This article was created and contributed by our partner, Trellix.

Trellix has been a leader in utilizing AI/ML for many years to stop cyberattacks. Today we are introducing Generative AI (GenAI) capabilities into Trellix Wise to greatly improve detection and remediation of threats. As part of this we are happy to introduce Trellix Wise with GenAI for Trellix EDR.

Introducing Trellix Wise Generative AI for Trellix EDR

We are greatly improving our ability to solve difficult problems such as alert fatigue, missed detections, and talent gaps with Trellix Wise. Launched today, one of the first applications of Trellix Wise GenAI is with Endpoint Detection and Response (EDR) where it helps analysts quickly triage, scope, and analyze threat alerts accurately. Trellix Wise accelerates SOC analysts' threat hunting and forensic analysis activities through a single integrated management console.

Endpoint is one of the most relevant telemetry sources with a large attack surface for threat actors. Effective endpoint security requires AI-powered capabilities to help customers level the playing field, improving their speed and accuracy of detection against the modern threat landscape. Enriching our EDR solution with AI delivers on that requirement and equips the SOC analysts to have a differentiated capability to stay ahead of adversaries.

Designed to be a force multiplier for security analysts, Trellix Wise for EDR brings a 5x improvement in analyst efficiency in triaging and investigations, and can reduce MTTR (mean time to response) by 50%, ensuring rapid remediation to a known good state.

The time is now – and it's not new to us

It's important to note a few things have come together that have made all this possible. We'd be remiss not to acknowledge the impact GenAI has had in the last 24 months. Another critical element that has made this possible is the advancements that have been made in computing power.

Today we have many petabytes of threat intelligence data leading into exabytes of data and telemetry feeding Trellix Wise to produce the most comprehensive and accurate insights. That said, artificial intelligence and the use of machine learning models is not new to us. Trellix endpoint security platform utilizes a combination of client side and server side ML models to identify threats for near real time protection. Regardless of environment (on prem, hybrid and cloud) they share the same degree of efficacy.

Trellix EDR currently provides AI-guided investigations, augmenting SOC analyst skills by automatically answering questions they might have during the course of an investigation. Generative AI supercharges investigations, increasing the fidelity and confidence summary of findings, allowing junior analysts to respond faster with the reasons for the ratings so they can remediate faster than ever.

It is this combination of computing innovation, knowledge, and our data set that allows us to be exactly where we are today. AI is only as good as the data it can leverage. With Trellix Wise you get the right data to make the right decisions than competing solutions.

Trellix Wise - the analyst's best friend

The use of Trellix Wise with our EDR solution is geared toward one thing: making it easier for analysts to uncover, investigate, and remediate a threat quickly. The addition of GenAI to Trellix EDR is intended to provide highly reliable assistance with a comprehensive set of investigative tips, such as: why are they getting alerted, what can they do about it, what tactics or techniques were used by the adversary, and how can they remediate quickly.. ! We've created a number of features within Trellix EDR that make this a reality, here are just a few:

Uncovering threats is a challenge in itself. Where do you even start? What threat hunting query do you write? The natural language query engine for historical and real-time search makes threat hunting more accessible to junior analysts. They don't need to know Python code, complex query languages and the semantics associated with the query languages of the product. They can simply ask Trellix Wise to use a natural language query that automatically gets translated into various query languages. And they can do it in their own native languages like French, Portuguese, Spanish, Japanese, German etc., as shown below.

Trellix Wise hyper-automates EDR with Generative AI Image 1
Figure 1: Multilingual natural language historical search

Investigating any potential threat requires analysts to answer a preliminary set of questions and then going down the rabbit hole, one that takes forever. With Trellix Wise we have added Interactive Mode that provides guided threat hunting to help analysts answer questions with just the click of a button. GenAI speeds the investigative process, reducing mean time to detection and remediation by answering questions in seconds, including:

  1. When did the incident happen?
  2. What do I do with this information?
  3. What actions can I take?
  4. Where can I get more information?
Trellix Wise hyper-automates EDR with Generative AI Image 2
Figure 2: Threat monitoring and automated enrichment

From here analysts will discover valuable new insights, and threats are automatically mapped to the MITRE ATT&CK matrix.

The most important part of threat detection and response is clearly what you do about it - remediation! In the screenshot below you can see the button to TAKE ACTION. As mentioned Trellix Wise is built to make the analyst's life easier and to do things faster. We provide remediation guidance such as disconnecting the host, terminating processes, quarantining the host to a separate network, etc. Trellix Wise allows you to find the problem and stop it for good!

Trellix Wise hyper-automates EDR with Generative AI Image 3
Figure 3: Guided remediation using recommended actions

Once an analyst has completed their investigation and remediated the problem, there will likely need to be a report sent to executives. Trellix Wise saves this arduous task and provides executive summaries of an incident with a single click in Dossier Mode, saving analysts valuable time by distilling massive amounts of technical information into something short, sweet, and legible.

Trellix Wise hyper-automates EDR with Generative AI Image 4
Figure 4: Executive Briefing
Trellix Wise hyper-automates EDR with Generative AI Image 5
Figure 5: Executive Briefing continued

The integration of Trellix Wise into EDR marks a significant advancement in how SOC analysts handle threat detection and response. By enhancing the capabilities of our Endpoint Detection and Response solutions, Trellix EDR is a highly performant modular agent that's built on a common sensor stack and conforms to modern unified endpoint security agent architecture. The addition of generative AI simplifies the process of uncovering and investigating threats, and ensures rapid and accurate remediation. Don't miss this opportunity to enhance your cybersecurity capabilities.

Learn more about Identity and Access Managment and Trellix Connect with a WWT Expert

Technologies