DATA SHEET

Trellix Network
Security
Effective protection against
cyberbreaches for midsize
to large organizations

Overview
Trellix Network Security is an effective cyberthreat protection solution
that helps your organization minimize the risk of costly breaches by
accurately detecting and immediately stopping advanced, targeted,
and other evasive attacks hiding in internet traffic. It facilitates efficient
resolution of detected security incidents in minutes with concrete
evidence, actionable intelligence, and response workflow integration.

With Network Security, your organization is effectively protected against

today’s threats, whether they:

ƒ Exploit Microsoft Windows, ƒ Are hidden in a large volume

Apple OS X operating systems, of inbound internet traffic that
or application vulnerabilities must be inspected in real time
ƒ Are directed at the
headquarters or
branch offices
At the core of Network Security are the Trellix Multi-Vector Virtual
Execution (MVX) and dynamic machine learning and artificial intelligence
(AI) technologies.

MVX is a signature-less, dynamic analysis engine that inspects suspicious

network traffic to identify attacks that evade traditional signature- and
policy-based defenses. Multiple machine learning, AI, and correlation
engines represent a collection of contextual dynamic rules engines that
detect and block malicious activity in real time and retroactively, based
Figure 1. Typical configuration of on the latest machine, attacker, and victim intelligence. Network Security
Network Security solutions also includes intrusion prevention system (IPS) technology to detect
common attacks using conventional signature matching.

Trellix Network Security 1

DATA SHEET

Trellix Network Security is available in a variety of form factors and

deployments and performance options. It’s typically placed in the path
of internet traffic behind traditional network security appliances such as
next-generation firewalls, IPS, and secure web gateways (SWGs) to detect
both known and unknown attacks with high accuracy and few false
positives, while facilitating an efficient response for each alert.

Technical advantages

Accurate and actionable threat detection

and insights
Network Security uses multiple analysis techniques to detect attacks
with high accuracy and a low rate of false alerts.

ƒ The MVX engine detects and submits suspicious

zero-day, multiflow, and network traffic to the MVX
other evasive attacks with engine for a definitive
dynamic, signature-less verdict analysis. In addition
analysis in a safe, virtual to client-side protection,
environment. It stops infection engines support server-side
and compromise phases of detection, lateral movement
the cyberattack kill chain by detection, and detection of
identifying never-before-seen post-exploitation traffic.
exploits and malware. ƒ Alerts generated by Network
ƒ Multiple dynamic machine Security include concrete
learning, AI, and correlation real-time evidence to quickly
engines detect and block respond to, prioritize, and
obfuscated, targeted, and contain targeted and newly
other customized attacks discovered attacks.
with contextual, rule-based When operating in Evidence
analysis from real-time insights Collector mode, Network
gathered on the front lines Security generates
from thousands of hours of Layer 7 metadata, which is
incident response experience. sent to Trellix Helix for analysis
Network Security stops to provide further security
the infection, compromise, context for your SOC team.
and intrusion phases of the In addition, detected threats
cyberattack kill chain by can also be mapped to the
identifying malicious exploits, MITRE ATT&CK framework for
malware, phishing attacks, contextual evidence.
and command and control
callbacks. It also extracts

Trellix Network Security 2

 DATA SHEET

Detection

Capabilities Benefits

Accurate detection of advanced, targeted, and other evasive attacks Minimizes risk of costly cyberbreaches

Visibility and detection of post-breach lateral movement Decreases time to detect post-breach activities
and reduces attacker dwell time

Modular and scalable security architecture Provides investment protection and supports business growth

Consistent level of protection for multi-OS environments Creates a strong defense across the entire organization
and all internet access points for all types of devices

Integrated, distributed, physical, virtual, on-premises, Offers flexibility to align with organizational preferences
and cloud deployment options and resources

Multivector correlation with email and content security Provides visibility across a wider attack surface

Prevention

Capabilities Benefits

Immediate blocking of attacks at line rates from 250 Mbps to 10 Gbps Gives real-time protection against evasive attacks

Visibility into encrypted traffic Delivers optional built-in TLS 1.3 decryption support on appliances
without an additional license fee

Response

Capabilities Benefits

Low rate of false alerts, riskware categorization, and mapping to Reduces operational cost of triaging unreliable alerts
MITRE ATT&CK framework

Pivot to investigation and alert validation, endpoint containment, Automates and simplifies security workflows
and incident response

Execution evidence and actionable threat intelligence Accelerates prioritization and resolution of detected security incidents

Trellix Network Security 3

DATA SHEET

Comprehensive visibility into suspicious

lateral movements
Network Security includes the SmartVision advanced correlation and
analytics engine that detects suspicious lateral internal network traffic
across the entire network, from the data center to remote branch office
locations. With more than 180 rules for lateral movement detection,
SmartVision provides full kill-chain detection that targets east-west,
server-facing deployments.

SmartVision also includes a machine learning framework with

data-exfiltration detection, JA3 detection for identifying encrypted
communication, web shell detection (visibility into attacks on
web servers), and detection of malware lateral movement. It provides
Layer 7 context around every real-time alert and maps adversarial
techniques based on the MITRE ATT&CK framework.

Immediate and resilient protection

Network Security offers flexible deployment modes, including
out-of-band monitoring via test access point (TAP)/switched port
analyzer (SPAN), inline monitoring, or inline active blocking. Inline blocking
mode automatically blocks inbound exploits and malware and outbound
multiprotocol callbacks. In inline monitoring mode, your organization
decides how to respond to generated alerts. In out-of-band prevention
mode, Network Security issues TCP resets for out-of-band blocking of
TCP or HTTP connections.

Selected models offer an active high-availability option to provide

resilience in case of network or device failures.

Trellix Network Security 4

DATA SHEET

Wide attack surface coverage

Network Security delivers a consistent level of protection for today’s
diverse network environments, providing:

ƒ Support for most common thousands of operating

Microsoft Windows, systems, service pack,
Apple Mac OS X, and Linux IoT application type,
operating systems and application version
ƒ Analysis of over 160 different combinations
file types, including portable ƒ Protection against advanced
executables, active web attacks and malware types
content, archives, images, that are difficult to detect
Java, Microsoft, and Adobe via signatures: web shell
applications and multimedia uploads, existing web shells,
ƒ Execution of suspicious ransomware, and cryptominers
network traffic against

Validated and prioritized alerts

In addition to detecting genuine attacks, MVX technology is also used
to validate alerts detected by conventional signature-matching methods
and to identify and prioritize critical threats. Your organization gets
these efficiencies:

ƒ IPS with MVX engine validation ƒ Riskware categorization

reduces the time required separates genuine breach
to triage signature-based attempts from undesirable
detection that’s traditionally but less malicious activity
prone to false alerts. (such as adware and spyware)
to prioritize alert response.

Response workflow integration

Network Security can be augmented in several ways to automate
alert response workflows. For example:

ƒ Trellix Central Management packet captures associated

System correlates alerts with an alert and enable
from both Network Security in-depth investigations.
and Trellix Email Security for ƒ Trellix Endpoint Security
a broader view of an attack identifies, validates,
and to set blocking rules and contains compromises
that prevent the attack detected by Network Security
from spreading further. to simplify containment
ƒ Trellix Network Forensics and remediation of
integrates with Network affected endpoints.
Security to provide detailed

Trellix Network Security 5

DATA SHEET

Flexible deployment options

Network Security offers various deployment options to match your
organization’s needs and budget.

Integrated Network Security

Standalone, all-in-one hardware appliances with integrated MVX service
secure an internet access point at a single site. Network Security is an
easy-to-manage, clientless solution that deploys quickly without requiring
rules, policies, or tuning.

Distributed Network Security

Extensible appliances with centrally shared MVX service secure
internet access points within organizations using the following features
and capabilities:

ƒ Network Smart Node physical ƒ Trellix Cloud MVX service

or virtual appliances analyze subscription ensures privacy
internet traffic to detect by analyzing traffic on the
and block malicious traffic and Network Smart Node; only
submit suspicious activity over suspicious objects are sent
an encrypted connection to over an encrypted connection
the MVX service for definitive to the MVX service, where
verdict analysis. objects revealed as benign
ƒ MVX Smart Grid on-premises, are discarded.
centrally located, elastic MVX ƒ Protection options
service offers transparent on-premises or in the cloud,
scalability, built-in N+1 fault in addition to standalone and
tolerance, and automated virtual appliances. Trellix offers
load balancing. Network Security in the public
cloud with availability in both
AWS and Azure.

Figure 2. Distributed deployment models for Network Security

Trellix Network Security 6

 DATA SHEET

High performance and scalability

Trellix Network Security protects internet access points at line rate with
performance options for a wide variety of branch and central office sizes.

The MVX Smart Grid and Trellix Cloud MVX scalable architecture allow
the MVX service to support one Network Smart Node to thousands and
scale seamlessly as needed.

Figure 3. Modular
components of
Network Security

Response

Form factor Performance

Integrated Network Security 50 Mbps to 5 Gbps

Physical Network Smart Node 50 Mbps to 10 Gbps

Virtual and public cloud Network Smart Node 50 Mbps to 8 Gbps

Business benefits
Designed to meet the needs of single-site and distributed multisite
organizations, Trellix Network Security delivers several benefits.

Minimizes risk of cyberbreaches

Network Security is a highly effective cyberdefense solution that:

ƒ Prevents intruders from ƒ Eliminates weak points from an

breaking into an organization organization’s cyberdefenses
to steal valuable assets or with consistent protection
disrupt business by stopping for various operating systems,
advanced, targeted, and other application types, branches,
evasive attacks and central sites
ƒ Stops attacks and contains
intrusions faster with
concrete evidence, actionable
intelligence, inline blocking, and
response workflow automation

Trellix Network Security 7

 DATA SHEET

Short payback period

Network Security gives you a return on your investment in several ways:

ƒ Focuses security team ƒ Future-proofs security

resources on real attacks to investment by scaling
reduce operational expenses smoothly when the number
ƒ Optimizes capital spend of branches or the amount of
with a shared MVX service internet traffic grows
and a large variety of ƒ Protects existing investments
performance points to right- by allowing cost-free migration
size deployment to meet from an integrated to a
requirements distributed deployment
ƒ Reduces future capital outlay
with modular and extensible
architecture

Awards and certifications

The Network Security product portfolio has been awarded a number of
industry and government awards and certifications:

ƒ In 2022, Trellix received the ƒ In 2020, Forrester recognized

Gold Globee Cyber Security Trellix as a large vendor for
Global Excellence Award Network Analysis and Visibility.3
for Network Detection ƒ Network Security holds
1. Awarded to FireEye, now Trellix; U.S. Navy Office of and Response. certifications including
Information, Naval Information Warfare Systems
Command (NAVWAR) Awards FireEye First Place in ƒ In 2020, Trellix won first place Common Criteria, FIPS 140-2,
Network Threat Detection Challenge, December 7, 2020
in the Naval Information and SOC 2.
2. Awarded to FireEye, now Trellix; KuppingerCole,
Leadership Compass Network Detection and Response, Warfare Systems Command ƒ Network Security has been a
June 10, 2020
(NAVWAR) Artificial Intelligence recipient of numerous awards
3. Recognition for FireEye, now Trellix; Forrester, Now Tech:
Network Analysis and Visibility, Q2 2020, June 23, 2020 Cybersecurity Challenge.1 from SANS Institute, SC
ƒ In 2020 and 2021, magazine, CRN, and others.
KuppingerCole awarded Trellix ƒ Network Security was the first
the Leadership Compass security solution on the market
for Network Detection to receive the US Department
and Response.2 of Homeland Security SAFETY
Trellix Act Certification.
6220 American Center Drive
San Jose, CA 95002 To learn more, visit [Link].
[Link]

About Trellix
Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response
(XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their
operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning
and automation to empower over 40,000 business and government customers.

Copyright © 2022 Musarubra US LLC 062022-01