Get zero-day threat detection. Analyze events for immediate threat and risk detection to determine if your organization was exposed to a specific attack.
Correlate all logs, events, and network flows together—along with contextual information such as identity, roles, vulnerabilities, and more—to detect patterns indicative of a larger threat.
In rule-less correlation systems, detection signatures are replaced with a simple, one-time configuration, providing real-time threat detection.
Receive notifications if specific users, groups, applications, servers, or subnets are threatened.
Get the processing power required to support rich event correlation across your entire enterprise.
Streamline event correlation and startup. Trellix Advanced Correlation Engine does not require rule updates or signature tuning.
Use audit trails and historical replays to support forensics, compliance, and rule tuning. Keep a complete audit trail of risk scores to analyze threat conditions over time.
Because Trellix Advanced Correlation Engine is a self-contained appliance or virtual offering, there’s absolutely no performance impact on Trellix Enterprise Security Manager.
Trellix Advanced Correlation Engine is available in both appliance and virtual deployments.