Transportation Company
Trend Vision One is easy to set up with good support and great threat intelligence
IT Security Administrator at a transportation company with 1,001-5,000 employees
WHAT IS OUR PRIMARY USE CASE?
We use Trend Vision One to detect and respond to malware incidents. With endpoints (Trend Micro Apex One™/Cloud One Workload Security), network (Trend Micro™ Deep Discovery™ Inspector) and Office365 (Cloud Email and Collaboration Security).
The environment is complex, distributed in more than +100 locations. Some locations are just offices, some others are industrial facilities with ICS and SCADA. Besides Windows, we deal with a lot of operating systems, including Solaris on SPARC. And our users are diverse, with lots of employees roaming around the country.
With ASRM, we tackle important use cases around identity protection and risk management in general. Identification, prioritization, and remediation.
The most valuable feature is how the stack fully integrates all components of a solution.
HOW HAS IT HELPED MY ORGANIZATION?
The full stack of Trend Vision One has delivered what "SIEM 2.0" couldn't deliver. The capability to monitor threats and discover attack vectors before they are exploited and across all our workspace (on-prem, IaaS, PaaS and SaaS). We have invested well over a million into SIEM during the last decade. A full ArcSight upgrade and then a Splunk migration assisted with a large MSSP. Trend Vision One is still ahead at a fraction of the cost.
Going through a capable, single-vendor solution was necessary, given our small team. Choosing the best solutions for every task and building all the integrations was not an option.
Trend Vision One is much more than just EDR for us; it is a threat intelligence platform and a SOAR too. And even with the limited capabilities in this area, we find ways to tackle challenges our MSSP and SOC haven't been able to accomplish on a very large budget.
WHAT IS MOST VALUABLE?
I like everything. The most valuable feature is how the stack fully integrates all components of a solution. Then, integrations with third parties will be provided.
As an example, I am capable of sending a suspicious file directly to my Trend Micro™ Deep Discovery™ Analyzer appliance (a sandbox) while investigating a suspicious download/file interaction, and I can then quickly push the IOCs in the suspicious object lists to protect both managed endpoints, and the rest of the network too! Yes, you can push domains and IP addresses to Palo Alto through a Trend Service Gateway, ensuring you can protect even what cannot receive an endpoint. And all this without writing a single line of code. The ease of use and ease of deployment for use cases like this are my favourite features.
The ease of use and ease of deployment for use cases like this are my favourite features.
WHAT NEEDS IMPROVEMENT?
The SOAR features (Security Playbooks) are quite limited. At the moment, it is impossible to execute a simple piece of Python code that would pull or push something to an API, for example. While you can tackle some use cases, a SOAR from another vendor is still a must-have.
To assist with complex use case integrations, having all the data from the SIEM inside XDR would be great, too. That's where the market is moving with solutions like Falcon Logscale and Cortex XSIAM. Pivoting from XDR to Splunk or vice-versa can be time-consuming during incidents.
FOR HOW LONG HAVE I USED THE SOLUTION?
I was actually an early beta tester of the Trend Micro Apex One Endpoint Sensor before Trend Vision One appeared in 2021. That would be three solid years of using it.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
Quite reliable. In the last three years, only one incident created memory leaks on Windows Servers. We didn't see too much impact (fortunately) as a workaround could be quickly provided.
Support is quite responsive when something does work well. However, we do pay for Premium support.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
The scalability is really good.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
My experience is generally good, but I have had the chance to deal with premium support. I'd say I get the support I expect for the price that I pay.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
Although we have been dealing with other security vendors (McAfee, Symantec, Proofpoint, and more), Trend Vision One was really our first EDR.
HOW WAS THE INITIAL SETUP?
The initial setup was a breeze. It is realistically one of the strong points of the solution.
WHAT ABOUT THE IMPLEMENTATION TEAM?
We implemented the solution in-house. Although with premium support, you do get a lot of help from Trend if you ask for it. You'll be able to talk to actual experts.
WHAT WAS OUR ROI?
It is very hard to quantify an ROI on a security product. It doesn't generate revenues, and you can't quantify the cost of incidents that didn't happen.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
Product names are changing all the time. Lots of changes in the last three years. They introduced the concept of credits, too, which did not make anything easier.
It's also easy to underestimate the credits required with Cloud Email and Collaboration Security: people invited from third-party tenants will count.
The credit usage and allocation tool has been improving, at least.
WHICH OTHER SOLUTIONS DID I EVALUATE?
We had a look at Carbon Black and CrowdStrike Falcon.
WHAT OTHER ADVICE DO I HAVE?
It's probably the best solution for a small team that cannot absorb the complexity of a multivendor solution. The ability to execute VS the cost is surprisingly good.
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
Hybrid Cloud
Join 500K+ Global Customers
Get started with Trend today