Press Releases

SAN JOSE, Calif. -- Trellix, the company delivering the future of AI-powered cybersecurity, today announced Trellix SecondSight, a threat hunting service designed to proactively identify low-noise advanced threats often undetected, reducing organizational risk for Trellix customers.

"Threat actors' use of AI has significantly increased alert fatigue for security analysts," said John Fokker, VP Threat Intelligence Strategy, Trellix. "While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a 'second set of eyes' to actively monitor for these low-noise signals, acting as a force multiplier.”

The threat landscape is defined by "weak signals" bypassing traditional defenses, such as the APT28 multi-stage espionage campaign. Trellix SecondSight provides specialized hunting capabilities to expose these weak signals and stop advanced attacks. Applying human intuition and AI-driven analytics to telemetry from Trellix EDR, Trellix Email Security Cloud, and Trellix NDR, Trellix Threat Hunters identify sophisticated threats and provide proactive notifications to help security operations teams stay ahead of adversaries, while also improving Trellix detection capabilities. Benefits include:

• Identify emerging threats: Trellix hunters specialize in identifying subtle, low-confidence signals and correlating them with internal intelligence holdings to cut through the vast gray space of product data and surface critical evidence of intrusions automated filters would dismiss as background noise.
• Augment intelligence for security teams: Trellix hunters provide an additional layer of visibility, ensuring movements don’t go unnoticed. They work in parallel with an organization’s analysts to closely monitor low-confidence signals across Trellix endpoint, network, and email telemetry and provide early warnings.
• Defend with precision: Combining Trellix’s global AI-driven analytics with elite human expertise, Trellix SecondSight identifies subtle indicators of an active breach automated tools often surface but cannot fully interpret, providing early warnings of malicious activity with actionable notifications for customers.

"Proactive, actionable threat intelligence is no longer a nice-to-have; it’s a necessity for keeping pace with advanced actors,” said Niklas Chachalatos, Business Manager Security Services at Advania Sweden. “Trellix SecondSight goes a level deeper, proactively hunting for threats for our customers and providing actionable guidance to thwart attacks and build cyber resilience.”

Released today, the Trellix SecondSight Threat Hunting Report highlights the top five critical campaigns observed last year with recommendations to defend against these types of attacks. Like the UTA0355 spear-fishing campaign use case, which highlights the actor’s transition to OAuth abuse to circumvent traditional perimeter security and demonstrates the importance of cross-referencing public threat intelligence against telemetry using campaign patterns, infrastructure IOCs, and targeting profiles. Insights from Trellix SecondSight, expert threat hunters, and a global network of telemetry and intelligence underscore why proactive hunting remains one of the most effective defenses against modern threats like targeted espionage operations, OAuth abuse, and zero-day exploits.

Learn more about Trellix SecondSight here.

Additional Resources:

• Trellix SecondSight Threat Hunting Report
• Trellix Threat Intelligence
• Trellix Advanced Research Center Reports
• What is cyber threat hunting?

About Trellix
Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.

Follow Trellix on LinkedIn and X.