Features, Interviews, Security, Technology

Trellix: Putting XDR in the spotlight

Trellix is a new cybersecurity powerhouse born out of the previously announced merger of McAfee Enterprise and FireEye in October 2021. It plans to deliver Extended Detection and Response (XDR) to organisations with a focus on accelerating technology innovation through machine learning and automation.

In an exclusive interview, Adam Philpott, Chief Revenue Officer at Trellix, spoke to Anita Joseph about how the new company is all set to deliver its brand promise of building resilient and confident organisations through ‘living security,’ which refers to security technology that learns and adapts to protect operations from the most advanced threat actors.

Adam Philpott, Chief Revenue Officer at Trellix

Give us a background to this collaboration.

If you think about it, there are a number of opportunities that go untapped in the industry today. Organisations continue to use technology to enhance their business, drive growth & efficiencies and also improve the way they interact with their clients using digital technology. We see this trend not just continuing, but also accelerating-with the new hybrid working patterns with distributed staff, we see newer and newer ways of reaching out to people in this virtual, distributed world-so digitisation continues to evolve and change shape.

What that means for our clients is that technology is an increasing part of how they do business. All companies are technology companies now. But what it also means then, is that the platforms that they’re using to do business are digital and are increasing in complexity, which is giving rise to risk in the cyber domain. So then evermore digital, their attack footprint is greater, their attack surface is greater. Therefore cybersecurity becomes an increasing risk for them. So we need to help them with that.

At the same time, the platforms itself that they used to run their business are growing ever wider-cloud technologies, mobile devices, home networks-all sorts of things that they need to try and put a security wrap around-and it’s getting increasingly complicated.  Then again, the way they try to secure is also complex. So, it’s not only about a complicated digital platform, it’s also about the fact that have invested in lots and lots of different security technologies over the years which has given rise to this massive complexity. And when you have so many different security tools, you need a lot of staff to operate them- to look at each tool, how it integrates, what information it’s telling them, and so on-and then to do correlation and respond to events that they see as they do this correlation. That complexity then drives a massive demand on human capacity which is slower than digital technology and also extremely expensive. So, managing complexity is something else that we need to do whilst augmenting the limited staff that they have. And then finally, I would say that the threats themselves continue to increase both in volume and in sophistication- more vulnerabilities, more attacks, more to defend against-so scaling this operation, particularly in light of that changing digital technology and that complex security environment, also becomes a challenge that we need to help them with.

Why Trellix?

With Trellix, we’ve brought together two industry giants-but, I like to refer to it as Trellix standing on the shoulders of giants and allowing us to see further. What we found is that these problems that I talked about earlier are not being solved in the industry today. They’re not being solved by organisations and vendors who are desperate to have the latest feature, or the latest products-products won’t solve this, we need to take a more holistic systems- based view and architecture to addressing this. And so our focus will be on the XDR- Extended Detection and Response. This basically means that we’re looking across a whole variety, the telemetry, then unifying it, treating it as one system and automating the correlation across all of those disparate parts. If you think about what those parts are, and you think about McAfee and FireEye, its endpoint is EDR. It’s networked like IPS, sandboxing, email-are all the way up into the cloud with orchestration analytics, SIM capability, EDR. So, a real hybrid span across the cloud, leveraging cloud scale and intelligence, but also all the way down to the endpoint as well.

Bringing all that stuff together as an architecture so that we can automate the visibility, the investigation, the detection and also make the response and orchestration while enriching it with analytics-that’s exactly what Trellix is doing.

The other thing about the brand is that we’re taking a very different approach-there’s loads of organisations out there that sell a product and want to sell product after product after product, but they actually only make this complexity worse. There’s organisations that have different fear-based names, but what we see is that businesses need to take risk, they need to manage the risk they take, but they also need to digitise in order to thrive. So, our job is to actually provide living-security that evolves as the business evolves, and to treat that as an overall system that’s completely integrated into their digital strategy. And so there really are three pillars as to how we do that: one is around having a capability that’s constantly learning and constantly adapting, as the world does, just as living things do, just as their digital strategy and environment does as well. So constantly learning, benefiting from AI and machine learning and improving the way they secure themselves, even with things they haven’t even seen before and looking at threats they’re likely to face, predicting those, helping them stay secure.

The second pillar, after learning and adapting, centres around being both native and open. We’ve got loads of capabilities that we benefit from, from both McAfee and FireEye. But we won’t solve those problems just by doing that. The other thing we do is open to applications, open to third parties in the cyber community, and open to the infrastructure we’re protecting, so that they can truly integrate this stuff together in a unified way. And then finally, we don’t just bring products to organisations, we bring capability and talent and expertise, so that when you think about expertise in threat research and intelligence, we have a huge number of capabilities and resources in our organisation. So not just sitting on top of the platform but integrating into it is exactly where we’re going, and using that to enrich the threat intelligence that we have in that system to help our clients.

Why is Trellix focusing so much on XDR?

XDR is probably the hottest space for our clients-if you look at the data, there’s a huge XDR market but it’s massively under penetrated-nobody’s owning it at the moment. But it’s more than just the market that is driving us. We need to go deeper: Why is the market so big? Why is it of primary interest to our clients? And we realise that it doesn’t just solve a niche problem, it solves a super set of problems. No customer has too few security capabilities. They’ve all got too much complexity. At the same time, none of them have enough staff-so, we need to be much smarter about how we augment limited human capacity by using things like AI and machine learning. All of that is very rich in XDR-those are exactly the sets of things it sets out to do. Plus, as a company, looking at where we’ve come from, we have so much of those capabilities. It’s a really natural fit for us in order to help our clients.

What do you think are some of the main attacks that the region is facing today?

Obviously, ransomware just continues unabated because it’s successful. If the bar to entry is low, and the success rate is high and if you’re a person who lacks a moral compass, that may be a good place to go. So we continue to see ransomware attacks being fairly prevalent. Obviously, we also see things like common vulnerabilities being exploited all the time-it’s significant throughout most organisations.

In fact, it is literally keeping CISOs awake at night because it’s such a complex set of challenges to solve, but it’s so prevalent in their in their operations as well. So vulnerabilities will continue to be something that we need to support our clients with. Supply chain issues have been in the press quite a bit recently and we’ll continue to see some of that as well.

What’s 2022 looking like for Trellix? What are you planning for the market this year?
All of those challenges that I spoke about earlier will continue to be priority, and then XDR will be our superset solution to addressing that. That’s what we’ll be focused on. We’ll also be focused on innovating-we’ve brought a really strong team together for this organisation, we’re still building access to the key roles within that team. So we’re talking of a really, really strong business, but then we already have a significant number of customers and we’re highly penetrated. So, continuing to serve those customers, bringing some quick wins to them in terms of those different complementary capabilities and bringing those together to help clients solve those problems, will continue to be our core focus.

Previous ArticleNext Article


The free newsletter covering the top industry headlines