Trend Micro Apex One review
Since the late Eighties, the name 'Trend Micro' has been virtually synonymous with cybersecurity.
The Tokyo-based giant is world renowned for its software security solutions. In fact, we recently reviewed the Trend Vision One XDR (Extended Detection and Response) platform and came away very favorably impressed. Indeed, in 2020 the company boasted a 10.5% market share of the endpoint security market - the highest of any organization.
Trend Micro Apex one is another of its creations, which the company claims offers endpoint security through automated threat detection, advanced encryption and application controls. Has Trend Micro really reached the apex of achievement with one of the best endpoint security software platforms? Read on to find out.
Trend Micro Apex one: Plans and pricing
Trend Micro offers a free 30-day trial of Apex One, with no payment information provided upfront. This is a relief, given that the 'Get Pricing' link on the main product page only leads to a contact form.
This is a shame as most organizations would no doubt like to gain a rough idea of pricing, as well as what payment plans are available e.g. monthly versus yearly. We were also relieved to see that there's no mention of the 'credits' pricing model used by Vision One whereby credits can be used to pay for licenses and deployment, though it's not made clear how much each one costs.
Our best and only advice for interested parties is to use the online contact form to contact Trend Micro's sales department and receive an exact quote for your needs.
Trend Micro Apex one: Features
One of the main advertised selling points for Apex One is its advanced threat detection. Key features include pre-execution and runtime machine learning. In other words, the platform should be able to detect and prevent malware even before it has a chance to launch.
Trend Micro also claims that the platform is able to detect more exotic types of attack such as "living off the land" and fileless exploits. It also uses safelisting to reduce the number of detected false positives.
The 'Security Agent' is available for Windows (both 32-Bit and 64-Bit versions) as well as macOS. These are the most common targets for malware but we would have liked to see support for mobile devices too. (In fairness Trend Micro do offer 'Mobile Security' as a separate product to protect Android and iOS devices).
On the plus side, the platform does support file, folder and full-disk encryption. You can manage Bitlocker and Filevault encryption keys as well as set strict policies for device control and data management.
Apex One's application control features allows users to set safelisting/blocklisting to prevent malware from gaining a foothold. It also supports creating dynamic policies based on application behavior.
Trend Micro also claims the cloud console shows real-time alerts for products, as well as new threats - we were able to confirm this during setup, as after login the console triggered an alert to check our endpoints for a recent exploit.
Trend Micro Apex one: Setup
On the plus side, registering a trial account with Trend Micro to try out Apex One is a breeze. You only need to enter your contact information to receive the custom link to the cloud console. This is a specially created subdomain unique to your organization.
On first login the console asks you to choose the geographic region for your data center, as well as the product language and time zone. You need to choose wisely here, as the language and time zone can't be changed later.
After registration we were treated to a spinning progress wheel stating that the console was "preparing for first time use". This took around 15 minutes to complete, at which point we received an email to say we could log in.
After we did this, we were pleased to see a comprehensive 'Quick Start Guide', with useful information on topics like Policy Management, not to mention some helpful video tutorials.
We chose 'Security Agent Download', then chose the correct OS for our Windows 11 test machine. Interestingly the installer is available both as a fully featured agent and one which can co-exist with other third-party security software.
Users are also offered the choice of a web installer (around 3MB) or a standalone installer (around 460MB).
We initially chose the web installer, only to be told that 'the managed server is generating the Security Agent installation package', which meant we had to try again later. Around 20 minutes after the agent was ready so we downloaded the web installer for 'EndpointBaseCamp'.
Upon launch the agent opened the console and informed us it was '40% actions completed'. It hung this way for around 20 minutes before prompting us to restart the endpoint device.
Upon reboot, we saw the agent icon in the system tray along with a notification that both 'Smart Scan' and 'Real Time Scan' were up and running.
Trend Micro Apex one: Interface
Trend Micro Apex Central dashboard is quite logically laid out. The main sections are listed along the top of the screen such as 'Dashboard' and users can hover over an option to open sub-menus. For instance, to go to the agent download page, you can move your mouse to 'Administration', then choose 'Security Agent Download'.
Some pages like the dashboard have sub-sections and you can actually add more pages containing only the information you want to see. We were impressed with the overview as is however, given it gives a summary of detected threats, broken down by threat type. (As the dashboard didn't report on the security alerts generated by the Trend Micro Agent, we weren't able to see this in action sadly).
While we're discussing the agent, we were impressed by the minimalist window which can be used to run scans, as well as quickly check which features are enabled. The icons along the bottom are clearly arranged allowing you to unlock the console, view logs and open settings.
Trend Micro Apex one: Performance
When reviewing endpoint security platforms, our first test is to try to download a fake computer virus, provided by the good people of EICAR. This virus is used specifically for testing purposes.
We opened the Microsoft Edge browser on our Windows 11 test machine and downloaded the fake virus in compressed (ZIP) format. Shortly after the file arrived in the downloads folder the Apex One agent triggered an alert to say the file had been quarantined. We were impressed that it was able to do this, as many EPPs (Endpoint Protection Platforms) we've reviewed only detect the threat once the file has been decompressed.
Curiously, when we logged into the Trend Micro Apex Central cloud, the main dashboard maintained that no threats had been detected.
Our next test was to try to copy a new, real trojan virus to the 'Downloads' folder on our test machine. We do this in order to check that an EPP can detect threats based on suspicious behavior, not just by analyzing file signatures.
Apex One didn't fare as well in this test: we copied the trojan virus onto the Downloads folder but saw no alerts from the agent. We double clicked to run the virus and it did, presumably infecting our test machine. As a last resort we ran an antivirus scan using the Trend Micro Security Agent. It completed but no threats were found. We tried to run a scan on the file specifically using the agent but on right-clicking we saw no option for this.
Trend Micro Apex one: Final verdict
To Trend Micro's credit, they've clearly gone to great lengths to put together an advanced console with a number of security features. The interface isn't quite as graphically heavy as others we've reviewed but is still fairly simple to navigate.
Setup was very slow - none of the other platforms we've reviewed took so long to set up the console, nor to prepare the security agent for download. In fairness these seem to be one-offs, so it may not be a major concern to users. We were also grateful for how quick and easy it is to register for a trial account as many platforms don't offer this.
We also had hit and miss results with threat detection. The 'test' virus was immediately detected and quarantined, even in ZIP format. However, the agent failed to detect the real virus we'd caught in the wild, even when we actually run it, then asked Trend Micro to run a system scan. This troubled us so much we decided to run a new test by downloading another, real virus. When we ran it, this time Apex One immediately detected it and quarantined the compromised processes and files. The web console still didn't report the infection but at least the threat was contained.
We encourage readers to take advantage of the Trend Micro Apex One free 30-day trial to run their own tests, in the hope you've a better setup and threat detection experience.
