Blogs
The latest cybersecurity trends, best practices, security vulnerabilities, and more
Trellix Challenges the Status Quo with Responsible Security
By Ashok Banerjee and Joe Malenfant · October 1, 2024
What is responsible security?
If you’re a fan of Spiderman, you’ll recall that in Spiderman, Uncle Ben cautioned Peter Parker: "With great power comes great responsibility." As cybersecurity vendors, particularly endpoint security with access to the kernel, we have the ability to stop a process, freeze a process, block network or file access, and even block IPCs. At Trellix we take that responsibility very seriously, and that’s why we have a robust quality assurance and content update process to prevent incidents like what happened on July 19th. Here’s how we do it:
- It starts with having an absolutely minimal footprint at the kernel level. All our content updates are done in user mode. This way, in the event the agent crashes, you still have administrative control over restarting the system.
- At Trellix, we are customer zero. After a robust QA process, all updates are performed on our internal systems before ever being rolled out to a customer system.
- We use a phased roll out of the content and product updates on a datacenter by datacenter basis, monitoring when endpoints post any change. This means if endpoints begin to lose connectivity we are able to pause the update process, instead of cascading the update across the globe.
- We give administrators the ability to dictate the policies for how updates are rolled out at their organization, whether it’s by groups/sets or subsets of endpoints in a phased manner.
- As a last line of defense, we can mark content updates with low reputation. If there is a problem anywhere in the update cycle at any time, this last verification will reject the content even if a customer downloaded it already and has pushed it out.
Trellix has been on a journey for the last two years to bring together McAfee Enterprise, one of the most recognizable names in endpoint security, and FireEye, the inventor of sandboxing technology that was synonymous with adversary intelligence. Transforming these two titans into a single entity has been the greatest transformation in the security industry. Recently this was acknowledged by Gartner when Trellix was named as a Challenger in the 2024 Magic Quadrant for Endpoint Protection Platforms recognizing the unification of these two pioneers, the breadth of the Trellix portfolio, global reach, and unique ability to protect organizations on prem, cloud, and hybrid and air-gapped environments. To truly be effective at this, we practice responsible security, every day.
A complete solution for responsible security
The Trellix Endpoint Security is a comprehensive and unified solution that protects endpoints across your hybrid network to secure your organization against today’s ever changing threat landscape. It uses a single agent to provide protection, detection, investigation, and response, all managed through the industry benchmark for security policy management, ePolicy Orchestrator.
We recognize that not every organization out there can be cloud-only. In fact, while the majority of organizations have adopted public cloud in some form or another, they also have requirements for owning, managing and protecting data locally. Trellix is unique in that we can meet your endpoint security needs wherever they are: on prem, hybrid, cloud, and even air-gapped environments such as industrial control systems (ICS).
Recent innovations
Earlier this year we introduced Trellix Wise, and unveiled new Generative AI (GenAI) capabilities as part of Trellix Wise to greatly improve detection and speed investigation of threats. We took a different approach with Trellix Wise and used it to solve the hardest problems first: analyst burnout. While Wise has chatbot capabilities like other solutions, it is designed to alleviate cognitive load and eliminate manual tasks that analysts must perform. For example, when Trellix EDR surfaces an alert, Wise automatically correlates it across multiple events, identifies related breaches, identifies key artifacts, explain why artifacts are important and/or suspicious, determines the sequence of events and entities involved in activity, maps to MITRE ATT&CK framework TTPs involved, and recommends in local language the next steps to contain and remediate the threat. Lastly, it provides the ability to generate a summary email and executive report with just a single click, saving analysts hours of report writing. .
Validated by Industry
Every year Trellix participates in a number of independent tests by third parties including AV-Test, AV-Comparatives, SE Labs, MITRE, where we consistently deliver outstanding threat detection with minimal performance impact. Additionally, analyst firms such as Frost & Sullivan, IDC and Gartner are evaluating Trellix and comparing us to other vendors. Trellix was named as a Challenger in the 2024 Magic Quadrant for Endpoint Protection Platforms. We believe this industry recognition validates Trellix’s unwavering commitment to challenging the status quo across a dynamic threat landscape, and showcases our unique ability to address the needs of today’s hybrid organizations.
The best for all worlds
Trellix Endpoint Security brings together the tools you need to be most successful. Not all investigations end with closing the ticket. Some require reimaging a number of endpoints, and sometimes you have no idea how deep the threat has buried itself. That’s where endpoint forensics comes in. Forensics allows you to remotely investigate potentially compromised endpoints, and collect file and telemetry data including specific files, memory dumps, process dumps, powershell history, and even the raw disk image! This is a complete game changer for security teams when trying to answer the question “have we successfully remediated the threat, and any potential reinfection?”
Everything in Trellix endpoint security is monitored and managed by the much lauded ePolicy Orchestrator, a highly scalable management platform. Whether it’s setting security policies such as required software inventory and version, which endpoints need to have data loss prevention (DLP) installed, to managing a single or group of users' access to various applications, ePO has led the way for more than a decade.
To see if Trellix is right for your organization, get started with a demo!
RECENT NEWS
-
Nov 7, 2024
Trellix Achieves FedRAMP® High Authorization to Protect U.S. Government from Growing Cyber Threats
-
Oct 15, 2024
Trellix Finds Nearly Half of CISOs to Exit the Role Without Industry Action
-
Oct 3, 2024
Trellix CEO Rallies the Industry to Support CISO Role
-
Sep 10, 2024
Trellix Integrates Email Security with Data Loss Prevention
-
Aug 21, 2024
U.S. Department of Defense Chooses Trellix to Protect Millions of Email Systems from Zero-Day Threats
RECENT STORIES
The latest from our newsroom
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.