Automatically spot suspicious network behavior and prevent attacks that elude traditional signature- and policy-based security. Combine multiple AI, machine learning, and correlation engines to detect and respond to advanced threats and lateral movements in minutes.
Spot Attacks that Evade Traditional Defenses
Use signature-less threat detection to identify zero-day and advanced attacks.
Detect Suspicious Lateral Movements
Track and block lateral threats within your enterprise network to reduce dwell time.
Cover Expanding Attack Surfaces
Protect your network with support for most operating systems and over 160 file types.
Map Threats to MITRE ATT&CK Framework
Gain contextual evidence to speed up containment and remediation by aligning attacks to the MITRE ATT&CK Framework.
Trellix Network Security uses multiple advanced techniques, including the Multi-Vector Virtual Execution (MVX) engine, machine learning, and AI. The MVX engine performs signature-less, dynamic analysis of suspicious traffic in a safe virtual environment. Machine learning and AI engines use contextual rules to detect and block malicious activity retroactively and in real time. This multi-layered approach enables the detection of zero-day, multi-flow, and other evasive attacks that traditional defenses might miss.
Yes, Trellix Network Security includes an advanced correlation and analytics engine that detects suspicious lateral movements across your entire network. It uses over 180 rules for lateral movement detection, providing complete kill-chain visibility. Trellix Network Security also incorporates machine learning for data exfiltration detection, JA3 detection for encrypted communication, and web shell detection, mapping these to the MITRE ATT&CK framework.
Trellix Network Security integrates with several other security solutions to enhance overall protection and streamline workflows. It can be integrated with the Trellix Central Management System to correlate Network and Email Security alerts. It also works with Trellix Network Forensics for detailed packet captures and investigations. Additionally, it integrates with Trellix Endpoint Security to identify, validate, and contain compromises detected by Network Security, simplifying containment and remediation of affected endpoints.
Trellix Network Security addresses alert fatigue in several ways. It uses the MVX engine to validate alerts detected by conventional signature-matching methods, reducing false positives. The solution also employs riskware categorization to prioritize alerts by separating critical threats from less malicious activity like adware. Additionally, to improve overall efficiency, it provides concrete real-time evidence with each alert, allowing security teams to quickly assess and respond to genuine threats.
A combination of technologies, policies, and practices to protect computer networks and data's confidentiality, availability, and integrity.
Read MoreNDR goes beyond essential intrusion detection to continuously monitor your network traffic for suspicious activity.
Read More