2020-10-19T09:33:40Z

What needs improvement with Trend Micro XDR?

Miriam Tover - PeerSpot reviewer
  • 0
  • 18
PeerSpot user
30

30 Answers

Rob Rice - PeerSpot reviewer
Real User
Top 20
2024-02-15T09:25:00Z
Feb 15, 2024

Playbooks are very good, but on the automation side, they could always improve. Having more variables within the playbook would be useful. It would allow us to have more refined playbooks for the business. It would allow us to take stronger action through a playbook. It will give us confidence to target a particular area of business where our risk tolerance might be higher or lower. We would like to have more granular playbooks. Further integrations with other products are always beneficial.

Search for a product comparison
Jasneet Singh - PeerSpot reviewer
Real User
Top 10
2024-02-15T08:35:00Z
Feb 15, 2024

Reporting could be a little bit better. They are working on it, and it is getting better. They have different development teams working on this product. Like any bigger organization, they have so many people working and fixing the product, and they have their own development routines and cycles and understanding of the code. It has gotten a lot better, but it has a long way to go. Recently, there were a couple of more reports. What I like is that they listen to the feedback. If we tell them that we need this reporting, they go back and do something about it. It does not get lost in emails or meetings.

Julio Velasco - PeerSpot reviewer
Real User
Top 20
2024-01-31T15:17:00Z
Jan 31, 2024

It is very expensive.

SS
Real User
Top 20
2024-01-03T08:24:00Z
Jan 3, 2024

The information captured by Trend Vision One needs to be more detailed.

Hassam-Uddin - PeerSpot reviewer
Real User
Top 10
2024-01-02T11:35:00Z
Jan 2, 2024

The automation capabilities on-premises could be improved, as we currently have to manually activate servers and push policies. I would like the uninstall process of agents to require two-step verification.

MH
Real User
Top 5Leaderboard
2023-12-11T12:10:00Z
Dec 11, 2023

It took some time to realize the benefits, as we had some issues with support. It took us three to four months to realize its benefits. The support should be improved. We'd like to see deception features in the next release. It would help us to reduce false positive alerts.

Learn what your peers think about Trend Vision One. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Julio CĂ©sar Quezada - PeerSpot reviewer
Real User
Top 20
2023-11-07T20:38:07Z
Nov 7, 2023

The login system could be improved. We must pass two different dashboards to log in to the solution. We have a second-factor authentication. We need to check the platform, which delays three or four minutes because of logging, checking email, and returning to the platform. If you multiply the entire team, we lose a lot of time daily.

Bruno De Amorim Campos - PeerSpot reviewer
Real User
Top 10
2023-10-31T19:39:00Z
Oct 31, 2023

The web viewer could be improved. I've had some issues with it in the past. The zero trust is a bit complicated compared to other parts of the solution. Mostly, I don't have any issues with XDR.

OS
Real User
Top 20
2023-10-30T15:49:00Z
Oct 30, 2023

I would like to have the capability to export the information we receive from the XDR into Microsoft Excel.

VG
Consultant
Top 20
2023-10-17T17:20:00Z
Oct 17, 2023

Sometimes, there are some false positives. For example, once a user had a file in their system named recovery.txt. The solution was flagging that as a ransom note, so we were confused. It isn't that serious, but it should be improved. Also, XDR should improve its coverage of the latest IOCs. Their suspicious object management works, but the coverage should be improved. It will take one or two months to get those things covered. XDR will detect on a behavioral basis, but these databases will not get updated daily like some other solutions. If you're dealing with new ransomware or malware, it may take around a month before it's covered by Trend Micro.

AM
Real User
Top 10
2023-10-03T11:56:00Z
Oct 3, 2023

The centralized dashboard has room for improvement.

SS
Real User
Top 10
2023-09-29T12:02:00Z
Sep 29, 2023

I've seen a lot of improvement in just the year that we've been with Trend Micro. However, I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important. When we look at the speed and sophistication of attacks today, such as ransomware, malware, and cyber threats, we need tools and technologies that can react faster. So, I think integration with automation, orchestration, and artificial intelligence will help tremendously.

VZ
Real User
Top 20
2023-09-28T16:48:00Z
Sep 28, 2023

We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side. The API we use. We are integrating that with another product, a SOAR product. The playbooks are a little bit limited in what they can do at this point. Let's say that we want to connect on a specific API. The templates we cannot modify very well. When we noticed that limitation, we decided to go and use Trend Micro VisionOne API and connect it to other tools to develop that activity using another product. Under attack surface management, when you go to the specific sites or applications that the users are accessing, the capability of downloading that report could be better. Let's say, as an example, we want to identify users using chatGPT, for example. We want to download that data through an API or through the GUI. Right now, it's not available as an option. Maybe having the capability of extracting data from VisionOne for specific areas of the tool could work. That's something that could be useful, especially if we want to generate that report and send it to specific teams. Often, we don't want to provide DX to all the people. Sometimes it's easier to just have that file and share that file with the people who need to have that information.

ZG
Real User
Top 5
2023-07-25T13:33:00Z
Jul 25, 2023

I would like to have more integration with mobile device management.

ElvisHenriquez - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-04-12T13:56:32Z
Apr 12, 2023

The integration with third-party tools and with on-premises Active Directory needs improvement.

JB
Real User
Top 20
2023-04-06T12:46:05Z
Apr 6, 2023

There are certain items that are blocked, and another component is not working properly so the blocking does not happen correctly. They have a DLP module in Tredn Moicros and they need to enhance its capabilities.

SR
Real User
Top 20
2023-03-11T12:46:39Z
Mar 11, 2023

The solution is issue-free. There are no missing features. The solution only supports Windows and Mac. It would be helpful if it could support other OS, such as Linux. We'd like to have more application and data loss features in the future.

MV
Real User
Top 10
2023-02-21T11:26:16Z
Feb 21, 2023

For me, so far, the product is fine. I haven't had any issues. I haven't used it for that long and therefore haven't come across any problems. The solution could always be made to be more secure.

SJ
Real User
Top 10
2022-12-07T11:35:30Z
Dec 7, 2022

For some time, if you were installing this XDR solution, there is a Sensor. Sometimes we need backend support for some scripting parts. They're applying it from the backend for us. Therefore, there's a dependency on the backend from that point of view. I don't like that feature. The option for deploying the scripts should be available on the platform itself, so there is no need to raise the case with the backend team. We'd like to see some security playbooks. Currently, Auto-Remediation is not there. Only Manual-Remediation is there. We have to create a Security Playbook. However, they are just planning to add the Auto-Remediation part. They are just also planning on adding the Security Playbooks as a complete feature. In the preview mode, it is available; however, it is not released.

AB
Real User
Top 20
2022-11-09T11:51:21Z
Nov 9, 2022

We'd like to see a few more integrations. Specifically, we'd like to see more IOC integration tools. We haven't implemented the automation piece just yet; however, we will go through that soon. We just need more time to see how it all works.

Wisnu Nursahid - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-07-05T10:40:00Z
Jul 5, 2022

Trend Micro doesn't have the next-generation firewall. They have the IPS TippingPoint, however, interms of the next generation firewall, Trend Micro doesn't have this as a part of their solution.

ShashankBorude - PeerSpot reviewer
Real User
Top 10
2022-06-30T08:33:00Z
Jun 30, 2022

Results were delayed. We had all the logs in our hands. We were pretty quick in giving out the results and coming up with a conclusion. Trend Micro was pretty delayed on that front, however. Their turnaround time or the response to their MDR services was slow. While doing POC, we did MDR as well. They could improve the response time on that. That was my view back then, as it used to take a lot of time to get that case generated, get that case analyzed. In the end, we were more interested in the responses from the actual human analysts. Instead of having a machine-generated thing, we were banking on understanding how an incident is treated and how a response is being given. For us, for example, we were able to do our analysis and come to the same conclusion maybe four or five hours before we received Trend Micro's report. Almost all the results were identical. There was one feature called Sandbox that I wanted to try on, however, at that time, they had not released it yet. Since last August, I have been working with another organization, so I am not sure how Trend Micro has developed within the last ten months. I was never able to test the live response feature, wherein I could take access, remote access of the infected system, and send some commands to kill the processes, or maybe to grab the artifacts, to triage the artifact. By the time it came online, I was moving to another organization. We'd like a bit of freedom or flexibility on the portal. If I'm the end-user, and I see something bad which might not be bad from Trend Micro's perspective, however, for my organization, was an abnormal activity. Executing things via PsExec might be something that is normal for some organizations, however, for my organization, it is a highly suspicious thing. If I want to investigate that, having the flexibility for me to investigate it in a deeper sense would be ideal. That was something that was not possible at that time. I don't know if they have given more freedom to Trend Micro admins. We'd love more flexibility in terms of implementing some of the configurations, estate-wise. That is something that I would have loved to see in Trend Micro.

NK
Real User
Top 5Leaderboard
2022-06-23T13:13:00Z
Jun 23, 2022

A room for improvement in Trend Micro XDR is more visibility into the alerts. We do get alerts from the solution, but when we are away, we need to have more visibility. An additional feature we'd like to see in the next release of Trend Micro XDR is reporting, particularly RCA reports because those will help us a lot. Right now, we need to log into the portal to drill down the RCA. For example, when an alert comes in, it will be blocked immediately by Trend Micro XDR. We get the message "This has been blocked", but when we want to drill down in terms of where it started, we need to log into the server, do the RCA, and drill down on it. While doing the RCA and drilling down on it, it would be good if we could get a report directly from Trend Micro XDR because that report could help us.

AJ
Real User
Top 5
2022-05-25T20:09:00Z
May 25, 2022

The Endpoint Basecamp we are installing to every system is not recognized. It is important to know what feature needs to be enabled. The printer driver is automatically disabled, which is creating some concerns for us. The agent system is very slow, it needs to improve its performance.

Nadeem Syed - PeerSpot reviewer
Reseller
Top 5Leaderboard
2022-04-25T09:34:28Z
Apr 25, 2022

It would be better if it were more user-friendly. It would also be better if the implementation were more straightforward.

HF
MSP
2022-03-02T12:01:27Z
Mar 2, 2022

In new versions I would like to see better implementation of the reporting features, especially in regards to EDR visibility. However, Trend Micro XDR has only been around for a year or so, so I know it's still being developed and I think it will get more mature given time.

AD
Real User
2021-11-03T13:54:00Z
Nov 3, 2021

The product needs to have a lot more maturity, and they need to improve the overall technical support framework for getting the value out of XDR. They need to improve their overall market presence and make sure they are bringing value for the company that is spending money on them. From the business side, there are a lot of areas for improvement, like improving their business relationships. That will help them increase their customer presence as well.

CD
Real User
2021-10-13T07:47:03Z
Oct 13, 2021

There isn't a lot I'd do to change it. The web interface could be improved to sort of make it a little easier to manage multiple clients out of one location. It could also be made a bit easier to sort of manage the licensing side of it. In terms of additional features, probably the only thing would be a rollback function. They are actually working on it because they're halfway there with it.

BG
Real User
2021-09-18T02:41:56Z
Sep 18, 2021

It should integrate with more tools. There are a lot of tools that can do the PTP dump.

RS
Real User
2020-10-19T09:33:40Z
Oct 19, 2020

The reporting could be better. We've had some reporting issues in the past. It would be ideal if they could improve it and make it more robust. The solution lacks compatibility with other products. It needs to integrate better with other surrounding solutions.

Trend Vision One is a cloud-native security operations platform, serving cloud, hybrid, and on-premises environments. It combines ASM and XDR in a single console to effectively manage cyber risk across your organization. The platform provides powerful risk insights, earlier threat detection, and automated risk and threat response options. Utilize the platform’s predictive machine learning and advanced security analytics for a broader perspective and advanced context. Trend Vision One...
Download Trend Vision One ReportRead more