Xsolis
Trend Micro reduced the time spent investigating false positives by 75 percent.
Andrew Adams
Cloud Security Engineer at Xsolis, LLC
WHAT IS OUR PRIMARY USE CASE?
“We use Trend Vision One - Cloud Security for our cloud security, but we especially love it because we're multi-cloud. We want a single solution that can help us protect, inspect, and gain information about all of our cloud assets, regardless of whether they're in Microsoft Online, Office 365, Azure, or AWS, where we have most of our workload.
We also love that Trend Vision One - Cloud Security is not just an endpoint solution or a DevSecOps add-on. It also has a source code repository, which allows us to put things in our DevOps pipeline to protect them. Additionally, we can use Cloud Conformity, which is part of Trend Vision One - Cloud Security, to monitor our posture management.
This means that Trend Vision One - Cloud Security is not just a reactive solution that runs software on virtual machines or in containers. It can stop problems in the development process before they even happen, even if the code is still on someone's machine or in the pipeline or repository. This helps us protect ourselves in a way that many other solutions cannot.
Before implementing Trend Vision One - Cloud Security, we were facing all sorts of unknown threats, including third-party vulnerabilities and misconfigurations. We need to protect ourselves from bad actors, but that's only half of it. We also have to protect our infrastructure from ourselves. No one on our team is going to intentionally do anything malicious, but they can make mistakes. And I can't monitor every piece of code or infrastructure that my team writes or has. I need a solution that can monitor our infrastructure continuously and notify us of any misconfigurations or mistakes so that we can fix them before they become major problems.
We deployed Trend Vision One - Cloud Security 100 percent on the cloud and we use AWS and Azure.”
Migrating to the Trend Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file.
HOW HAS IT HELPED MY ORGANIZATION?
Trend Vision One gives us more insight. When we implemented the solution, we didn't have a mature security platform, so we couldn't see what was happening on our servers or what our users were doing. It has decreased our time to detect and respond. Initially, we didn't have as much insight into any attacks that came through.
It gives us more data points to work with and guidance about the remediation efforts. We aren't dealing with eight or nine different systems to identify one issue. It's all centrally located in one place.
Trend Micro™ Managed XDR acts as our security operations center. It helps us sleep a little better at night. We know that they can call us on the phone when a significant alert comes in after hours. It makes things more efficient because we know there's someone on the other side who can look at alerts for us and at least do the preliminary analysis if anything comes in.
Multiple teams are notified when an alert comes in. We can allocate security resources more efficiently and plug more data sources into the Trend Vision One platform. We don't need to dedicate personnel to continuously monitor the dashboard because we know someone is looking at it with us.
The platform has allowed us to identify blind spots and see where there are holes in our network. It suggests remediation steps in many cases. There is typically a link in the documentation. That has been a significant benefit because it tells you what to do. For example, it might suggest running a command in the terminal to identify the issues or take x output and put it into y input.
The solution reduces the time spent investigating false positives by around 65 to 75 percent. For example, when we are pushing out custom code, the workbench tells us the risk level. If it's 70 or higher, we check it out. At 69 or lower, it could be a false positive, so it might require some poking around. It gives us enough data in the alerts that anyone who knows the system could say, "Oh, that was me. I was running patches," instead of checking nine different systems to identify what triggered the alert. It's all there in the alert, including the hashes, commands, impacted web files, etc. We can instantly dismiss it as a false positive and flag it as resolved.
Trend Vision One's playbooks help us save time but I can't say how much because we're still maturing those. For instance, we know what those patching commands look like, so we're working on a playbook to automatically ignore or close those false positive alerts as they come in. We're still trying to fine-tune those playbooks.
WHAT IS MOST VALUABLE?
I like Trend Vision One's observed attack techniques feature. It lets you see what an attacker is doing, how they have tried to exploit a machine, or how malicious code is operating. It helps us discover indicators of compromise so we can write better rules for detection.
Migrating to the Trend Vision One platform helped us because we no longer need to look at eight different screens to find data. It's all just consolidated into one location. Having everything in one place is critical. I've been in the industry for almost a decade now, and it's a struggle to find that single pane of glass for all my alerts, logs, and anomalies like random users clicking on a link or downloading a file. It's nice to have it all in one location. Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.
The executive dashboard is nice. It's consolidating all of the tools into the Trend Vision One platform, giving you a high-level overview. Executives love dashboards and pretty colors. The ability to drill down into XDR detection from the executive dashboard his handy. I don't have to go fishing. We get an alert that says a machine did X, and I can fire it up. It's on the dashboard, so I can click on that machine, and it lets me drill down into the logs. It cuts down on the time required to do any kind of forensic analysis on anomalous alerts or behavior.
The Risk Index gives you an overview of the risk and how it compares with others in your industry. It's nice to be able to quantify the risk, and it enables you to justify the spending on these tools to your executives by showing that it pays off. Also, if we start plugging in more data points and the risk score goes up, we can conclude that there are some issues with the new data source that we just hooked up to our platform. The goal is to have a risk level of zero, but that will be hard to achieve.
Having centralized visibility saves the time we would spend checking various systems to look for things. I can also correlate data points more effectively and make data-driven decisions about the remediation and mitigation of any internal or external threats discovered.
WHAT NEEDS IMPROVEMENT?
We've received some mild complaints that the documentation is sometimes not up to date.
FOR HOW LONG HAVE I USED THE SOLUTION?
I used Trend Vision One at my last job, and I brought them on board when I joined this company, so I have been using the platform for about two years.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
I haven't had any issues with stability.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
We run several different AWS accounts, and Trend Vision One keeps up pretty well. I haven't noticed any downtime, lagging, or crashes.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
They were using something else, but my team wasn't in charge of it. Trend Vision One offers a more mature platform. I had used it at my previous job. My boss brought it in because we had both worked with Trend Micro in the past. We know the platform and the engineers.
HOW WAS THE INITIAL SETUP?
Deploying Trend Vision One was relatively straightforward. We were on the legacy platform. They had written a script, so all you had to do was hit the play button. We recently moved to their all-in-one Trend Vision One platform, which was super simple. The deployment team included two on our side and two on the Trend Micro side. Their engineers hopped on a call and walked us through the process. The setup process primarily entails deploying the agents globally.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
Trend Micro's licensing is fair.
WHAT OTHER ADVICE DO I HAVE?
I rate Trend Micro nine out of 10. This is a SaaS product, so you can do a trial period. If you like it, contact their sales people and try to develop a good relationship with the company.
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
Public Cloud.
Join 500K+ Global Customers
Get started with Trend today