New Trellix SecondSight Threat Hunting Report highlights the need for proactive defense against critical campaigns
Trellix, the company delivering the future of AI-powered cybersecurity, announced Trellix SecondSight, a threat hunting service designed to proactively identify low-noise advanced threats often undetected, reducing organizational risk for Trellix customers.
Also Read: CIO Influence Interview with Gera Dorfman, Chief Product Officer at Orca
Trellix SecondSight offers analysts a ‘second set of eyes’ to actively monitor for low-noise signals.
“Threat actors’ use of AI has significantly increased alert fatigue for security analysts,” said John Fokker, VP Threat Intelligence Strategy, Trellix. “While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a ‘second set of eyes’ to actively monitor for these low-noise signals, acting as a force multiplier.”
The threat landscape is defined by “weak signals” bypassing traditional defenses, such as the APT28 multi-stage espionage campaign. Trellix SecondSight provides specialized hunting capabilities to expose these weak signals and stop advanced attacks. Applying human intuition and AI-driven analytics to telemetry from Trellix EDR, Trellix Email Security Cloud, and Trellix NDR, Trellix Threat Hunters identify sophisticated threats and provide proactive notifications to help security operations teams stay ahead of adversaries, while also improving Trellix detection capabilities. Benefits include:
- Identify emerging threats: Trellix hunters specialize in identifying subtle, low-confidence signals and correlating them with internal intelligence holdings to cut through the vast gray space of product data and surface critical evidence of intrusions automated filters would dismiss as background noise.
- Augment intelligence for security teams: Trellix hunters provide an additional layer of visibility, ensuring movements don’t go unnoticed. They work in parallel with an organization’s analysts to closely monitor low-confidence signals across Trellix endpoint, network, and email telemetry and provide early warnings.
- Defend with precision: Combining Trellix’s global AI-driven analytics with elite human expertise, Trellix SecondSight identifies subtle indicators of an active breach automated tools often surface but cannot fully interpret, providing early warnings of malicious activity with actionable notifications for customers.
“Proactive, actionable threat intelligence is no longer a nice-to-have; it’s a necessity for keeping pace with advanced actors,” said Niklas Chachalatos, Business Manager Security Services at Advania Sweden. “Trellix SecondSight goes a level deeper, proactively hunting for threats for our customers and providing actionable guidance to thwart attacks and build cyber resilience.”
Released , the Trellix SecondSight Threat Hunting Report highlights the top five critical campaigns observed last year with recommendations to defend against these types of attacks. Like the UTA0355 spear-fishing campaign use case, which highlights the actor’s transition to OAuth abuse to circumvent traditional perimeter security and demonstrates the importance of cross-referencing public threat intelligence against telemetry using campaign patterns, infrastructure IOCs, and targeting profiles. Insights from Trellix SecondSight, expert threat hunters, and a global network of telemetry and intelligence underscore why proactive hunting remains one of the most effective defenses against modern threats like targeted espionage operations, OAuth abuse, and zero-day exploits.
Catch more CIO Insights: Identity is the New Perimeter: The Rise of ITDR
[To share your insights with us, please write to psen@itechseries.com ]
