Brainstorming_2 heads

When FireEye and McAfee Enterprise come together: Trellix

Estimated reading time: 3 minutes

Trellix is a combination of two companies, an endeavour that happened in 2021 when Symphony Technology Group (STG) combined FireEye with its McAfee enterprise business.

Before the formation of Trellix, each of these companies have had long illustrious careers involved in the detection and prevention major cyber attacks.

As a combined entity now, Trellix wants to bring security to life with an XDR (extended detection and response) ecosystem that learns and adapts to a living security platform.

Trellix’s Asia MD, Jonathan Tan stated, “Trellix is a brand new entity with a new focus. I think from the start of creation, we were looking to create something different and unique in the cybersecurity space.

“With the coming together of two industry giants, our goal is to actually offer a fresh approach to ensure organisations have security built into their DNA with advanced detection and response and remediation.”

Customers and the XDR mission

According to Jonathan, they have shared with their existing base of 40,000 customers in the region and across the globe, about what the integration ultimately means for them.

“Trellix would actually help them leapfrog in some of the cybersecurity measures and control points that they are trying to achieve on their own.”

The XDR mission is to approach threats with a defense-in-depth concept.  

“When one point solution is being circumvented, another solution takes over.  So, XDR, is a defense-in-depth platform that learns and adapts and looks at what and where the trends are, and how it’s moving.”

After gathering the threat intelligence from technology deployed on endpoints to networks to data centres to cloud, the next action would be to build a playbook.

Jonathan said, the combined expertise and knowledge of two companies that has helped organisations remediate a lot of their breaches, has also led to a playbook for security and operations.

“Our technology is able to automate using AI and machine learning, to guide security operations through a very process-oriented way to stop threats and remediate as well.”

Consolidating capabilities

iSight is a threat intelligence component that Trellix still retains from Mandiant that has been acquired by Google.

“Within McAfee enterprise, we have our equivalent of threat intelligence as well.

“No one organisation would say they have the widest and the best intelligence, so most responsible cybersecurity companies would actually not only rely on their own,” Jonathan said.

What they  would do is have a pool of researchers or analysts that research threats and APT (advanced persistent threat) groups to understand how they actually build their arsenal of cybertools and weapons.

Besides that, there would be the ingestion of data from over a billion sensors and endpoints that feed into a collective pool of threat intelligence subscribed from other sources.

In conclusion

XDR is very advanced detection capability, enabled by technology that is deployed from the endpoint right up the network. Trellix has an open architecture that integrates with other complementary technologies and provide the whole telemetry-based view of threats.

“That detection is very powerful. And next, you have the ability to respond and finally remediate. These are the three things that any XDR vendor will be able to achieve.

Now, Trellix lays claim to having the largest footprint of endpoints to protect.

“We are the only company that has the largest XDR platform and obviously 40,000 of our customers globally, rely on us to make this work for them today.”