McAfee, FireEye merger yields Trellix, a unified XDR security company

Trellix will build on existing McAfee and Fire Eye applications, machine learning and automation technology to create an XDR platform of interoperable products for threat prevention, detection and response.

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms
KrulUA / Simon Carter / Peter Crowther / Getty Images

Trellix, a new company formed from the merger of cybersecurity giants McAfee Enterprise and FireEye, is intent on becoming the leader in XDR (extended detection and response) technology by combining applications from both of the formerly separate companies into an interoperable suite of products for threat prevention, detection and response.

The strategy and the new company name were revealed this week by corporate parent Symphony Technology Group (STG), which acquired and merged McAfee Enterprise and FireEye last year. The new suite of products will cover endpoint and network infrastructure security, offer programs tailored for SOCs (security operations centers) and increasingly incorporate machine learning and automation, company officials said.

STG also said it expects to launch the McAfee Enterprise Secure Service Edge (SSE) portfolio as a separate business later this quarter, inclusive of its Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA) applications.

Machine learning, automation drive Trellix's XDR

As for Trellix, the name is meant to evoke the structure of a trellis, designed to support the structured growth of plants, and complement a concept that Trellix calls "living security" — security technology that learns and adapts, utilizing machine learning and automation capabilities, to protect operations from evolving and advanced threat actors.

The company will compete with XDR vendors in a rapidly growing field including Cisco, Microsoft, Check Point Software, VMware,  CrowdStrike, and Palo Alto Networks.

Trellix's threat labs arm, which gathers security telemetry from sensors embedded in IT infrastructure globally, will play an important role.

“Trellix has a differentiated ability to secure the digital experience against cyberthreats using threat intelligence capabilities developed through the scale and diversity of our sensor network,” according to Adam Philpott, CRO (chief revenue officer) at Trellix. “We are continuously offering new solutions leveraging AI, machine learning, and advanced telemetry based on threat intelligence from more than one billion sensors across our enterprise and government customer bases.”

"Living security" will offer organizations threat resiliency through this wide network of interconnected threat sensors and capabilities, enabling customers to safely manage a "living" IT ecosystem that is configured optimally for their organization, according to Philpott.

The products making up Trellix's XDR platform generate and manage security data from native tools and also have the capability applying analytics to data from third-party applications, Philpott says.

New security product releases expected this year

The components of Trellix's XDR platform will be made available to customers in the form of successive product releases, Philpott says.

Merging and upgrading products on such a scale, and bringing customers along, is expected to take a while. “This attempt to combine what were once two security behemoths is no small exercise,” says Allie Mellen, an analyst at Forrester. “Depending on the offering, it will likely take years to transition all customers to the new or rebranded products and services.”

Nevertheless, some new offerings are expected to be out relatively soon, with company officials confirming that Trellix plans to roll out separate EPP (endpoint protection platform) and EDR (endpoint detection and response) products this year. Both McAfee and Fire Eye have endpoint security products, with McAfee focusing on its well-known antivirus software, which falls into the EPP category, and Fire Eye on intrusion detection and response, generally considered to be EDR.

Otherwise, Trellix also plans to bring its SIEM (security information and event management), SOAR (security orchestration, automation and response) and UEBA (user entity behavior analytics) products into an offering for SOCs. While FireEye Helix, a SaaS-based security operations platform for risk detection and response, will be a key component of this offering, McAfee's Enterprise Security Manager SIEM application will continue to be offered, company officials confirmed.

Although Trellix promises a speedy and smooth transition, customers will have to prepare for growing pains as Trellix internalizes its brand identity, according to Mellen.

But while corporate mergers have often shown that it is difficult to meld products from different companies, McAfee and Fire Eye applications have evolved over time and have been in customer hands for a while, so there may not be “too much turmoil," according to Liz Miller, an analyst at Constellation Research.

“Users who want to roll into the XDR solution shouldn’t have any problem and at this stage in their maturity; I’d expect to see some sweet incentives to advance onto the expanded solution,” Miller says. “But, for the next six-12 months, customers should be proactively assessing performance and even ramping up those calls into [their vendor] client success and support teams to ensure seamless service continuation.”

McAfee’s repeated attempts at rebranding

This is not the first time McAfee has tried to reinvent itself. The global security company was acquired back in 2010 by chipmaker Intel to make it a part of its Intel Security Division. However, in 2016, Intel decided to reduce its stake in the company by selling off a controlling 51% to TPG Capital, which then saw the brand McAfee returned and retained until October 2020, when McAfee returned to public markets with an IPO. Shortly after that in March 2021, McAfee agreed to sell off its enterprise security business for $4 billion to STG, a private equity firm.

Company officials says the McAfee and Fire Eye will be retired as company names, and that the McAfee Enterprise Secure Service Edge (SSE) portfolio will eventually be sold under a different corporate name.

Industry insiders have speculated that a main reason for the rebranding is an attempt to distance the company from its founder, cybersecurity pioneer John McAfee, who last year was found dead in a Spanish jail, apparently from suicide, after a series of US government criminal charges and multiple lawsuits were filed against him.

“This is a really smart branding decision on the part of Symphony Technology Group, shedding any scandal and focusing on providing a solid security foundation (like a trellis)”, says Miller. “It gives this newly bonded team a new focal point that doesn’t come with any scandal or justification."

Copyright © 2022 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022