Formed following the merger of McAfee Enterprise and FireEye in October 2021, Trellix are one of the largest cyber security companies globally. With over 53,000 customers, including 80% of Fortune 100 companies, Trellix specialises in Extended Detection and Response (XDR), cyber threat intelligence, as well as AI (and machine learning) driven security.
Their parent company Symphony Technology Group has created a portfolio to protect customers across applications, endpoints, infrastructure and the cloud, resulting in a single point of contact for all security planes.
From 2025 Trellix are overseen by new CEO Vishal Rao, however just after the takeover they were overseen by CEO Bryan Palma. During that period Trellix have adopted a "living security" approach, whereby they have developed an ethos that their security solutions act as a "learning organism", constantly learning and adapting to new cyber threats via artificial intelligence and machine learning techniques, enabling growth far more sophisticated than that of traditional human design methods.
As a result of this approach, in 2024 Trellix were given many awards at Global InfoSec, which included:
Visionary Award for Harold Rivas (CISO)
Editor's Choice Award for AI and Machine Learning
Trailblazing Award for Endpoint Security
Trailblazing Award for Extended Detection and Response (XDR)
Publisher's Choice Award for Network Detection and Response
Cutting Edge Award for Threat Intelligence
Further to the Global InfoSec awards, in 2024 Trellix were also awarded:
AWS Technology Partner of the Year Award for Sub-Saharan Africa Region
Brandon Hall Group Bronze Award for Best Customer Training Program with 90% satisfaction rate
SE Labs Best Email Security Service Award
And in 2023 Frost & Sullivan Global Endpoint Security Company of the Year and Top InfoSec Innovator Award for Editor's Choice in XDR.
Table of Contents
What is Trellix known for in the cybersecurity space?
Building on the offerings from the former FireEye solutions, Trellix offers detection, protection and response technologies via their cloud-based XDR platform and intelligence systems. This offers clients increased visibility and detection abilities, leveraging security expertise from their SOC, best practice security playbooks and security analytics. All Trellix products have the capability to work alongside existing third-party solutions and Trellix XDR combines Trellix Helix, Trellix Email, Trellix Cloud, Trellix Network, Trellix Endpoint and Third Party Tools.
Trellix are also well known for pioneering "sandboxing" technologies, which are now commonplace across many vendors. Sandboxing is used to isolate and test incoming network traffic within its own virtual environment, checking for malicious software or intent before allowing it to enter the network.
The suite of solutions that Trellix also offers email services, which offers protection against phishing and business email compromise attacks, Trellix Helix which provides automated threat detection and response capabilities using AI and machine learning, and Trellix Network which delivers multi-layered protection for devices, servers, and desktops.
Again, much of Trellix's notoriety comes from the accomplishments of FireEye, where in 2020, FireEye via the Helix solution discovered and reported the significant SolarWinds supply chain attack to the U.S. National Security Agency.
What industries or company sizes does Trellix primarily serve?
Trellix's offerings are designed to suit a wide range of industries and business sizes, with specific security services for the following:
Cloud
EducationÂ
Financial ServicesÂ
GovernmentÂ
HealthcareÂ
Industrial Control SystemsÂ
Retail
When considering the large enterprises that utilise Trellix, many customers have 10,000+ employees, which includes major corporations like IBM, VMware and The Adecco Group. On the other hand, Trellix recently achieved AWS Small and Medium Business Competency certification, showcasing Trellix's capability to serve the needs of small and medium businesses as well as large enterprises.
The company's customer base is primarily based in the US, with global customer distribution:
United States: 66.84% of customers
India: 6.84% of customers
France: 6.33% of customers
And for businesses that don't have in-house expertise, Trellix as a Service is their fully managed security offering. This solution provides managed detection, investigation and response by Trellix experts. Individual Trellix products can also be integrated into new or existing DIY networks through its Bring Your Own Network (BYON), network agnostic functionality.
How does Trellix compare to other major cybersecurity vendors (e.g. Palo Alto Networks, Cisco, Fortinet)?
Versus Palo Alto Networks
Offers strong investigative features but needs improvement in cloud support and UI for advanced forensics
Superior managed security services and incident response capabilities than Palo Alto
Versus Cisco
Competes in endpoint protection and threat intelligence spaces
Both vendors offer similar core security features including firewall protection, endpoint protection, and zero-trust capabilities
Versus Fortinet
While Fortinet leads in AI-powered security services and next-generation firewall appliances, Trellix excels in both Advanced threat detection and response capabilities and email security.
Versus CrowdStrike
25% lower system impact than CrowdStrike, more efficient kernel management with minimal footprint and quarterly updates and fewer false positives (CrowdStrike produces 2.5x more false alarms).
Broader visibility across multiple security layers, greater threat intelligence through public-private partnerships and better suited for critical environments such as industrial and SCADA systems
What are Trellix's core offerings for endpoint, network and cloud security?
Helix Security Platform:
A SaaS security operations platform, offering clients the ability to control incidents in all areas. The product comes with automated alert validation to help manage false positives and alert volume. The Security Information Event Management (SIEM) service procures big data from remote systems and uses it to provide clients with a view into their organisations IT security. User and entity behavior analytics leverages machine-learning, statistical analysis and algorithms to detect internal and external security threats. Trellix Helix also uses machine-learning to baseline what a business’ normal behaviour is like, allowing for alerts to be created when anomalies and deviations occur. Real-time threat intelligence and customisable threat detections are able to detect multi-vector threats. Integrated Security Orchestration, Automation and Response (SOAR) is offered to improve times taken to respond, reduces risk exposure and maintains process consistency. Clients have the ability to prioritise alerts, focusing on true threats whilst customising dashboards and accessing incident response playbooks.
Multi-Vector Virtual Execution (MVX) engine:
Designed to detect evasive cyber attacks such as multi-flow and zero-day using dynamic and signature-less analysis, preventing infection and compromise phases of cyber-attack kill chains and identifying new exploits and malware.
Trellix Network Security:
Secures operating systems such as Apple OS X, Windows and Microsoft. The solution leverages MVX, dynamic machine-learning and artificial intelligence (AI) technologies, which inspect suspicious network traffic, detecting and blocking malicious activity in real-time. Intrusion Prevention System (IPS) detects attacks using conventional signature matching. The appliance is designed to sit behind next-generation firewalls (NGFW), secure web gateways (SWG) and IPS, aiding these solutions by detecting known and unknown attacks. The solution is able to analyse over 160 file types which include portable executables (PEs), active web content, Java, Adobe, Microsoft archives and media, applications and multimedia.
The solution can be deployed in a number of different ways:
Clients can choose to deploy the service in a variety of ways including on-premises, in-line and out of band, public and private cloud, hybrid and virtual offerings.
Integrated Network Security: a comprehensive hardware-appliance with MVX service secures internet access points at a single site
Distributed Network Security: a set of extensible appliances which use an MVX service, securing Internet access points throughout an organisationÂ
Network Smart Node: which are physical or virtual appliances designed to analyse internet traffic and detect and block malicious traffic whilst sending suspicious activity to the MVX service for definitive verdict analysis.Â
MVX Smart Grid: MVX service located on-premises offering transparent scalability, built-in N+1 fault tolerance and automated load balancing.
Trellix Cloud MVX:
An MVX subscription service, that offers security by analysing traffic on the Network Smart Node. Any suspicious objects are sent to the MVX service to be filtered.Â
- Protection On-Premise or in the Cloud: Network Security in the Public Cloud, available in both AWS and Azure.
- Multiple, Dynamic Machine Learning, AI and Correlation Engines: Designed to detect and block targeted attacks, obfuscated and customised attacks using contextual, rule-based analysis with real-time insights which are gathered using hours of previous response experience.
The product identifies malicious exploits such as malware, Command and Control (CnC) callbacks and phishing attacks and blocks them by preventing infection, compromise and intrusion phases of the cyber attack kill chain. Suspicious network traffic is extracted and submitted to the MVX engine for further analysis.
Trellix Detection as a Service:
Threat detection delivered as an Application Programming Interface (API) with capabilities to integrate with Security Operations Center (SOC) workflows, data repositories, SIEM analytics and client web applications, with flexible file and content analysis capabilities.
Endpoint Security:
Uses multi-engine protection to secure endpoints in a single modular agent, blocking advanced threats with machine-learning engine MalwareGuard, common malware using a signature-based engine, application exploits with behaviour analysis engine ExploitGuard and protects from new vectors using Endpoint protection modules.
Endpoint protection also leverages threat detection and response to identify threat activity using a real-time indicator of compromise (IOC) engine, tools and techniques to enable response to breaches, logged activity timelines to be used in forensic analysis, and the ability to stream alerts and information to the Trellix XDR platform.
Email Security:
Trellix secure email gateway allows clients to protect against advanced email threats such as spear-phishing and impersonation. The solution uses machine-learning to minimise risks, identify false positives, block phishing attempts and track attack activity. Because threats are blocked in-line, alert fatigue is minimised which allows security teams to manage policies and customise responses depending on the severity of an attack.
FireEye email security is available in two packages:
FireEye Email Security- Cloud Edition, which integrates with cloud email platforms such as Microsoft 365
FireEye Email Security - Server Edition, which is located on-premises as an appliance or virtual sensor, with the capability to block malware and spear-phishing emails.
CloudVisory:
A multi-cloud security solution providing ad-hoc Cloud Security Audits, Single-pane-of-glass Cloud Security, Continuous Cloud Security Analytics and Network Flow Visualisation. The platform also offers protection from exposure and compliance violation by reducing the risk of cloud security misconfiguration using Extendable Compliance Framework, Cloud Vulnerability Management, Cloud Security Compliance Guardrails and Risk Analysis and Remediation. Finally, the solution uses machine-learning to detect anomalies, with Cloud Security Policy Management, Threat Detection and Response, Intelligent Micro-segmentation and Automated Policy Governance.Â
Does Trellix provide integration with existing SIEM tools or other security stacks?
Trellix Helix provides integrations for over 650 third-party tools and data sources, as well as pre-built playbooks for incident response actions. All of these features can be managed via a single-pane and easily integrates with SIEM, firewalls, antivirus and ticketing systems.
Some of the biggest SIEM tools that Trellix integrates with is Fortinet FortiSIEM, LogRhythm SIEM and IBM Security QRadar.
Further to these, Trellix supports a range of Microsoft cyber security solutions including Microsoft CASB and Windows Defender ATP.
However, there are many other cybersecurity solutions that Trellix also supports, such as:
Palo Alto Networks (Cortex, PAN-OS, Prisma Cloud)
Check Point's Next Generation Threat Prevention platform
SonicWall
Okta (IAM)
Aruba ClearPass
Atos (for CASB services and sensitive data protection)
Mimecast (Email & Collaboration)
Netskope (Cloud Security)
Absolute (endpoint protection technology)
Kaspersky Security Centre
What is the difference between Trellix's threat detection capabilities and those of its competitors?
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Competitor | Key Differences |
|---|---|---|---|---|---|---|
| 1 | hyelland | 29/01/2025 12:07 PM | hyelland | 29/01/2025 12:07 PM | Microsoft | Trellix offers broader threat intelligence (4,400+ campaigns vs Microsoft's 480) and better endpoint/email detection. |
| 2 | hyelland | 29/01/2025 12:07 PM | hyelland | 29/01/2025 12:07 PM | CrowdStrike | Trellix provides more efficient architecture and stronger forensics capabilities. |
| 3 | hyelland | 29/01/2025 12:07 PM | hyelland | 29/01/2025 12:07 PM | Darktrace | While Darktrace leads in AI-driven autonomous response, Trellix is superior in utilising AI for zero-day vulnerability detection. |
| Competitor | Key Differences |
How effective is Trellix in combating advanced persistent threats (APTs)?
Trellix's portfolio of solutions is extremely effective for protecting networks against APTs across a range of fronts. By utilising machine learning techniques, Trellix's solution can use behavioural classification to quickly sort threats from regular activities, without hard-coding for specific signatures (as seen with traditional methods). Through Trellix's Real Protect, businesses can now detect zero-day malware and APTs in near real-time, ensuring that processes, infrastructure and data are always protected from the latest and most complex threats. As a result of using machine learning, Trellix automatically evolves its classification methods to identify and create rules for future attack patterns, while automatically repairing endpoints to their last known good state following a threat detection.
Combining this with their Global Threat Intelligence significantly reduces the time between attack discovery and containment from weeks to milliseconds. By gathering and distributing a combination of local, community and global security intelligence across multiple security components, Trellix remain one step ahead of new security breaches.
Dynamic Application Containment (DAC)
One of the standout security features of Trellix is its Dynamic Application Containment system, which analyses and contains greyware, such as software, ads or other programs that are not wanted or needed, and emerging malware before infection. By containing software, Trellix can gain insights into the intent of files or data and this helps to build their threat intelligence with knowledge on new advanced threat behaviours
Threat Detection Statistics
The platform has demonstrated significant results in APT detection, with recent data showing a 17% increase in APT-backed detection rates over a six-month period. Notably, the system has detected over 21 million threat activities from China-aligned threat actor groups, such as Chinese hacking groups, with 23% of malicious activities targeting the government sector worldwide.
What level of AI or machine learning does Trellix incorporate into its threat intelligence tools?
Trellix are well known for using machine learning to build up a large volume of threat intelligence about trending threat behaviours.
Trellix Wise Platform
One of the ways that Trellix achieves this is through the Wise platform. The Wise platform leverages both traditional AI and Generative AI (GenAI) to automate security workflows and threat detection. It processes multiple petabytes of telemetry data and handles 68 billion queries daily across more than 100 million endpoints - making for a large scale dataset capable of finding even the most hidden of threats.
Machine Learning Models
Trellix has over 10 years of AI modelling and 25 years of analytics experience, putting themselves at an advantage for leveraging data from over a billion sensors for threat analysis purposes. There are many machine learning models that Trellix leverages - including:
33 ML models across Endpoint, Email, Network, and Sandbox products
11 ML models specifically for phishing detection
15 models for malicious file detection covering PE files, VB script, and PowerShell
These models perform signature-less, dynamic analysis using a Multi-Vector Virtual Execution (MVX) engine. Once analysed, Trellix automatically triages threats and eliminates false positives, which can save approximately 8 hours of SOC work per 100 alerts.
As of more recent, Trellix has partnered with AWS to enhance its GenAI capabilities, enabling faster threat detection and response while maintaining data privacy. This integration provides:
AI-guided investigations
Automated content development
Enhanced customer support through AI chatbots
What happened to Trellix's Mandiant division and how does Mandiant handle incident response for global companies?
Following the merger that saw FireEye and McAfee enterprise become Trellix, Mandiant now operates independently and is part of Google Cloud. While Mandiant was once part of the FireEye offering, they are now separate entities. Mandiant retained the incident response and threat intelligence services, whilst Trellix took over the endpoint, cloud, and infrastructure security products. Both companies continue to collaborate, with Trellix products incorporating some of Mandiant's threat intelligence to further improve their own intelligence dataset.
Mandiant maintains incident responders in over 30 countries, providing local expertise and native-language fluency for rapid response to security incidents. Their teams can begin triaging requests within hours and quickly analyse entire networks for malicious activity.
How frequently does Trellix update its threat intelligence database, and how is it sourced?
Trellix regularly updates all of their security offerings to stay ahead of new threats, however different solutions are updated at various intervals.
Security Content Updates
Released every Monday and Thursday
Contains Indicators of Compromise (IoCs) related to ongoing threat campaigns
Curated by the Trellix Content team
Antivirus Definitions
Updated daily
Contains traditional DAT-based detections
Real-Time Intelligence
Continuously collected and analysed from hundreds of millions of global sensors across over 40,000 organisations
Includes file reputation, web reputation, IP reputation and network connection reputation data
What are real-world examples of Trellix identifying or preventing major cyberattacks?
There are multiple real-world examples of Trellix identifying major cyberattacks from across the globe - we've detailed some of the more notable below:
Volt Typhoon Campaign
Trellix identified and tracked the Volt Typhoon threat actor's activities, including the detection of over 7,100 malicious activities from January through March 2024, observed the group's dormancy period from August 2023 to January 2024 and tracked tracked 7,393 detections across 50 unique customers using 47 distinct malware variants.
Lindsay Auto Group
A botnet had invaded their infrastructure after someone opened a phishing email, causing significant disruption and led to temporary closure of stores. Once Trellix Email Security & Trellix Helix were implemented, resolving the issue with infected machines prevented from contaminating the rest of the network and malware and attachments now scanned.
How scalable are Trellix's solutions for global enterprises with a distributed workforce?
Both Trellix Helix and Trellix Threat Intelligence utilise a cloud architecture, easily handling hundreds of thousands of endpoints for distributed workforces, while maintaining performance requirements. The private Global Threat Intelligence (pGTI) cloud infrastructure is built on global point-of-presence technology that processes billions of queries daily.
Cloud, on-premises and hybrid deployment options
Flexible configurations for data residency requirements
Support for diverse regulatory compliance needs
This means that Trellix is well positioned to assist your business with any future growth or changes in workforce demands.
How does Trellix support multi-cloud environments (e.g., AWS, Azure, GCP)?
Trellix offers businesses with support for multi-cloud environments through two main solutions, Cloudvisory and Cloud Workload Security (CWS), which provide integrated security management across various cloud platforms.
Cloudvisory
A designated control center for cloud security, designed to offer increased visibility, and with the capability to comply with a number of security environments, including Kubernetes, AWS, Azure, Google Cloud Platform and Openstack.Â
Cloud Workload Security
The Cloud Workload Security automates the discovery and defence of various environments, including public cloud services such as Amazon Web Services (AWS) and Microsoft Azure. The solution centralises management through a single console, allowing for consistent security policies across servers, virtual servers and cloud platforms, with key features including:
Automated Discovery: Continuously monitors and discovers workload instances and Docker containers, eliminating security blind spots.
Network Visualisation and Micro-segmentation: Offers cloud-native network visualisation and micro-segmentation capabilities to prevent lateral attack progression within virtualised environments.
Adaptive Threat Protection: Integrates machine learning, application containment, anti-malware, whitelisting, file integrity monitoring and micro-segmentation to protect workloads from threats such as ransomware and targeted attacks.
Integration with Deployment Frameworks: Supports integration with tools such as Chef and Puppet for automatic deployment and management of the Trellix agent to cloud workloads.
What is the pricing structure for Trellix's products and services?
Endpoint Security Pricing
Per User Annual Pricing (12-month contract):
Trellix Advanced: $118.44/user
Trellix Premium: $222.32/user
Trellix Complete: $366.08/user
Trellix Endpoint Security: $136.16/user
Trellix EDR: $54.54/user
Trellix EDR Premium: $145.98/user
Network Security Pricing
Annual Pricing:
Network Security Manager Starter Edition: $1,867.92/instance
Network Security Manager Global Edition: $18,022.79/instance
Virtual Network Security Platform (1Gbps): $12,400.00
SecOps and Analytics
Annual Pricing:
Trellix XDR: $60.00/user
Open XDR External Data Add-on (50GB): $20,925.00
ePolicy Orchestrator (On-Prem): $37.50/node
Virtual Enterprise Security Manager SIEM: $61,294.33/VM
Volume Discounts
Pricing varies based on the number of users/endpoints:
5-250 endpoints
251-1000 endpoints
1001-2000 endpoints
2001-5000 endpoints
5001-10000 endpoints
10001+ endpoints
Additional Information
Trellix Thrive Essential support is included at no cost with every software subscription
Free trials are available for select products
All subscriptions include access to the management console and basic support
How does Trellix justify its cost in terms of ROI compared to competitors?
For many businesses, the main determinant as to whether Trellix is really worth it comes from the potential return on investment (ROI) seen. Trellix has in fact been known to produce significant cost savings, including a 25% reduction in costs compared to its own previous cybersecurity event search solution.
Trellix's solution has demonstrated improved efficiencies, such as:
Query speeds improved by 50% with single hot-tier storage
95% of security queries now complete within seconds
Enhanced ability to process and analyse streaming data
Whilst vendors such as Zscaler offer superior cloud-based capabilities and CrowdStrike provides more advanced real-time threat hunting capabilities, we would suggest that Trellix does offer a significant return on investment.
Are there case studies or metrics demonstrating cost savings or improved cybersecurity posture?
TeamWorx Security leveraged the Trellix Detection as a Service solution to improve their cybersecurity offerings. A data science and software engineering firm, TeamWorx security are primarily focused on creating intelligent workforce solutions for cybersecurity and incident response, which includes advanced malware analysis, threat intelligence analysis, enterprise communication, and critical infrastructure support. By leveraging the Trellix's Detection as a Service, TeamWorx were able to achieve a 50% cost reduction, reduced incident response time to 5-10 minutes or less and maintained 99.9% availability for their services.
How does Trellix assist with compliance for GDPR, CCPA, PCI DSS, or ISO 27001?
Trellix maintains ISO 27001:2013 certification for its Information Security Management System (ISMS), which covers all aspects of people, process and systems security. The company also holds other ISO certifications including ISO 27017 for cloud security, ISO 27018 for personal information protection and ISO 27701 for privacy information management.
Data Protection Features
Implements organisational, technical and contractual measures to protect personal data
Provides prompt notification of government data requests and any legally binding disclosure requirements
Offers automated compliance assessments and security gap analysis capabilities
Includes a 72-hour breach notification system to meet GDPR requirements
PCI DSS Capabilities
Provides real-time File Integrity Monitoring (FIM), detecting unauthorised changes to critical system files that could potentially expose cardholder data for PCI DSS requirements 10 and 11.5
Enables tracking and monitoring of all access to network resources and cardholder data
Offers qualified security assessor (QSA) forms for simplified PCI reporting
Does Trellix provide audit logs and reporting tools for governance?
Audit logs can be found via the Trellix ePolicy Orchestrator (ePO), which records all user actions and provides detailed tracking of many important activities, such as user logins/logouts, configuration changes, action timestamps, IP addresses of users/inbound/outbound traffic and user activities. Through Security Event Tracking capabilities, Trellix can automatically log security events including unauthorised file access attempts, system file modifications, security feature changes and policy violations - all of which give your business an easier understanding of where potential security incidents might occur and who/what is behind them.
Further to this is the Trellix Threat Intelligence Portal, which doesn't inherently provide audit logs but can also report on network activities and can be useful for governance purposes. The Threat Intelligence Portal includes tools such as Trellix Insights and Trellix Global Threat Intelligence, which allow access to intelligence reports and Threat Intelligence resources as per chosen subscription. Since merging from FireEye, the network reporting and analytics are more integrated into newer Trellix platforms rather than the older standard, which used a standalone FireEye portal.
What level of customer support does Trellix offer (e.g. SLAs, managed services)?
Trellix offers multiple tiers of support services and service level agreements (SLAs) across their product portfolio, with fully managed services to take the responsibility out of your hands, SLAs to ensure you get the service you're expecting and business support options to ensure you're going in the right direction.
Some of the managed services that Trellix offers includes:
24/7/365 management and alerting
Managed or co-managed security options
Managed Security Operations Center (SOC)
Security analytics
Managed SIEM services
Full security portfolio management
These can be of significant benefit to organisations that don't have a dedicated IT team or are lacking expertise with Trellix's product range, allowing external experts to handle the bulk of issues and alleviating your business with needing experts in-house.
One of Trellix's solutions is Trellix Thrive, a services portfolio that offers support, education, and professional services. Thrive offers support in a range of tiers, including:
Essential: Basic support with standard SLOs and S1 severity phone support
Advanced: Enhanced support with improved SLOs, 24x7x365 phone support, and advanced case routing for S1 cases
Elite: Premium support with highest level SLOs, advanced case routing for all cases, and priority case handling
Business Support Options
The standard Business Support option that Trellix offers includes all-day everyday (24/7/365) support via web and phone, including remote desktop control. With access to the Trellix Labs malware analysis service, online knowledge base, product downloads, and diagnostic tools, as well as a subscription to the Support Notification Service (SNS) for updates and alerts, your business is well supported to face new threats. This plan includes up to 15 designated contacts within your organisation.
Building on that, the essentials success plan includes everything from the basic plan and adds service request prioritisation for elevated priority at the times when you need support the most. You also gain access to a remote Support Account Manager (SAM) for account-related assistance, boost your designated contacts up to 25 and receive access to educational Services, with 30 eLearning subscriptions for Trellix product education.
However, if the essentials success plan isn't enough, perhaps the enhanced success plan is more suited. As expected, all lower tier features are included, but you also gain an assigned technical contact (ATC), who is a dedicated technical expert for situation and escalation management and a customer success manager (CSM) - a designated CSM to assist with value realisation and success planning. Businesses leveraging the essentials success plan also benefit from one week of professional services for solution and strategic advisory, one remote health check per year and up to 80 eLearning subscriptions to educate your staff on the platform.
To top it all off, the premier success plan includes all features of the other plans, four weeks of professional services for in-depth solution and strategic advisory, four remote health checks per year and finally, 280 eLearning subscriptions.
And for businesses still utilising FireEye Email Security, SLAs offer a 99.9% monthly uptime guarantee - however there are service credits offered for downtime:
<99.9%: 25% credit
<99.0%: 50% credit
<98.0%: 100% credit
What strategic partnerships or integrations does Trellix have with other technology providers?
Some of the more well-known Global Services Provider Partners include:
Bell: A leading Canadian telecommunications company
BT: A British multinational telecommunications company
DXC Technology: Global security services to protect enterprise information.
ElevenPaths: The cybersecurity unit of Telefónica
Fujitsu: A Japanese multinational offering cybersecurity services.
IBM: A global technology company providing a wide range of security services and solutions.
Macquarie Government: An Australian provider specialising in secure government cloud and cybersecurity services.
Mphasis: An IT services company offering integrated security solutions.
NTT Ltd: A global cybersecurity services company that protects digital assets.
Singtel: A Singaporean telecommunications company offering a suite of cybersecurity services.
With integrations including:
Tenable: Integrates with Trellix XDR to provide a risk-based view of a customer's entire attack surface.
Trustwave: Offers Managed Detection and Response (MDR) services in conjunction with Trellix's XDR platform.
BeyondTrust: Integrates with Trellix ePolicy Orchestrator (ePO) and Threat Intelligence Exchange (TIE/DXL) to improve visibility and control over data, as well as risks.
Commvault: Combines its cyber deception technology with Trellix's advanced sandboxing, threat analysis and orchestration capabilities for improved security and accelerated recovery.
How does Trellix address zero-day vulnerabilities and emerging threats?
Zero-day threats can be some of the most worrisome issues that networks have to face. Named due to the vulnerabilities being unknown to the vendor, these threats give vendors zero days to properly prepare to address them. Trellix uses a range of techniques to address these vulnerabilities, assisting with the prevention of vulnerability exploitation. These techniques include:
Machine Learning and AI
Trellix uses sophisticated machine learning behaviour classification to detect zero-day threats in near real-time, automatically evolving its classification systems to identify new behaviours and create rules for future attack prevention.
Email Protection
The platform protects over 4 million Department of Defence email inboxes from phishing, spear-phishing and zero-day attacks, particularly as cybercriminals increasingly leverage GenAI for more complex email-based attacks.
Endpoint Security
Trellix Endpoint Security (ENS) provides:
Proactive threat detection using predictive analytics based on industry and region
Real Protect technology for machine-learning behaviour classification
Automatic system rollback capabilities to restore systems to their last known healthy state
The platform implements:
Signature-less threat detection for identifying advanced attacks
Multiple AI and machine learning correlation engines
Lateral movement detection to reduce 'threat dwell' time
Global Threat Intelligence
Trellix combines local, community and global security intelligence to reduce the time between attack discovery and containment from weeks to milliseconds. The system leverages cloud monitoring to act on new and emerging threats across multiple vectors, including: file, web, message and network.
What is Trellix's track record in dealing with supply chain attacks?
Trellix has a rich history in protecting against supply chain attacks. In December 2020, before becoming Trellix, FireEye played a crucial role in uncovering the major SolarWinds supply chain attack, reporting it to the NSA which was previously unaware of the breach.
Trellix actively monitors supply chain vulnerabilities, with recent data showing the Wholesale sector accounts for nearly 18% of all threat detections due to its critical role in supply chains.
Trellix's Advanced Research Center has made notable discoveries, including identifying approximately 350,000 open-source projects at risk from supply chain vulnerabilities. In 2023, the company helped establish the Supply Chain Attack Research (SCAR) group, collaborating with industry experts to develop tools that benefit the global security community.
One other instance of Trellix discovering a vulnerability is in 2022, Trellix researchers uncovered a 15-year-old vulnerability in Python's tarfile module. This posed significant supply chain risks, affecting hundreds of thousands of open-source repositories and the discovery highlighted the company's capability in identifying long-standing security issues that could impact the software supply chain.
What are Trellix's main differentiators in the cybersecurity market?
Trellix's breadth of capabilities for a singular, integrated and simplified SecOps experience stands out amongst other competitors in the market - offering the ability to collect and respond to threat telemetry across endpoint, network, data, cloud and email planes.
Trellix's use of AI also sets themselves apart from other vendors, with their latest AI solution Trellix Wise, their GenAI-powered automation system, leveraging their experience of over 10 years of AI modelling and 25 years of analytics and machine learning experience.
Also, Trellix isn't shy of integration capabilities. Trellix Helix enables integrations with over 1,000 third-party data sources through the Trellix Marketplace, enabling other vendors offerings to be leveraged in conjunction with Trellix's.
Which global enterprises or industries currently use Trellix solutions?
Serving over 40,000 global customers and protecting 80% of Fortune 100 companies, Trellix is used by many of the top global enterprises. Some of these include:
Financial Services
HDFC Life
Ahli United Bank
AU Small Finance Bank
Technology Companies
IBM
VMware
McAfee
CDW
Professional Services
The Adecco Group
Kelly Services
Sopra Steria
How has FireEye evolved after being acquired by Symphony Technology Group and merging into Trellix?
In June 2021, Symphony Technology Group (STG) acquired FireEye for $1.2 billion, with the acquisition part of a larger strategy that included the earlier purchase of McAfee Enterprise for $4 billion in March 2021. In October 2021, STG completed the merger of FireEye with McAfee Enterprise leading to the formation of Trellix and brought together FireEye's threat intelligence capabilities with McAfee Enterprise's security solutions.
In January 2025, STG appointed Vishal Rao as the new CEO of Trellix, while maintaining his position as chief executive of Skyhigh Security. This followed the leadership of Bryan Palma, who had been appointed as CEO of the combined company in September 2021.
Trellix's main focuses appear to be within XDR and cloud integrated security. For Extended Detection and Response (XDR), Trellix's platform incorporates over 600 native and open security technologies, providing advanced threat detection capabilities.
Are there any risks associated with the rebranding and organisational changes?
Since the rebranding and merger of solutions, customers have complaints regarding the resource consumption on host systems. This can be extremely high, particularly during large file operations, however Trellix have recently made large scale changes in order to improve such efficiencies.
Customer support has been problematic, with reports of the company failing to meet service level agreements and providing inadequate support response. Some organisations have already switched to alternative solutions like CrowdStrike and Cortex XDR due to these issues.
Finally, the decision to split off the Security Service Edge (SSE) business into a separate company has been criticised by industry analysts as potentially problematic. This separation could create additional complexity for customers requiring SSE integrated amongst other security solutions.