SOCFortress Integrations — Trellix Advanced Threat Defense (ATD)

SOCFortress
3 min readOct 14, 2024

--

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of McAfee / Trellix Advanced Threat Defense (ATD) events and alerts using a single pane of glass.

About Trellix Advanced Threat Defense (ATD)

“McAfee Advanced Threat Defense (ATD)” is a specialised solution designed to detect and analyse advanced and evasive threats using a combination of sandboxing, machine learning, and static code analysis. It works by analysing suspicious files, including email attachments, and integrates tightly with McAfee’s broader security ecosystem.

(McAfee Enterprise and FireEye merged in 2021. Symphony Technology Group (STG) acquired both companies — McAfee’s enterprise business and FireEye — and later combined them to form Trellix in January 2022. This merger created a large cybersecurity entity with a focus on Extended Detection and Response (XDR) technology. Trellix operates as a separate brand from McAfee, focusing primarily on enterprise-level security solutions. McAfee, after selling its enterprise business, continues to operate independently as a consumer-focused cybersecurity company, offering products like antivirus and VPNs for personal use.)

ATD features and capabilities

  • Advanced threat detection: It uses sandboxing to observe how files behave in a controlled environment and static code analysis to deeply examine file content, aiming to catch zero-day threats and other hard-to-detect malware.
  • Integration with security systems: McAfee ATD works seamlessly with other McAfee products, such as their Endpoint Protection, Web Gateway, and Email Security. Through McAfee Threat Intelligence Exchange, it can automatically update threat intelligence across the network, enabling proactive defense measures.
  • Automated response: Once a threat is detected, McAfee ATD can automatically block the threat or take pre-defined actions, enhancing response times and reducing manual intervention.
  • In-depth reporting: Detailed reports with indicators of compromise (IoCs) are generated, helping security analysts better understand the threat and improve their incident response capabilities.

McAfee ATD also offers flexible deployment options, allowing it to function either on-premise or in the cloud, such as on Microsoft Azure, providing scalability and integration into various environment

Visualizations

In SOCFortress landing page:

Total detections, and events by severity

Audit events:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress
SOCFortress

Written by SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).