Euro Security Watch with Mathew J. Schwartz

Endpoint Protection Platforms (EPP) , Endpoint Security , Incident & Breach Response

McAfee Enterprise and FireEye Products Rebrand as Trellix

Will Fresh Face Earn Buy-In for Its XDR - Extended Detection and Response - Vision?
McAfee Enterprise and FireEye Products Rebrand as Trellix

Endpoint detection and response software news flash: The entity formerly known as McAfee Enterprise and FireEye Products has a new name.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

On Wednesday, private equity owner Symphony Technology Group rebranded the concern as Trellix.

Trellix's chief enterprise competition in the endpoint or extended detection and response - aka EDR/XDR - space includes VMware and Broadcom in the U.S. and Kaspersky, globally.

What a long, strange trip it's been. The McAfee name belongs now to a business focusing solely on consumer security, whereas the McAfee enterprise business unit was sold to STG in March 2021 for $4 billion in cash. Last October, STG merged it with FireEye Products - comprising network, email, endpoint and cloud security products, as well as a security management and orchestration platform - after FireEye split from Mandiant.

The rebranding to Trellix is meant to evoke the word trellis, which is a support for growing plants or fruit trees.

"We envision serving as a security trellis to businesses across the globe, giving them support they need to keep them safe while pursuing their goals," says CEO Bryan Palma. He joined the company in September 2021, having previously served as BlackBerry's president and chief operating officer, Cisco's senior vice president and general manager of Americas Customer Experience, and Boeing's vice president of cyber and security solutions.

"Combining artificial intelligence, machine learning and automation, our living security platform is always learning and adapting so businesses can remain resilient with advanced detection, response and remediation capabilities," he says, noting that the company's products give customers "the capability to ingest over 600 native and open security technologies."

Trellix sports annual revenue of nearly $2 billion and counts nearly 5,000 employees and over 40,000 customers, including more than three-quarters of the world's 500 largest public and private businesses, as measured by revenue.

XDR: What's on Offer?

Every organization today should be using EDR or XDR capabilities, not least to safeguard endpoints against attacks, including via ransomware and other types of malware.

"The promise of XDR dramatically improves security efficacy, and the vendors that can deliver on that promise will capture market share," says Frank Dickson, program vice president for cybersecurity products at market researcher IDC. "However, integrating context and delivering outcomes takes resources and work. It is a monumental effort made possible with the right security partner. With a combined product portfolio that spans endpoint, network, messaging, data protection and cloud services, Trellix has an impressive multitechnology portfolio to address the promise of XDR."

Meanwhile, STG says it plans to launch as a separate business, by the end of March, comprised of what is now known as the McAfee Enterprise Secure Service Edge - aka SSE - portfolio. Market watchers say the company has relatively mature SSE offerings, including cloud access security broker, or CASB; secure web gateway, or SWG; and zero trust network access, aka ZTNA, capabilities. For customers, SSE would often be a subset of their wider secure access service edge - aka SASE - strategy.

One Expert's View of Trellix

So is Trellix offering the type of security support customers and prospects will be seeking?

For security practitioners, offerings from the entity now known as Trellix have a reputation for being easy to deploy, but also for being older products, says my colleague Steve King, director of cybersecurity advisory services for CyberTheory, which is part of Information Security Media Group.

"McAfee Enterprise and FireEye Products are both solid companies held in high esteem by senior security practitioners, yet both solutions feel like 2017 technology. They carry tons of latency; they report alerts noisily with lots of extraneous data from intelligence, which serve as their strength and weakness; and since both are clumsy and slow, neither are suited to real-time detection, which is crucial to use cases in operational technology," he tells me.

"Both are universally disliked because of their resource 'pigginess,' but loved because they are easy to deploy, and they detect a lot, including 'ransomware,'" he adds. Of course, this tends to be the type of offering provided by well-known, long-standing names in the field: A single platform with many different capabilities, promising ease of management, but not necessarily the latest, bleeding-edge or brand-new technologies.

Culturally, King says that McAfee Enterprise and FireEye appear to be a good fit, as is their technology, with FireEye in particular bringing its well-regarded email detection and response capabilities, plus incident response services.

But the EDR and XDR space is incredibly crowded, and it remains to be seen if Trellix will be able to sufficiently articulate its message and prove itself in a way that differentiates it from the competition, King says.

Life Beyond Antivirus

One thing that fascinates me about the endpoint security market is how much of the competition from days gone by remains in play. Names that dominated one or even two decades ago - Norton, McAfee, Symantec, Trend Micro, Webroot, ESET and Avast on the "free," consumer side, and Kaspersky, among others - continued to thrive.

But as the McAfee brand name's journey highlights, the path isn't always smooth. McAfee was founded in 1987 by John McAfee. He sold his stake and resigned in 1994, but his antics became the stuff of tabloid fodder. He was wanted for questioning in a murder investigation in Belize, later became a cryptocurrency touter and ultimately was found dead in a Spanish jail cell last July on the eve of his extradition to face tax evasion charges in the U.S.

The business's journey has also had its ups and downs. Intel bought the antivirus firm - let's call it a cybersecurity concern now - in 2011 for $7.68 billion, as part of an effort to bake security into its chips. McAfee's CEO at the time, David DeWalt, who helped lead the sale, left to form FireEye.

Intel's security-on-a-chip plan, however, failed. In 2016, Intel spun out McAfee with a value of $4.2 billion, with private equity firm TPG taking a 51% stake.

McAfee is far from the only anti-malware company that has experienced speed bumps. In 2005, for example, competitor Symantec acquired storage giant Veritas for $13.5 billion, with plans to unite security and storage. Those plans failed, and in 2015, Symantec offloaded Veritas for $8 billion in cash to asset management firm The Carlyle Group.

In 2019, Symantec's enterprise security assets and brand name were sold to Broadcom in a deal worth $10.7 billion, and the consumer business was renamed NortonLifeLock. Last August, NortonLifeLock moved to buy its London-listed competitor, Avast, for $8.6 billion. But on Wednesday, Britain's Competition and Markets Authority announced that it had launched an investigation into the proposed acquisition.

Clearly, the EDR/XDR space - antivirus in old money - keeps evolving, no matter its name.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.