INTERVIEW
CHARTING A NEW COURSE IN AN EXCLUSIVE INTERVIEW, BRYAN PALMA, CEO OF TRELLIX, TELLS US HOW THIS NEW CYBERSECURITY GIANT PLANS TO TAKE THE XDR MARKET BY STORM.
W
hat does your brand name mean? When we were bringing two companies -McAfee and FireEye – together, we wanted to make sure we had a new brand and a new identity because we would do something different in the market. So we looked at what the existing branding across security looks like, and we found there were a lot of swords and shields and military-type analogies. That felt old to me because today, the threats are so dynamic. We’ve got nation-states involved in attacking corporations. The threats are constantly morphing and changing. So we thought this concept of living security seems more appropriate for today’s world - something that’s adaptable, organic, and changes and moves as you need it to. And that led us to think about the word trellis, an infrastructure that supports plants and trees. So we then changed that to Trellix.
ingest CASB and SWG as part of our XDR suite. But we also do that with over 600 other security technologies.
How do you define XDR? First of all, we don’t think about XDR as a specific product; we think about it as architecture. Today, collectively as McAfee and FireEye, we have a robust XDR portfolio. In my personal opinion, to call yourself an XDR player, you have to have an endpoint. We have two endpoints from FireEye AND McAfee sides that we are bringing together, and both perform EDR. And then you have to have security operation capabilities. We have that with a tool on the FireEye side called Helix. We also have a more traditional SIEM that we will leverage when integrated into our cloud-first security operations tool.
Will you continue to work with Mandiant now that they have been acquired by Google? We have a very close relationship with Mandiant. Their CEO, Kevin Mandia, and I have a personal relationship. And we also have a multi-year business relationship with them, where we share telemetry, and they share threat intelligence. This
Is that Skyhigh Security, which was spun off recently? That’s actually different. It is a CASB, and the secure web gateway is part of the Skyhigh business, which is focused on the security service edge market. We’re primarily focused on XDR. However, we 22
CXO INSIGHT ME
MAY 2022
How do you plan to differentiate in the XDR market? For starters, you got to have underlying XDR technology. If you don’t have an endpoint or a security operations console, I’m not sure you call yourself XDR. There are a lot of people doing that. We’ve got one of the most robust XDR platforms out there. So we’re going to continue to do a couple of things. We’re going to continue to innovate, especially when it comes to machine learning and data analytics. We think that’s a key piece. Second, we’re going to continue to automate and help security operations centres and analysts get more efficient and cut through the noise. Third, we will continue to be open and ingest from across the security landscape.
relationship is going to continue to thrive and get stronger under Google. Is it a good idea to automate security? I don’t think it’s the only thing you can do. Many people think machine learning and automation can solve all these challenges we face now. I just don’t believe that I believe it’s a combination of getting more efficient through automation or getting better intelligence through automation. But you’re also always going to need people involved. So the question is, can you reduce the resources you need through automation? What role would your Threat Labs play in the new company? The Threat Labs is very critical to us. It’s an area you’ll hear a lot more from us. Historically, we haven’t had as big a microphone as we should have. We’ve been hesitant to break the news around vulnerabilities or malware. You’ll see us change that. But more fundamentally, we have over a billion sensors out in the market. We bring all that data back in, and we use that content to help power our products. Again, back to your questions about how we differentiate ourselves as an XDR vendor. We have some of the best telemetry in the business. And we’ll let that continue to power our Labs and our platforms. Are you seeing any new threat vectors? We know 90% of threats originate in email it’s still very effective. We see a lot of business email compromise and impersonation-type attacks. We’re seeing them on email and also on mobile in the form of text. So that’s a very real problem. Ransomware continues to be a problem across the industry, especially for small and mid-sized businesses. We’re seeing what we’re now calling pseudo ransomware, which is not looking to collect a ransom, but wiping and destroying data. The big one is called HermeticWiper, which we found in Ukraine.
