WIXLIB

DATA SHEETTrellix InsightsThe first endpoint to extendeddetection and response (XDR)security capability to help youget ahead of adversariesOverviewKey benefitsPredict and prioritize threatsthat matterProactively identify and prioritizethreats likely to hit your organizationbased on industry, geography,threat actors, and your enterprise’ssecurity posture.Reduce mean time to detect andresolve from months to hoursStreamline workflows with richactionable context and analysis.Progress quickly with intuitiveguidance.Be more proactive and spendmore time preventingGain more actionable intelligence ona threat before an attack. Understandhow your security posture stacks upagainst the threat. Obtain prescriptiverecommended countermeasures.Boost security operationsdefensive performanceEmpower security teams of variousexperience levels with intuitiveguidance in an advanced defensiveplaybook to respond to whatmatters. Bring security to life, so youcan quickly adapt and learn.The evolution and pace of cyberthreats are constant stress points fororganizations. Enterprises have reacted to them by increasing securitybudgets amid a shortage of security expertise, but they still can’t keepup with modern adversaries who are constantly updating their arsenalof tools, tactics, and techniques.Most current security options rely on siloed intelligence requiring humanand manual intervention. These may address immediate threats, butthe increasing numbers and nuances of cyberattacks are bombardingsecurity teams into a seemingly constant reactive posture. A threatintelligence platform (TIP) can offer a large data lake of threats to assess,but this requires manual integration and analysis cycles, producing limitedactionability and remediation. Vulnerability management solutions canadvise on existing vulnerabilities and their severity, but they offer limitedinsight into how your security posture can or cannot defend againstcurrent real-world threats.The solution is Trellix Insights, with real-time intelligence thatempowers proactive action. Comprehensive intelligence that has beendistilled and analyzed by artificial intelligence and humans can provideprioritization into which threats are most likely to target yourorganization (a combination of deep learning and machine learningwe call human-machine teaming). Trellix Insights predicts exactly howa threat would impact your overall security, and prescribes what youneed to do to optimize your security stance.Trellix Insights1

DATA SHEETTransform your security so you can be more proactiveTrellix Insights providesanswers to risk-relatedquestions for endpointsand beyond Are you at risk? What is yourlevel of exposure? How do you prioritize the attacksthat might hit your organization?How do you learn about them?What is your research process?Trellix Insights offers capabilities built into the Trellix managementplatform that uniquely align with and streamline risk and threatoperations. These capabilities help you preemptively improve defensivecountermeasures and accelerate response times while using fewerresources. Risk intelligence gathered and refined from one billion sensorsassessed by proven advanced threat researchers empowers yourenterprise to prioritize its defenses. Detection, remediation, preemptiveaccelerated response times, and significant risk reduction can be realizedfrom one console.In contrast, reactive cyberdefense strategies are limited to playingcatch-up and fighting fires. Adversaries are devising campaignsdesigned to attack traditional defenses, testing reactive securityproducts to see what techniques will breach their shields. Organizationsneed to address the entire attack lifecycle before and after they are hit. How do you know which threatshaven’t yet hit your organizationbut are likely to? Even if you had a TIP, howwould you prioritize all the attackswithin the TIP database? How do you know about threatsthat have hit your peers? How prevalent is a threat in yourindustry and region? Is there a particular threat actortargeting your organization? How does your current securityposture sustain a threat? What is your confidence inthe complete threat landscapeand why?Trellix Insights2

DATA SHEETGain complete attack lifecycle coverageFigure 1. A typical attack lifecycleAt the end of the day, intelligence and actionable insights from a singleconsole give you the best possible cybersecurity stance against themost likely threats, and boost confidence in your defenses. Assimilatecritical threat information quickly (from weeks down to seconds).Trellix Insights accomplishes this by:Automatically identifying globalthreats you haven’t detectedTrellix Insights uses a massivereservoir of security intelligencefrom more than one billion sensorswith optimized threat analysispowered by human-machineteaming. Machine learning detectsnever-before-seen threats thathuman analysts would likely missdue to lack of visualizing andprocessing. The human elementof Insights leverages deepcybersecurity expertise andintuition to outmatch adversariesbehind malicious code.Increasing situational awarenessso you can focus on what mattersInsights brings out the contextbehind the events and detections,showcasing the correlationsbetween campaigns, threat actors,and TTPs. Your security operationsteam gains a better understandingof threats, with effective remedialactions. Preempt suspiciousthreats based on correlations withTrellix Insightsglobal telemetry, to strengthendefenses and prepare your teameven before the attack occurs.Improving readiness andpreparedness for threatsYou’ll know precisely how yourdefenses stack up before threatshit. Trellix Insights proactivelytracks and prioritizes local andglobal threats that are predictedto hit your enterprise.Analyzing threats usingmachine learningThis capability allows youto determine how your specificcomprehensive security posturederived from endpoint and cloudvantage points would perform.It then provides preemptiveprescribed protection actions thatyou can take to quickly and easilyblock those attacks.3

DATA SHEETSignificantly accelerate detection and response timeTrellix Insights helps your enterprise take the next critical proactive stepto change and remediate your environment with prescriptive guidanceand automated actions. Automation increases effectiveness againstoutside attacks, analyzing and comparing threats and proactivelydefending against them.At risk?What is my priority?Figure 2. Drive proactive security with the Insights dashboardReduce mean time to detection and resolution from months to minutesHuman-machine teaming and advanced analytic capabilities areexpanded to sift through enormous quantities of data and presentactionable intelligence. Expanded detection capabilities preemptivelyaccelerate response times and significantly reduce risk.Trellix Insights4

DATA SHEETAdvance with a comprehensive security postureFigure 3. At-a-glance unified and actionable security posture scoringGet a clear, understandable view of threats with prioritizationand actionabilityA comprehensive and unified security posture includes both endpointand cloud assessment and allows you to focus on what matters acrossyour environment. Guided response based on analyzed and prioritizedintelligence and insight elevates even novice analysts. From theintegrated console, quickly and easily respond by making changesto your configurations, isolating infected devices, updating policy,or pivoting to endpoint detection and response (EDR).Trellix Insights5

DATA SHEETReach actionable risk assessmentsFigure 4. Know what requires attention in your environment to proactively counter a threatImprove signal-to-noise ratio for threat indicatorsAdvanced analytics expand detection and help you make better senseof alerts. Insights threat analysis can easily pivot to Trellix EDR to searchon additional context like indicators of compromise (IoCs) to reduceinvestigation cycles. Critical context on threat actors/crime syndicatesbehind the campaign is shared, including the tools they’ve used,the common vulnerabilities and exposures (CVEs) they’ve beenassociated with, the standard tactics/sub-techniques and the associatedIoCs, and credible sources on the syndicate.Trellix Insights6

DATA SHEETEmpower SOC resourcesSecurity teams are often overwhelmed by the immense volume ofintelligence they must sift through to protect their environments.Limited resources and time inhibit analysis of threats and defenses.Using human-machine teaming, analytic capabilities are expanded—nomatter the skill level of analysts—to crawl enormous quantities of dataand present it as actionable intelligence.Insights allows your enterprise to address its skills gap and empowersecurity operations center (SOC) functions. Security teams are betterinformed so they can make better decisions. Figure 5. Dig deeper to understandthreat events and determine your abilityto defend your organization with anoption to pivot to EDR capability. Insights gained from dataintelligence allow securityteams to customize andmaximize your enterprise’sdefenses. This gives youoptimum protection withoutthe need to increase staffsize or rely on higher levelsof expertise. Insights offersmore purposeful insights intoTrellix EDR to reduce the lengthof the investigation cycle,providing the expertise andresources needed to carry outinvestigations. Analysts canverify the risk of the incidentand root cause with increasedspeed and efficiency.a dynamic new Trellix AdaptiveDefensive model, to deliver anadvanced defensive approachfor ransomware with the TrellixAdaptive Defensive playbook.The Adaptive Defensive modelprovides richer context andmore intuitive, metrics-drivenguidance than traditionalsolutions. Your SOC will beempowered to deliver better,more efficient security. Chief security officers (CSOs)can get the most out oftheir staff and products byfreeing security analystsfrom mundane tasks andhelping even junior-levelteam members become moreeffective. Organizations canreduce time spent on securitymanagement, streamliningtheir workflows to accelerateadditional safeguards. Insights preemptivelyautomates detection, response,and defenses on prioritizedthreats from a single console,alleviating the need for analyststo toggle between tasks.It accumulates and analyzesrelevant data elementswith actionable guidance inone place, placing it at thefingertips of security analystswhen needed.Insights is the first tool in theindustry to take advantage ofTrellix Insights7