‑powered anomaly detection catches zero‑days and advanced persistent threats (APTs) early.
Team Efficiency: 92% cyber risk reduction lets our SOC focus on high‑value tasks instead of false positives.
Vision One has transformed our security posture from reactive to proactive. It’s now our central platform for endpoint, cloud, and email protection.
Maximized Efficiency and Cost Savings for SOC Teams
What do you like best about the product?
Organizations often highlight the platform's ability to "do more with less":
Alert Fatigue Reduction: Advanced filtering and correlation can reduce daily alert noise by over 90%, allowing SOC teams to focus on real threats.
Cost Efficiency: By consolidating multiple tools (SIEM, SOAR, EDR) into one platform, many companies report up to a 70% reduction in overall cybersecurity costs
Alert Fatigue Reduction: Advanced filtering and correlation can reduce daily alert noise by over 90%, allowing SOC teams to focus on real threats.
Cost Efficiency: By consolidating multiple tools (SIEM, SOAR, EDR) into one platform, many companies report up to a 70% reduction in overall cybersecurity costs
What do you dislike about the product?
Would you like me to find a workaround for one of these specific issues, such as how to optimize the agent for better performance on your servers?
What problems is the product solving and how is that benefiting you?
The Problem: Attackers often hide in the "gaps" between your email, your cloud, and your employees' laptops. Traditional security only sees one piece at a time.
The Solution: It provides Unified Visibility across all layers (Endpoint, Email, Network, Cloud, and Identity). It even detects "unmanaged" devices that aren't officially on your network.
+1
The Benefit to You: It reduces "Dwell Time"—the time an attacker spends in your system before being caught—by an average of 65%. You see the attack the moment it moves from an email to a server
The Solution: It provides Unified Visibility across all layers (Endpoint, Email, Network, Cloud, and Identity). It even detects "unmanaged" devices that aren't officially on your network.
+1
The Benefit to You: It reduces "Dwell Time"—the time an attacker spends in your system before being caught—by an average of 65%. You see the attack the moment it moves from an email to a server
Comprehensive Threat Protection, Seamless Integration
What do you like best about the product?
I like Trend Vision One's single unified console and XR capability, which provide real-time risk availability. It helps with quick response and strong protection against threats. I appreciate how it manages endpoint and email cloud servers, and enhances network security from the dashboard. I also value its capability to correct alerts across multiple security layers swiftly.
What do you dislike about the product?
rend Vision One is a cloud-native, extended detection and response (XDR) platform that provides unified threat detection, risk visibility, and coordinated response across endpoints, networks, cloud workloads, and email systems.
What problems is the product solving and how is that benefiting you?
I use Trend Vision One to detect and block malware and ransomware, respond to unknown threats, and identify multistage attacks. It compresses endpoints and secures high-risk laptops, providing real-time risk availability and strong protection across multiple security layers.
Advanced Features and Outstanding Support
What do you like best about the product?
Most advanced features and threat detection intelligence features great product support
What do you dislike about the product?
There is no weak feature that we can dislike
What problems is the product solving and how is that benefiting you?
Trend vision is help in advanced threat detection and dlp
Virtual Patching Adds Essential Security for Legacy Systems
What do you like best about the product?
The Virtual Patching feature is especially valuable for critical production servers, as it can provide extra time before scheduled downtime. Additionally, it allows us to continue using legacy operating systems more securely.
What do you dislike about the product?
The real-time scanning feature sometimes conflicts with other tools.
What problems is the product solving and how is that benefiting you?
The Virtual Patching feature is especially valuable for critical production servers, as it can provide extra time before scheduled downtime.
XDR capabalites enhancing the security controle.
XDR capabalites enhancing the security controle.
showing 11 - 20