Real Estate Company
Trend Vision One allowed this real estate firm to detect and respond 80 percent faster.
Dariusz Podleśny
Senior Security Manager at a real estate/law firm with 201-500 employees
WHAT IS OUR PRIMARY USE CASE?
It's a perfect tool for monitoring infrastructure, including endpoints, servers, and potential attacks via networks. That's especially true for internet-visible hosts, which we can monitor directly from the tool.
We had problems with users not using legitimate tools, such as pendrives. We needed to protect hosts from external threats and third-party actors. That included monitoring behavior, scanning our infrastructure, and exploitation of vulnerabilities.
Trend Vision One™ absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important. A 10 on a scale of one to 10.
HOW HAS IT HELPED MY ORGANIZATION?
The solution has enabled us to completely reorganize our work. I was the first person using this tool in our company, and I completely changed user behavior to become more restricted. In Poland, but also in the United States, we are very strict about abnormal usage of our tools or attempts to download tools that shouldn't be on desktops, laptops, or servers. From my point of view, we are now a completely different organization than when I joined it. Trend Micro is one of the most important security tools we have implemented.
We don't need to use an external vulnerability scanner because Trend Micro XDR has a module for that, and we can save that money. Trend Micro™ Managed XDR is quite nice because I can manage more than 2,000 endpoints. I use the playbooks with particular scenarios for incident management. It's a very nice tool. It competes with anyone on the market. Sometimes, when we detect some kind of threat and we have no idea how we should investigate, troubleshoot, or mitigate the risk, we use the managed service team with Trend Micro engineers. I'm very happy with this team. They are very good professionals.
We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins. We are able to detect and respond about 80 percent faster. It's not only the monitoring and alerting for classic signature threats; there is also a tool for monitoring user behavior. It would be utterly impossible to find abnormal user behavior without this type of tool.
And we have mitigated most of the false positives—more than 90 percent. About one out of 10 alerts may be a false positive. In the beginning, we had to learn about Trend Micro, what was a legitimate action and what was a suspicious or malicious action. We had to learn what the right approach was.
WHAT IS MOST VALUABLE?
This product is simple to use. Sometimes, especially when new features come out, I need to spend a little bit of time discovering how they work. But overall, it's simple. The interface is quite nice.
The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization. I can almost manage the infrastructure alone. We have minimized the need to expand our team. It also handles vulnerability management.
We use Trend Micro to cover endpoint protection and server protection. That's one of the key points for our company. And Trend Vision One absolutely gives us centralized visibility and management. Especially when we integrate it with Active Directory, we get full visibility of our endpoint and server infrastructure. That is very important. A 10 on a scale of one to 10.
We also use the solution's Executive Dashboards. We present the findings in steering committees periodically. Sometimes, there is a repetitive alert or event. Directly from this dashboard, I can see the groups of this type of event. For me, it's quite a nice tool for presenting the results to the C level and the whole company for those who are not technically experienced.
And especially because of the new European regulation called NIST 2, we are using the solution's Risk Index feature. We calculate our risk score and we can see how it is changing in the timeline. Is it growing? Is there a new vulnerability detected? We can also compare our risk score with organizations of the same size or in the same industry and see if we are better or worse.
We respond much faster thanks to the intelligence used by Trend Micro. They have very good knowledge because they have many threat sources. That is why we are reacting much faster than we would if we had to dig deeper without that knowledge and this tool. It would be absolutely impossible to manage this infrastructure by a single admin or even two security admins.
WHAT NEEDS IMPROVEMENT?
The area for improvement is mobile security. We have just finished a proof of concept for Zero Trust Secure Access. We withdrew from this PoC because it does not have that many points for proxy across Europe. Our organization is across Europe, and it will be nice when it is possible to have Trend Micro proxies across many more countries. At this time, they are only located in Germany and the UK. For us, it's not enough. We are waiting for them to increase the points of contact, and after that, we will return to this project.
From my experience, it was quite a nice tool, and I could manage almost all of the actions that I could not manage in a traditional way. Traditionally, I could allow or block usage of an application. But using the Zero Trust Secure Access tool, I could manage the schema of the usage. I will wait for this tool to change in the next few months.
FOR HOW LONG HAVE I USED THE SOLUTION?
I have been using Trend Micro XDR for almost 20 months.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
It's a stable product. We haven't detected any issues other than the false positives, but that's normal.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
We use it in multiple locations because our company is spread across Europe and Asia, as well as the United States and Canada. We have more than 2,000 users, and the solution covers 400 or 500 assets.
If our company were to increase over two to three months to 10,000 users, it would not be a problem. We have the ability to extend as we scale our users. It's very simple and absolutely flexible.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
Their technical support is nice. On a scale of one to 10, it's a 10. They respond fast using email, phone, and the customer service portal.
HOW WOULD YOU RATE CUSTOMER SERVICE AND SUPPORT?
Positive.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
I used competitors' tools, Secureworks, as well as Carbon Black. These are nice tools, but they are very heavy to implement and heavy on daily operations. Trend Micro is much better, much more flexible, and I have much more visibility. It is a cost- and time-saving tool.
HOW WAS THE INITIAL SETUP?
Our deployment is a hybrid. We have advanced our implementation a lot. The first implementation was only one of the features called OfficeScan. That was a few years ago, and the implementation was in the United States. After that, we moved forward with the implementation across servers and endpoints, including Mac and Microsoft endpoints.
The whole project took about three months, with the custom discovery and the fine tuning. We had two people involved, one in Europe and one in the US.
Sometimes, maintenance is required if there is a new feature. It needs to be restarted. But this function is done by Trend Micro engineers because we are using the XDR in the cloud. We don't touch it. There is maintenance on our side for Deep Discovery because that part is an onprem solution. But it's simple to manage.
WHAT OTHER ADVICE DO I HAVE?
They are implementing new tools, like Trend Micro Apex One™ and Trend Micro™ Deep Discovery™ Inspector. They are ready for implementation on the console, and we are waiting to transition to these tools.
For the new features, I prefer doing a proof of concept, like we did for the Zero Trust Secue Access platform. That was a good move because we saved time when it came to resolving issues on the user side. We had a few users in every department, and we tried to discover what would happen if we implemented this tool. That is my approach to being safe with such products. We can do things without any technical training and can disconnect users around the world using one switch. For new features, I'm a big fan of using a proof of concept.
Join 500K+ Global Customers
Get started with Trend today