Trellix logo
Trellix Introduction Video
Trellix Introduction

A living security platform with a pulse that is always learning and always adapting.

Gartner Magic Quadrant for Endpoint Protection Platforms
Gartner MQ (Endpoint)

Download the Magic Quadrant report, which evaluates the 19 vendors based on ability to execute and completeness of vision.

Gartner Marketplace Guide (XDR)
Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

Critical Flaws in Widely Used Building Access Control System
Critical Flaws in Widely Used Building Access Control System

At Hardwear.io 2022, Trellix researchers disclosed 8 zero-day vulnerabilities in HID Global Mercury access control panels, allowing them to remotely unlock and lock doors, modify and configure user accounts and subvert detection from management software.

Trellix Threat Labs Research Report: April 2022
Trellix Threat Labs Research Report: April 2022

Our report on the rise of cyberattacks in the fourth quarter and Ukraine in the start of the new year.

Trellix CEO
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

Trellix Introduction Video
Trellix Introduction

A living security platform with a pulse that is always learning and always adapting.

What Is Information Security Management and Operations?

The Information Technology Infrastructure Library (ITIL) defines information security management as the process that “aims to ensure the confidentiality, integrity and availability of an organization's information, data and IT services. ITIL Security Management usually forms part of an organizational approach to security management which has a wider scope than the IT Service Provider.”

Security management achieves its goal of aligning IT and business security by managing a defined level of security controls on the risks of information and IT services. These are achieved through a set of security policies.

Therefor if security management is the alignment of goals and objectives, security operations is defined by the ongoing implementation and execution of IT services and processes in a secure manner. Together, they form an essential framework to protect information assets of an organization.

Examples of common data security policies


Security policies typically look at the information assets from a lens of protecting confidentiality, integrity, and availability. Organizations that follow standards such as ISO 27001 generally should have policies that address the following information security management functions:

  • Access control
  • Asset management
  • Business continuity
  • Communications security
  • Compliance
  • Cryptography
  • Human resources security
  • Incident response
  • Operational security
  • Physical and environmental security
  • Supplier relationships

While the list above is not exhaustive, the idea is that a solid policy framework will address people, process, products and technology, and partners and suppliers. Generally accepted best practice is to make these policies available to all employees and suppliers and to review policies for changing business and legal requirements every 12 months.

Security frameworks and standards


A widely accepted goal of information security management and operations is that the set of policies put in place—an information security management system (ISMS)—should adhere to global standards. ISO 27001 is the de facto global standard. ITIL security management best practice is based on the ISO 270001 standard.

Another framework or ISMS that is gaining wider acceptance within the United States is the National Institute of Standards and Technology (NIST) cybersecurity framework. According to NIST, the framework "focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes."

Security technologies


Correlating the terabytes of data that a large enterprise produces, requires an effective security monitoring system that can scale with the data challenge, as well as incorporate data gathered from diverse sources such as devices, networks, and log and event sources. SOCs have been typically built around a hub-and-spoke architecture, where a security information and event management (SIEM) system aggregates and correlates data from security feeds. Spokes of this model can incorporate a variety of systems, such as vulnerability assessment solutions, governance, risk and compliance (GRC) systems, application and database scanners, intrusion prevention systems (IPS), user and entity behavior analytics (UEBA), endpoint detection and remediation (EDR), and threat intelligence platforms (TIP).