Trellix announced Trellix SecondSight, a threat hunting service designed to proactively identify low-noise advanced threats often undetected, reducing organizational risk for Trellix customers.
“Threat actors’ use of AI has significantly increased alert fatigue for security analysts,” said John Fokker, VP Threat Intelligence Strategy, Trellix. “While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a ‘second set of eyes’ to actively monitor for these low-noise signals, acting as a force multiplier.”
The threat landscape is defined by “weak signals” bypassing traditional defenses, such as the APT28 multi-stage espionage campaign. Trellix SecondSight provides specialized hunting capabilities to expose these weak signals and stop advanced attacks. Applying human intuition and AI-driven analytics to telemetry from Trellix EDR, Trellix Email Security Cloud, and Trellix NDR, Trellix Threat Hunters identify sophisticated threats and provide proactive notifications to help security operations teams stay ahead of adversaries, while also improving Trellix detection capabilities. Benefits include:
- Identify emerging threats: Trellix hunters specialize in identifying subtle, low-confidence signals and correlating them with internal intelligence holdings to cut through the vast gray space of product data and surface critical evidence of intrusions automated filters would dismiss as background noise.
- Augment intelligence for security teams: Trellix hunters provide an additional layer of visibility, ensuring movements don’t go unnoticed. They work in parallel with an organization’s analysts to closely monitor low-confidence signals across Trellix endpoint, network, and email telemetry and provide early warnings.
- Defend with precision: Combining Trellix’s global AI-driven analytics with elite human expertise, Trellix SecondSight identifies subtle indicators of an active breach automated tools often surface but cannot fully interpret, providing early warnings of malicious activity with actionable notifications for customers.
