Government
Trend Vision One identified and neutralized malicious activities for this government organization
Matthew Guzzi
Information Systems Administrator at a government with 10,001+ employees
WHAT IS OUR PRIMARY USE CASE?
We utilize Trend Vision One™ to identify and neutralize malicious activities on our network. This comprehensive security solution extends beyond traditional antivirus software, which relies on pattern matching, by actively monitoring endpoint behavior for anomalies and deviations from established norms.
In 2020, we transitioned to remote work like many other companies. During this transition, we conducted an internal Trend Micro office scan, which revealed that many of our users' devices were out of date due to their inability to connect to the VPN for extended periods. This prompted us to switch to Trend Micro Apex One™ later that year. As part of the Trend Micro Apex One implementation, we were given a complimentary trial of Trend Vision One. During this trial, we received an alert that demonstrated the product's effectiveness, leading us to purchase a subscription. Trend Vision One has been an excellent addition to our security arsenal. Trend Micro continuously adds new features and updates, making it an ever-evolving and valuable tool. The product's capabilities, functionality, and incident response capabilities have improved significantly over the past several years. We can set up playbooks to automate our response to specific incidents, which is a tremendous asset. Trend Vision One is an outstanding security solution.
We are a state government agency that is subject to oversight by the state. Trend Vision One has detected attempted attacks that the state SOC has missed, enabling us to swiftly halt these attacks and address the vulnerabilities before they escalate into more widespread problems.
HOW HAS IT HELPED MY ORGANIZATION?
We are a state government agency that is subject to oversight by the state. Trend Vision One has detected attempted attacks that the state SOC has missed, enabling us to swiftly halt these attacks and address the vulnerabilities before they escalate into more widespread problems.
The integrations have been great. There have been a couple of issues, but overall they've been very helpful. Trend Vision One recently added the ability to connect to our on-premises AD. This was a sticking point for us for a year or so because we didn't have Azure. So we were stuck in a situation where we couldn't tie Trend Vision One to our AD. But since they added the onpremises integration, it's been easy to set up.
Trend Vision One has saved us ten percent of our time. It has eliminated the need for us to rebuild machines. It has helped us even more than that because the few times we have had a threat, it has stopped it in its tracks. This has prevented the threat from spreading and compromising multiple machines. Without Trend Vision One, we would have had to investigate the threat, which would have taken time and resources. Additionally, we would have had to rebuild the compromised machines, which would have taken them offline and impacted our users. In some cases, a widespread outbreak could have occurred, causing even more disruption.
WHAT IS MOST VALUABLE?
The dashboard provides great visibility into our risk profile. We receive a daily email report that outlines our risk score and identifies the machines with the highest risk. This information is based on usage patterns, vulnerabilities, and non-compliance issues. This helps us prioritize which machines require patching or further investigation.
Drilling down further, we can analyze how our users are utilizing their workstations, including the websites they visit. While we don't track specific website URLs, we can categorize website types and identify any potentially risky or inappropriate usage patterns. This allows us to proactively address any potential security concerns.
For instance, we identified a user who was using ChatGPT for work-related tasks. This flagged our system, and we were able to discuss the user's usage of ChatGPT to gain a better understanding of how our users are working and identify any areas that require additional attention.
The dashboard provides great visibility into our risk profile. We receive a daily email report that outlines our risk score and identifies the machines with the highest risk. This information is based on usage patterns, vulnerabilities, and non-compliance issues.
WHAT NEEDS IMPROVEMENT?
Trend Vision One offers training sessions every few weeks or every month to showcase new features. However, the product's rapid development and the introduction of numerous new features make it challenging to keep track of the evolving interface and maintain a consistent understanding of its usability. While the continuous addition of features is commendable, the sheer volume of changes makes it difficult to stay abreast of the latest developments.
FOR HOW LONG HAVE I USED THE SOLUTION?
I have been using Trend Vision One for two years.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
Trend Vision One has proven to be extremely stable in our environment. We have deployed the Trend Micro client across all workstations. Additionally, we utilize a tool for vulnerability scanning, one for application whitelisting, and FireEye, as mandated by state regulations. These security solutions coexist harmoniously, causing no compatibility issues. We have also implemented laptop encryption and other security measures to further enhance protection. Throughout our experience, Trend Micro has not caused any conflicts with Microsoft or our other security tools.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
Trend Vision One is scalable. We can add another 150 machines with no problems.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
The technical support is excellent. We experienced what we initially thought was a technical issue, but it turned out to be a state update that triggered alerts across all of our machines. I contacted the support team and our sales representative. Within an hour, the incident response team was on the phone with me, examining the file hashes of the updated DLL to determine the cause of the issue. They quickly identified that the update was not malicious. Their promptness and thoroughness were outstanding. The incident was resolved within three hours of receiving the alerts.
HOW WOULD YOU RATE CUSTOMER SERVICE AND SUPPORT?
Positive.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
We lacked an XDR tool. Instead, we relied on FireEye, which offers similar capabilities, but it doesn't provide us with the same level of visibility as Trend Vision One. Trend Vision One has consistently detected threats that FireEye missed. While we were mandated to use FireEye by state regulations, we sought a more robust solution that could effectively identify anomalies and patterns. Trend Vision One's utilization of the MITRE ATT&CK framework has been particularly advantageous. We've found great value in Trend Vision One's comprehensive feature set, particularly its well-designed playbooks.
HOW WAS THE INITIAL SETUP?
The initial deployment was straightforward. I was able to deploy Trend Vision One with the vendor's assistance within one week.
WHAT ABOUT THE IMPLEMENTATION TEAM?
The vendor guided us through the implementation process and continues to conduct periodic check-ins to verify that everything continues to function effectively in accordance with industry best practices.
WHAT WAS OUR ROI?
Our return on investment does not stem from direct cost savings but from the fact that Trend Vision One has mitigated issues before they escalated into larger problems. This has saved us time, which is a valuable asset.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
The pricing for Trend Vision One is reasonable. I am not sure of the exact amount we pay, but it is not excessively expensive.
WHAT OTHER ADVICE DO I HAVE?
I would give Trend Vision One a perfect score of ten out of ten. It is undoubtedly the best product in the market today. While I appreciate CrowdStrike and its offerings, I believe Trend Vision One stands out as the leader. In my opinion, these two products are the clear frontrunners in the XDR space at this moment.
Trend Vision One is deployed at a single location. We have approximately 50 endpoints. Most of our devices are laptops because we have a large number of employees who travel frequently.
Trend Vision One is maintenance-free, which is convenient because patching is handled seamlessly from the backend in the cloud. Trend Micro proactively notifies users about upcoming patching schedules and provides detailed information about the patches, new features, and updates. The patching process is managed entirely by Trend Micro, eliminating the need for user intervention. A client installed on the machines receives updates from the cloud server, ensuring that all devices remain protected and up-to-date without any manual effort.
I highly recommend Trend Vision One. Contact Trend Micro and they'll be happy to schedule a demo. I suggest installing the demo, testing it out, and seeing if it's a good fit for the organization's needs before purchasing. Trend Vision One is worthwhile.
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
Public Cloud.
Join 500K+ Global Customers
Get started with Trend today