Products/Services
product
- Line up
- Network Security: Trellix (formerly FireEye) Network Security
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense
- Network Security: Trellix (formerly McAfee) Network Security Platform
- Endpoint: Trellix (formerly FireEye) HX
- Endpoint: Trellix (formerly McAfee) Mvision
- Endpoint: Trellix (formerly McAfee) Complete Data Protection
- Email Security: Trellix (formerly FireEye) Server Edition
- Email Security: Trellix (formerly FireEye) Cloud Edition
- Security Operations: Trellix (formerly FireEye) Helix
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management)
- Enhanced cloud governance: Trellix (formerly FireEye) Cloudvisory
- File Threat Protection in the Cloud: Trellix (Formerly FireEye) Detection On Demand
- File Security: Trellix (formerly FireEye) Malware File Storage Scanning
- Integrated Management Solution: Trellix (formerly FireEye) Central Management
- NDR Solution: Network Investigator (NI) / Packet Capture (PX)
Specifications/Technical Information
Specifications/Technical Information
- Trellix (formerly FireEye) Technical Information
- Trellix (formerly FireEye) Specifications
- Network Security: Trellix (formerly FireEye) Network Security Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Specifications
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Technical Information
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Specification
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Technical Information
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Specifications
- Integrated Management Solution: Trellix (formerly FireEye) Central Management (CM) Series Specifications
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management) Technical Information
Trellix
Trellix
Incident detection, analysis, and resolution at endpoints "Trellix (former FireEye) HX"
Endpoint is an endpoint security product that detects, analyzes, and resolves incidents that occur on endpoints. Based on Network Security/Server Email detection information and Mandiant intelligence information, infected terminals can be identified and quarantined. At the same time, it is possible to check the infection status of other endpoints.
Identification of infected terminals and scope of influence
- Identify infected terminals based on Network Security/Server Email detection information. Identify terminals with the same threat at the same time
- Detection of potentially infected devices using Mandiant intelligence information
- Detection of potentially infected devices using 3rd party, proprietary IOC information
Infection status confirmation, investigation, and isolation
- Status display of threat progress whether malware was sent to the actual terminal or whether it was infected
- Automatically collect activity history such as process startup, communication history, file creation, modification, and deletion on the terminal agent side. Investigation is possible retroactively to the event occurrence time
Detect, investigate and quarantine anywhere
We offer two forms of usage: on-premise and cloud. In both cases, it is possible to detect, investigate, and isolate not only internal terminals but also external terminals and remote work terminals.
Detect/block unknown malware and exploits
Four different engines provide defense in depth for endpoints: Malware Protection, Malware Guard, Exploit Guard, and IOC.
Search for the operation status of administrator terminals and the spread of damage
- Investigate whether or not processes of malware file names and hash values obtained from outside are running
- Proactively search for malware and malicious behavior by attackers
- Analysis and tracking of damage spread for all devices
Operation image
- Agent constantly records the operation and change history on the terminal
- Send alerts from each device (Network Security/Server Email) to Endpoint
- Receive alerts from each device with Endpoint
- Automatically generate Indicators (IOC) in Endpoint
- Distribute IOCs to all terminals and investigate the presence or absence of traces on the terminal side (agent)
- Generates and acquires an investigation file (Triage Package) that identifies infected terminals and further investigates
- Execute network isolation of infected terminals from Endpoint
Types of IOCs
What is an IOC (Indicator of Compromise)?
- "Definitions" and "standards" proposed by Mandiant for searching and detecting traces indicating the presence or threats on terminals infected with malware, etc.
- Information that can generate an IOC
- file name/folder path
- File/folder path
- File MD5 hash
- boot process
- registry
- DNS
- External communication port, etc.
Inquiry/Document request
In charge of Macnica Trellix Co., Ltd.
- TEL:045-476-2010
Mon-Fri 8:45-17:30
