Trend Vision One review
Since the late Eighties, the name 'Trend Micro' has been virtually synonymous with cybersecurity. The Tokyo-based giant is world renowned for its software security solutions.
Trend Vision One debuted in 2021. It's touted as an XDR (Extended Detection and Response) platform to allow customers to detect and respond to threats from a single console.
Have the Titans of Trend Micro created the best endpoint protection software? Read on to find out more.
Trend Vision One: Plans and pricing
Trend Vision One offers 28 free credits as part of a 30-day trial to test drive their platform. There's no pricing page on the main website but the helpful FAQ pages pointed us to a helpful YouTube video, which explained that these credits are the common subscription licensing unit for Trend Micro Vision One.
On the plus side this means there's no need to activate and setup individual licenses for different products. On the flip side different sensor types such as endpoint and e-mail as well as differing applications use differing amounts of credits. For instance, a mobile app uses 5 credits per device whereas a sandbox analysis app uses 50 per submission.
You'd think given this new pricing model Trend Micro's main site would list exactly how much a credit costs. Sadly we came away empty handed, though we did find credits going for $1.05 each on Amazon Web Services Marketplace.
Trend Micro describe this new pricing model as 'innovative'. The bottom line though is it's not clear how much deploying standard endpoint protection with Trend Vision One will cost on average.
Trend Vision One: Setup
As we mentioned, Trend Micro offer a free trial with 28 credits for interested parties. Users are asked to fill in their details on the sign up page and wait for an e-mail. This e-mail contains a link where users must register their business with Trend Micro once again and set a password.
You are then logged in to the main console. The main dashboard contains a huge array of features, so we were grateful to see an introductory wizard which talked us through areas like the 'Workbench' and 'Operations Dashboard'.
Naturally we were keen to download an agent installer for our test machine but when we tried to do so, found we'd acted too quickly. First users must create an 'Endpoint Group Manager' for their particular instance.
Once we'd done this, the Standard 'BaseCamp' Agent download began automatically as a ZIP archive, which we were then able to extract. This opened the Windows console, which warned us not to close as installation might take "a few minutes" (in this case four).
After restarting the computer, the Agent was up and running.
Trend Vision One: Features
As we discussed earlier, during initial setup Trend Micro provides a guided introduction into all that Vision One has to offer.
Amongst these is the ability to integrate security layers and third party products. There's a dedicated Service Gateway to act as a relay between Trend Vision One and other products. There's also a specific API Integration Center as well as a third-party integration app.
Before going any further, it's worth adding that much of Trend Vision One's features can be extended by adding various apps and presumably expending more credits. The advantage here presumably is that you only pay for those apps you actually need for your organization.
Trend Vision One wouldn't be much of an XDR platform if it couldn't help managers to assess cloud security risks relating to individual users and devices. The 'Operations Dashboard' is the app chiefly responsible for quickly assessing risks such as user and device vulnerabilities. It even delivers a helpful 'risk index', though we found this was unaffected by detection of a fake virus on our test machine. (See below).
The 'Security Assessment' app is useful for executing quick scans on remote mailboxes, endpoints and other products. 'Container Security' offers similar functionality for scanning container image.
The 'Workbench' app displays alerts in response to threats. As we discovered during our tests it can also send you a helpful automatic e-mail when a risk is discovered.
The 'Targeted Attack Detection' app lives up to its name, using threat intelligence from the Trend Micro Smart Protection Network to identify early indicators of attacks.
The 'Intelligence Reports' app curates all threat data, including those from third party sources.
Trend Vision One: Interface
As readers have seen, the number of features and integrated apps available through Trend Vision One is simply colossal. It would be overwhelming but for the intuitiveness of the cloud console.
By default users can navigate icons in the left pane. Hovering the mouse over a category automatically opens up a headed sub-menu e.g. 'Threat Intelligence'. You can also expand the pane to list the wording for specific categories.
The 'Platform Directory' at the very top is likely to be a manager's best friend when getting started, as it provides links to all platform capabilities, grouped into separate sections.
Upon entering each section for the first time, a mini tutorial launches explaining the function of each section of the page. You can choose 'exit tutorial' at any time but recommend that users play along as the options can seem overwhelming at first.
Trend Vision One: Performance
One notable feature of Trend Vision One that impressed us is that it does allow you to run simulated attacks on endpoints. On launching the 'Workbench' app we were offered a demo script to install on our Endpoint that would attempt to steal users' login details from the Windows Registry.
We ultimately felt it was fairer to run our own standard tests to see how Trend Vision One compared to other platforms but were delighted to see Trend Micro allow you to simulate a real world attack to measure your organization's threat preparedness.
After installing the Endpoint Agent software provided by Trend Vision One, we opened Microsoft Edge on our test machine and attempted to download our test computer virus, provided by the good people of EICAR.
Although Microsoft Edge did throw up an alert when we tried to download the file directly, we didn't see a similar reaction from the agent, despite 'Real Time Scan' being enabled. It was a different story however when we downloaded the virus inside a ZIP file. The agent proactively detected and quarantined the file almost immediately.
We then logged into the Trend Vision One console to check if the detected malware had been reported. We checked the 'Security Dashboard' and generated a report for the Endpoints in CSV format but no mention of the virus was found. Next, we checked the 'Executive Dashboard', which still rated our risk index as zero and reported no threats.
A short while later, however we did receive an e-mail alert from Trend Micro alerting us to the detection and providing a link to view details in the aforementioned 'Workbench' app.
As this was our first alert, there was a helpful mini tutorial explaining each aspect. We were especially impressed to see it was possible to collect a copy of the virus file for analysis.
Trend Vision One: Final verdict
Trend Vision One strikes us as the last word in Endpoint Protection, as well as XDR. There are a glittering array of security apps each capable of scanning for and detecting different types of threats.
These can be a little tricky to navigate at first but Trend Micro have done their best to make the experience as intuitive as they can. (This said, we would have expected to see a virus alert appearing in the 'Security Dashboard' as well as the 'Workbench' app).
The ability to expand Trend Vision One's functions further through apps, as well as its integration with third party programs also makes it difficult to imagine a threat it couldn't detect and prevent.
The only major area where Trend Micro seem to let users down is the pricing model. After running our tests to detect a single virus on one endpoint, we found we still had all 28 credits left of our free trial. Still, it's hard to know exactly which apps will use how many credits, nor if the price of credits remain the same.
This, combined with the Swiss Army knife of features means we think Trend Vision One is best suited for medium to large organizations who have the resources to master the interface and pay for the apps they need.
0 comments:
Post a Comment