Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.
The cybersecurity giant formed last fall through the merger of McAfee Enterprise and FireEye has a new name, Trellix, and a new mission to become the dominant force in the fast-growing market for extended detection and response (XDR).
“Where we’re going is to be the market leader in XDR,” said Trellix CEO Bryan Palma in an interview with VentureBeat.
In October, private equity firm Symphony Technology Group closed its acquisition of FireEye and combined the well-known cyber vendor with another big name in the industry, McAfee Enterprise, which Symphony had acquired in July. Palma, formerly the executive vice president for FireEye’s products business, was named CEO of the combined company at the time.
With today’s announcement, both the FireEye and McAfee Enterprise brands will be retired, and will no longer be used with any products, Palma said.
Doubling down on XDR
The combined business generated about $2 billion in revenue in 2021, and saw revenue percentage growth in the “mid-teens” during the fourth quarter of the year, Palma said. The company’s new focus on the XDR market is “resonating with customers, and we expect to grow again in in 2022,” he said.
With the focus on XDR as a way to provide security that is highly adaptable to a wide variety of customer environments, “we’re not just two companies put together. We’re a completely new entity,” Palma said.
Definitions of XDR tend to vary, but Gartner defines it as a cloud-delivered technology that “integrates, correlates and contextualizes data and alerts from multiple security prevention, detection, and response components.” The idea is to make sense of the alerts coming in from numerous tools so that security operations teams can prioritize their efforts around the real and most-critical threats.
While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner. Notably, the XDR field is already getting crowded, with the research firm tallying 19 major players in the space (two of which have been McAfee Enterprise and FireEye).
Underpinning the XDR opportunity is the fact that cybersecurity is only “getting more and more complex,” Palma told VentureBeat. He cited software supply chain attacks such as the SolarWinds breach—first disclosed by FireEye in December 2020—and the widespread Apache Log4j vulnerability that was disclosed last month.
However, XDR is primed to serve as an answer to the complexity, and “I think we’re in the front-end of that cycle,” Palma said. “We’re well aligned for that market transition and architecture.”
XDR platforms can take different approaches—with some focusing on correlating data from native tools and others emphasizing an “open” approach, which provides analytics for data gathered from third-party tools.
One key differentiator for the Trellix XDR platform is that it enables both approaches, Palma said. “While we support native, we also support open. So we’re going to ingest everybody else’s tool that you can imagine,” he said.
The Trellix XDR will be capable of ingesting and correlating data from across 600 different tools, in addition to the company’s own native tools, which is a “big advantage,” Palma said.
Endpoint protection and detection
Key components of the XDR platform include endpoint protection and endpoint detection and response (EDR) solutions, he said. Trellix has technology offerings from both the McAfee Enterprise and FireEye businesses in these areas, and the combined company is underway on working to “bring that together so we can be best in class for our customers,” Palma said.
Trellix expects to have a single offering for endpoint protection and a single offering for EDR at some point in 2022, he said. Those offerings will be available to “meet our customers where they are,” whether their environment is on-premises, hybrid, or in the cloud, Palma noted.
By contrast, “many of our competitors can only service cloud customers now—they’ve made that full switch,” he said.
Meanwhile, the Trellix XDR platform also brings a suite of solutions for security operations, with tools that span security information and and management (SIEM); security orchestration, automation, and response (SOAR); and user and entity behavior analytics (UEBA).
“We’ve got an on-prem SIEM. We have a native cloud SIEM, that historically was called Helix and comes from the FireEye side—it’s a SIEM-SOAR tool. And we have a UEBA tool,” Palma said. “So we’re bringing all that together into a single security operations console. That console will ingest not only our own native technology, but over 600 other technologies as well.”
This breadth of offerings is another top advantage for Trellix, he said. “A lot of the competitors play in the security ops market or the endpoint market, but not in both,” Palma said.
The third key component for the Trellix XDR platform is its threat labs branch, which runs “billions of sensors out in the in the market” collecting security telemetry, Palma said. Trellix’s threat labs also leverage relationships on threat intelligence with companies such as Mandiant (formerly a subsidiary of FireEye).
“You’re going to see us do a lot more with our threat labs, which really is what powers our technology platform—getting that real-time information on vulnerabilities, on threat actors, into our platform,” Palma said.
Several offerings from the former McAfee Enterprise business will not be included as a part of Trellix. STG plans to spin off McAfee Enterprise’s secure service edge portfolio—including cloud access security broker (CASB), secure web gateway (SWG), and zero trust network access (ZTNA) solutions—as a separate company during this quarter, according to a news release. The name of the new company was not disclosed.
Symphony had paid $1.2 billion for the FireEye products business and $4 billion to acquire the enterprise security business from McAfee, which continues as a consumer security software firm.
At launch, Trellix has a total of 40,000 customers and 5,000 employees, according to the release.
Palma said the ultimate vision for Trellix is around providing what he called “living” security—which is capable of adapting to the fast-changing dynamics in cybersecurity, as well as to the heterogeneous operating environments that have driven in part through the shift to remote work. (The company name is a reference to a garden trellis that supports plants as they grow—hence the notion of “living” security.)
Supporting an open approach with XDR also shifts the emphasis away from “warring factions” in the cyber industry, and toward supporting an “adaptable, flexible ecosystem,” Palma said. “That’s really where we’re going—which was a which was an important part of our business, but not where we came from historically. So this is a big transformation.”
Along with McAfee Enterprise and FireEye, XDR vendors listed by Gartner in its recent report are Check Point Software Technologies, Cisco, CrowdStrike, Cybereason, Elastic, Fidelis Cybersecurity, Fortinet, F-Secure, Microsoft, Palo Alto Networks, Rapid7, SecureWorks, SentinelOne, Sophos, Tehtris, Trend Micro, and VMware.
Meanwhile, open XDR vendors that have recently added funding include Hunters, which raised $30 million in August; Stellar Cyber, which landed $38 million in November; and ReliaQuest, which announced raising an undisclosed amount in December at a pre-money valuation of more than $1 billion.