Stop the advanced threats traditional firewalls miss. Trellix Network Security Appliance (NX) isolates and detonates evasive, zero-day malware in a secure sandbox before it strikes. By converting complex network anomalies into real-time, actionable alerts, it prevents lateral movement, protects critical data, and strengthens your cyber resilience.
Signatureless Dynamic Sandboxing (The IVX Engine)
The IVX engine uses dynamic behavioral analysis instead of traditional signature matching.
Multi-Stage Kill Chain & Lateral Movement Detection
Advanced behavioral analytics map the kill chain, including internal "East-West" traffic.
Inline Encrypted Traffic Analysis (ETA)
Find malicious activity hiding in encrypted traffic while minimizing latency and privacy concerns.
High-Fidelity Alerting & Unified SOC Workflows
Filter out network "noise" to focus on real malicious behavior and reduce alert fatigue.
Trellix Network Security uses multiple advanced techniques, including the Intelligent Virtual Execution (IVX) engine, machine learning, and AI. The IVX engine performs signature-less, dynamic analysis of suspicious traffic in a safe virtual environment. Machine learning and AI engines use contextual rules to detect and block malicious activity retroactively and in real time. This multi-layered approach enables the detection of zero-day, multi-flow, and other evasive attacks that traditional defenses might miss.
Yes, Trellix Network Security includes an advanced correlation and analytics engine that detects suspicious lateral movements across your entire network. It uses over 180 rules for lateral movement detection, providing complete kill-chain visibility. Trellix Network Security also incorporates machine learning for data exfiltration detection, JA3 detection for encrypted communication, and web shell detection, mapping these to the MITRE ATT&CK framework.
Trellix Network Security integrates with several other security solutions to enhance overall protection and streamline workflows. It can be integrated with the Trellix Central Management System to correlate Network and Email Security alerts. It also works with Trellix Network Forensics for detailed packet captures and investigations. Additionally, it integrates with Trellix Endpoint Security to identify, validate, and contain compromises detected by Network Security, simplifying containment and remediation of affected endpoints.
Trellix Network Security addresses alert fatigue in several ways. It uses the IVX engine to validate alerts detected by conventional signature-matching methods, reducing false positives. The solution also employs riskware categorization to prioritize alerts by separating critical threats from less malicious activity like adware. Additionally, to improve overall efficiency, it provides concrete real-time evidence with each alert, allowing security teams to quickly assess and respond to genuine threats.
Network security is a combination of technologies, policies, and practices to protect computer networks and data confidentiality, availability, and integrity.
Read MoreNetwork detection and response (NDR) goes beyond essential intrusion detection to continuously monitor your network traffic for suspicious activity.
Read MoreIDS and IPS are vital network security tools used to identify cyberattacks. While both aim to protect enterprise networks, their core functions and methods differ.
Read MoreLearn how to strengthen your network security by fully leveraging your Trellix NX capabilities.
Trellix NX is evolving to Trellix NDR. Learn how to seamlessly transition to advanced capabilities.
Customers share their experiences with Trellix NDR, including their use cases, network security challenges, and the outcomes they’ve achieved.