Trellix announced the launch of Trellix SecondSight, a new threat hunting service aimed at proactively identifying low-noise advanced threats that often elude traditional detection methods.
This initiative addresses the escalating challenge of alert fatigue faced by security analysts due to the increasing sophistication of threat actors.
"Threat actors' use of AI has significantly increased alert fatigue for security analysts," remarked John Fokker, VP of threat intelligence strategy at Trellix.
"While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight offers analysts a 'second set of eyes' to actively monitor for these low-noise signals, acting as a force multiplier.” John Fokker
The current threat landscape is characterised by "weak signals" that can bypass traditional security measures, as evidenced by the notorious APT28 multi-stage espionage campaign.
Trellix SecondSight leverages both AI-driven analytics and human intuition to analyse telemetry from Trellix's Endpoint Detection and Response (EDR), Email Security Cloud, and Network Detection and Response (NDR) tools. This synergy allows Trellix's Threat Hunters to identify sophisticated threats and provide proactive alerts that keep security teams informed and agile.
Key benefits of Trellix SecondSight include:
- Identifying emerging threats: Trellix hunters specialise in detecting subtle, low-confidence signals and correlating them with internal intelligence. This approach enables the timely identification of critical intrusion evidence that automated systems may overlook.
- Augmenting team intelligence: By providing an additional layer of visibility, Trellix hunters ensure that suspicious movements do not go unnoticed, working alongside organisational analysts to monitor low-confidence signals across multiple telemetry sources.
- Defensive precision: The combination of global AI-driven analytics and elite human expertise allows Trellix to pinpoint subtle indicators of active breaches, delivering early warnings and actionable notifications to customers.
The newly released Trellix SecondSight Threat Hunting Report outlines the top five critical campaigns identified over the past year, along with strategic recommendations for defending against similar attacks.
For instance, the report highlights the UTA0355 spear-fishing campaign’s shift to OAuth abuse, underscoring the need for organisations to cross-reference public threat intelligence with their internal telemetry.
As cyber threats become increasingly sophisticated, Trellix SecondSight aims to empower organisations to proactively defend against targeted espionage operations, OAuth abuse, and zero-day exploits.
