McAfee Enterprise-FireEye relaunches as Trellix and aims to become the “market leader” of XDR


Missed a Future of Work Summit session? Head over to our Future of Work Summit on-demand library to stream.

The cybersecurity giant formed last fall by the merger of McAfee Enterprise and FireEye has a new name, Trellix, and a new mission to become the dominant force in the growing extended detection and response (XDR) market. ).

“Our goal is to be the market leader in XDR,” Trellix CEO Bryan Palma said in an interview with VentureBeat.

In October, private equity firm Symphony Technology Group completed its acquisition of FireEye and combined the well-known cyber-vendor with another big name in the industry, McAfee Enterprise, which Symphony had acquired in July. Palma, formerly executive vice president of FireEye’s product business, was named CEO of the combined company at the time.

With today’s announcement, the FireEye and McAfee Enterprise brands will be discontinued and will no longer be used with any products, Palma said.

Doubling on XDR

The combined business generated about $2 billion in revenue in 2021 and saw mid-teens revenue percentage growth in the fourth quarter of the year, Palma said. The company’s new direction in the XDR market “is resonating with customers, and we expect to grow again in 2022,” he said.

With a focus on XDR as a way to deliver highly adaptable security to a wide variety of customer environments, “we are not just two companies put together. We are a whole new entity,” Palma said.

Definitions of XDR tend to vary, but Gartner defines it as cloud-delivered technology that “integrates, correlates, and contextualizes data and alerts from multiple security prevention, detection, and response components.” The idea is to make sense of alerts from many tools so that security operations teams can prioritize their efforts around the real and most critical threats.

While less than 5% of organizations use XDR today, that figure is expected to climb to 40% by 2027, according to a recent report from Gartner. Notably, the XDR realm is already crowded, with the research company boasting 19 major players in the space (two of which have been McAfee Enterprise and FireEye).

Security complexity

The fact that cybersecurity is only “getting more and more complex” underpins the XDR opportunity, Palma told VentureBeat. He cited software supply chain attacks such as the SolarWinds flaw – first disclosed by FireEye in December 2020 – and the widespread Apache Log4j vulnerability that was disclosed last month.

However, XDR is poised to serve as the answer to complexity, and “I think we’re at the start of this cycle,” Palma said. “We are well aligned for this transition and this market architecture.”

XDR platforms can take different approaches, with some focusing on correlating data from native tools and others emphasizing an “open” approach, which provides analytics for data gathered from native tools. third-party tools.

One of the main differentiators of the Trellix XDR platform is that it allows for both approaches, Palma said. “While we support native, we also support open, so we will ingest the tool from everyone you can imagine,” he said.

The Trellix XDR will be able to ingest and correlate data from 600 different tools, in addition to the company’s own native tools, which is a “great advantage”, Palma said.

Endpoint protection and detection

Key components of the XDR platform include endpoint protection and endpoint detection and response (EDR) solutions, he said. Trellix offers technology offerings from the McAfee Enterprise and FireEye businesses in these areas, and the combined company is working to “bring this together so that we can be best in class for our customers,” Palma said.

Trellix expects to have a single offering for endpoint protection and a single offering for EDR sometime in 2022, he said. These offerings will be available to “meet our customers where they are,” whether their environment is on-premises, hybrid or in the cloud, Palma noted.

In contrast, “many of our competitors can now only serve cloud customers – they’ve completely changed,” he said.

Security operations

Alongside this, the Trellix XDR platform also brings a suite of solutions for security operations, with tools that cover security information and management (SIEM); security orchestration, automation and response (SOAR); and user and entity behavior analysis (UEBA).

“We have a SIEM on site. We have a native cloud SIEM, which was historically called Helix and comes from the FireEye side – it’s a SIEM-SOAR tool. And we have a UEBA tool,” Palma said. “So we bring it all together in one security operations console. This console will incorporate not only our own native technology, but also over 600 other technologies.

This range of offerings is another major advantage for Trellix, he said. “A lot of competitors play in the security operations market or the endpoint market, but not both,” Palma said.

Threat Labs

The third key component of the Trellix XDR platform is its Threat Labs arm, which runs “billions of sensors in the market” collecting security telemetry, Palma said. Trellix Threat Labs also operates threat intelligence relationships with companies such as Mandiant (formerly a subsidiary of FireEye).

“You’re going to see us doing a lot more with our threat labs, which is really what powers our technology platform – getting this real-time information about vulnerabilities, about threat actors, into our platform,” Palma said.

Several offerings from the former McAfee Enterprise business will not be included in Trellix. STG plans to split McAfee Enterprise’s secure services portfolio, including Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) solutions as separate company during this quarter, according to a press release Release. The name of the new company has not been disclosed.

Symphony had paid $1.2 billion for the FireEye products business and $4 billion to acquire the enterprise security business of McAfee, which continues to be a consumer security software company.

“Living” security

At launch, Trellix has a total of 40,000 customers and 5,000 employees, according to the statement.

Palma said Trellix’s ultimate vision is to deliver what it calls “living” security, capable of adapting to the rapidly changing dynamics of cybersecurity, as well as the heterogeneous operating environments that have driven partly the move to remote monitoring. job. (The company’s name refers to a garden trellis that supports plants as they grow, hence the notion of “living” security.)

Supporting an open approach with XDR also shifts the focus from “warring factions” in the cyber industry to supporting an “adaptable and flexible ecosystem,” Palma said. “It’s really where we’re going, which was a big part of our business, but not where we’ve come from historically. So it’s a big transformation. »

Besides McAfee Enterprise and FireEye, the XDR vendors listed by Gartner in its recent report are Check Point Software Technologies, Cisco, CrowdStrike, Cybereason, Elastic, Fidelis Cybersecurity, Fortinet, F-Secure, Microsoft, Palo Alto Networks, Rapid7, SecureWorks, SentinelOne , Sophos, Tehtris, Trend Micro and VMware.

Meanwhile, open XDR providers that have recently added funding include Hunters, which raised $30 million in August; Stellar Cyber, which snagged $38 million in November; and ReliaQuest, which announced it raised an undisclosed amount in December at a pre-money valuation of over $1 billion.


VentureBeat’s mission is to be a digital marketplace for technical decision makers to learn about transformative technology and transact. Our site provides essential information on data technologies and strategies to guide you in the direction of your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on topics that interest you
  • our newsletters
  • gated thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member


Comments are closed.