Fischer Homes
Trend Vision One improves traffic visibility, saves time, and identifies blind spots
Troy Riegsecker
Infrastructure Manager at Fischer Homes Inc.
WHAT IS OUR PRIMARY USE CASE?
We utilize Trend Vision One™ to identify and neutralize malicious activities on our network. This comprehensive security solution extends beyond traditional antivirus software, which relies on pattern matching, by actively monitoring endpoint behavior for anomalies and deviations from established norms.
In 2020, we transitioned to remote work like many other companies. During this transition, we conducted an internal Trend Micro office scan, which revealed that many of our users' devices were out of date due to their inability to connect to the VPN for extended periods. This prompted us to switch to Trend Micro Apex One™ later that year. As part of the Trend Micro Apex One implementation, we were given a complimentary trial of Trend Vision One. During this trial, we received an alert that demonstrated the product's effectiveness, leading us to purchase a subscription. Trend Vision One has been an excellent addition to our security arsenal. Trend Micro continuously adds new features and updates, making it an ever-evolving and valuable tool. The product's capabilities, functionality, and incident response capabilities have improved significantly over the past several years. We can set up playbooks to automate our response to specific incidents, which is a tremendous asset. Trend Vision One is an outstanding security solution.
Implementing Managed XDR has significantly reduced our time to detect and respond to threats. It provides timely alerts directly in the platform, streamlining my workflow and keeping me informed promptly. This has saved me one to two hours per day.
HOW HAS IT HELPED MY ORGANIZATION?
The biggest problem was that I couldn't see our East-West network traffic between our endpoints. However, I could see North-South traffic, meaning anything that went up to the firewall and back. This meant if, for example, a coworker and I were sending something malicious to each other, I wouldn't be able to see it or tell where it was coming from. I might get an alert saying suspicious activity was detected, but wouldn't have specific details. Implementing an XDR system changed this. Now, I can see all East-West traffic and set up rules for specific actions if certain events occur. I can also filter the information to focus on what's most important. Every day, I review XDR alerts, investigate them, and determine if they're suspicious or not.
We use Trend Vision One™ - Cloud Security across all our endpoints, including PCs, laptops, and servers. The coverage it provides is extremely important. We leverage Trend's XDR capabilities for enhanced threat detection and response. Additionally, we utilize the Trend Vision One - Cloud Security app security solution. We have Trend Vision One - Cloud Security as a service, and I also manage Trend Micro™ – TippingPoint. Our cybersecurity posture is significantly stronger than it was four years ago. Back then, we were hit by a ransomware attack, which exposed vulnerabilities in our security measures. We were only spending around eight thousand dollars annually on cybersecurity, and as the company grew rapidly, investments in cybersecurity weren't prioritized. While achieving absolute security is impossible, we are demonstrably more secure than ever before.
Trend Vision One - Cloud Security provides centralized visibility. Every day, I log into Trend Vision One and the first thing I check is my risk score. Based on my score, I take action. For example, if my score jumps from 36 to 50, I investigate the change in Trend Vision One. Trend Vision One tells me what caused the increase and offers specific recommendations. I can then easily see what actions will reduce my risk. For example, I might see that fixing a specific vulnerability will lower my score by six points, but another fix won't help. Trend Vision One - Cloud Security is a powerful tool, and that's just a glimpse of its capabilities. It shows me my OS vulnerabilities, application vulnerabilities, and even critical business exposures. For example, it might alert me to an Adobe CBE and tell me which devices are affected. This allows me to quickly identify and patch vulnerable devices. Furthermore, I can directly initiate patching from Trend Vision One. Additionally, I can use integrated products like Trend Vision One™ – Container Security to gain comprehensive security insights across different environments, all within the same platform.
Every day, I start by logging into the Executive Dashboard. It's the first thing I check, as it provides me with my risk index and a summary of potential issues. Furthermore, I can view information about our devices, risk levels, and other relevant data points. After reviewing the Executive Dashboard, I transition to the Operations Dashboard for a more granular look at individual devices and their associated risks.
Before XDR, I could spend hours trying to track down the issue behind an alert. Now, everything is at my fingertips within Trend Vision One. I simply click on the link, and it gives me all the information I need: who the user is, the PC name, and relevant context depending on the alert type e.g., a suspicious email. So, instead of spending hours figuring out the source of the alert, I can now resolve it in just a couple of minutes.
With the managed XDR service, I have peace of mind knowing that if they find something suspicious, they will alert me immediately. They can even call me and say, "Hey, we found some unusual activity and stopped it. Do you want us to continue investigating or revert to the previous state?" I can then confidently say yes and trust that they are handling the situation effectively. I've received calls in the past late at night about suspicious activity, and I'm grateful that I don't have to be the one monitoring everything 24/7. Now, I have a team of experts who do it for me, providing a significant advantage over-relying on a single person. They only alert me when something serious arises, allowing me to focus on other matters.
The managed XDR service has freed up our team's time by eliminating the need for 24/7 on-call duty with Trend Vision One. This allows us to focus on other tasks instead of spending hours diagnosing potential issues. Now, we're able to resolve concerns in minutes, freeing up additional time for projects and other responsibilities.
While I find the Trend Vision One™ – Attack Surface Risk Management (ASRM) to be a valuable addition to the executive dashboard, I don't utilize the Attack Surface Discovery feature as frequently, maybe once a week. This is primarily because I rely on the XDR management system to monitor for potential threats and alert me to anything critical. Manually reviewing the detailed discovery overview doesn't add significant value at present, as I trust the XDR system to flag any urgent issues.
The Attack Surface Risk Management module helps to identify blind spots in our environment, especially where assets are highly exposed. It presents explainable CDZs and provides a rich asset score for each PC or device. This allows me to easily identify high-risk devices and investigate further. For example, when I saw a server with a suspicious file flagged as a 96 high-risk alert, I could investigate and find that it was an Excel file with a macro, explaining the risk. I can then determine if it's a false positive and communicate this appropriately. The module's continuous learning ensures improved accuracy over time.
Implementing the managed XDR has significantly reduced our time to detect and respond to threats. Previously, I received security alerts via email, which could be delayed. Additionally, I often needed to manually review logs and scan results, which was time-consuming and inefficient. Now, the managed XDR provides timely alerts directly in the platform, streamlining my workflow and keeping me informed promptly. This has saved me one to two hours per day.
Implementing a managed XDR solution has significantly reduced the number of false positives I encounter. This allows me to identify and address real issues much faster. Instead of spending 45 minutes tracking down potential threats, I can now simply click a link and determine if an alert is legitimate within three minutes.
We use playbooks that have certain rules and are set up to automatically take action when they find something suspicious. This way, I don't have to sit there and make judgment calls every single day. If a certain event occurs, or if we discover something unexpected, I can create a playbook to automatically start looking for it everywhere on the network.
WHAT IS MOST VALUABLE?
Trend Vision One - Cloud Security does not utilize a lot of resources which allows our users to keep working even during a scan.
WHAT NEEDS IMPROVEMENT?
The workbook insights generate a massive list, making it inconvenient to review. Ideally, we could easily filter or view items by selecting multiple lines and marking them as false positives. Unfortunately, the current process requires manually clicking on each item, opening Trend, and then closing it again.
FOR HOW LONG HAVE I USED THE SOLUTION?
I have been using Trend Vision One - Cloud Security for almost three years.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
We have had minimal downtime and it was always corrected quickly.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
We are an organization of 900 users and I have seen organizations with tens of thousands of users. If we want to add users we just need to add credits and it automatically installs and starts reporting.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
We have a dedicated technical account manager assigned to us. I have contacted technical support on two occasions - once for an outage and another time for device cleanup of some old, unused assets that we needed to remove. They responded to me promptly on the same day and resolved the issue the following day.
HOW WOULD YOU RATE CUSTOMER SERVICE AND SUPPORT?
Positive
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
Before adopting Trend Vision One - Cloud Security, we relied on Kaspersky for endpoint protection. Unfortunately, within the first three months of deployment, we experienced three security incidents. Consequently, we transitioned to OfficeScan, followed by Apex One, and ultimately migrated to Trend Vision One for enhanced protection.
We participate in a VIP program that grants us monthly meetings with Trend, where we provide feedback and receive previews of upcoming features and products.
HOW WAS THE INITIAL SETUP?
Trend provided us with a dedicated support person to assist with the initial deployment, which was smooth due to my prior familiarity with their platform. They walked us through the process, outlining the best practices. On our end, we had a team of three, including a sales representative, an engineer, and one other individual, to deploy Trend Vision One - Cloud Security on 900 machines. We implemented the deployment via our group policy, utilizing a simple click-through link for all users.
WHAT WAS OUR ROI?
The number of staff and time saved by using the managed XDR pays for itself and we saw these savings right away.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
One year ago, Trend transitioned to a credit system for licensing, which has confused users. While each user receives a set number of credits initially, adding more credits becomes complex. Previously, purchasing a license based on user count was much simpler. Now, even mid-contract, if Trend increases the cost of a product, they also raise the required number of credits until the year's end, further compounding the confusion.
WHAT OTHER ADVICE DO I HAVE?
I would rate Trend Vision One - Cloud Security ten out of ten.
No maintenance is required from our end because it automatically updates to the latest version. The only maintenance that we would ever have to do is if a manual patch is required on a device.
Organizations can avoid alert fatigue by filtering their managed XDR solution to only display suspicious activity, allowing the rest of the traffic to flow through unhindered. Additionally, ensuring all patches are applied before running scans can significantly reduce false positives and alert noise. We learned this the hard way, initially receiving 50-100 email alerts daily. By implementing these changes, we've successfully minimized alerts to a maximum of two per day.
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
Private Cloud
IF PUBLIC CLOUD, PRIVATE CLOUD, OR HYBRID CLOUD, WHICH CLOUD PROVIDER DO YOU USE?
Other
Join 500K+ Global Customers
Get started with Trend today