Trellix Security Innovation Alliance Partner Directory


List of Partners

A10 Networks

A10 Networks (NYSE: ATEN) provides Reliable Security Always™ through a range of high-performance solutions that enable intelligent automation with deep machine learning to ensure business critical applications are protected, reliable, and always available. Founded in 2004, A10 Networks is based in San Jose, CA and serves customers globally with offices worldwide.

The A10 Thunder® SSLi® is an SSL/TLS visibility solution that eliminates the encryption-induced security blind spot by decrypting enterprise traffic and enabling security devices to detect and stop encrypted attacks. It can be deployed in a number of different ways, having the ability to decrypt traffic for inline, passive, and ICAP-enabled security devices. The solution, with its security subscriptions, also adds an additional layer of preventive security, all of which can be deployed easily with wizard-driven configuration and management.

Thunder SSLi integrates with the Trellix Network Security Platform (NSP) by intercepting enterprise traffic, decrypting it, and forwarding it to NSP in clear-text. This enables NSP to inspect encrypted traffic easily, and perform advanced intrusion prevention and malware analysis, without compromising performance, so that no malicious content makes it into the network.

Integrated with Trellix Network Security Platform

Absolute Software

Absolute offers uncompromised visibility and near real-time remediation of security breaches at the source. Embedded in more than a billion devices, our Absolute Persistence self-healing endpoint security technology gives IT pros complete control over devices and data. No other technology has the power to withstand user error or malicious attacks, and return devices to an original state of safety and efficacy.

Our cloud-based platform gives IT and security professionals absolute awareness and control of devices, data and applications — whether on or off the network, or in the hands of an unauthorized user. With Absolute, you can enhance IT asset management, protect sensitive data, reduce insider threats, and ensure compliance.


Acalvio: Active Defense Powered By Autonomous Deception.
Acalvio's ShadowPlex delivers Active Defense that enables organizations to detect and respond fast to cyber threats inside the network. The AI-Driven solution is effective against zero-day threats and nation-state threat actors inside the network.

Acalvio ShadowPlex and Trellix ePO, Version: 5.10.0 (on-premises)


AccuKnox Zero Trust CNAPP (Cloud Native Application Protection Platform) is one of the industry's most modern and comprehensive Cloud Security Solution. We are a shift left, DevSecOps, Opensource-led to secure Infrastructure & Applications deployed on Public clouds [AWS, Azure, GCP, Oracle] and Private clouds [OpenShift, VMware].

Allen Corporation of America

Allen Corporation of America provides cybersecurity research, technology, and training solutions to organizations and individuals tasked with detecting and investigating cybercrimes. Allen Corporation’s Advanced Threat Identification-Preemptive Defense (ATI-PD)™, efficiently enforces authorized use policies and protects against insider threats.

By leveraging the investments that organizations have made in Trellix endpoint protection suites, extending the one security agent and centralized management view provided by Trellix ePO, and utilizing the enforcement features of Trellix Host Intrusion Prevention, ATI-PD helps companies protect their critical assets and save time and money. ATI-PD leverages the signature database of one of the industry’s leading malware discovery tools for forensic investigations, WetStone Technologies™ Gargoyle Investigator™, enabling ATI-PD to detect and block the execution of thousands of malicious programs and tools in categories such as steganography, hacker toolkits, encryption, keyloggers, wireless surveillance, password crackers, and anti-forensics.

Allen Corporation Advanced Threat Identification-Preemptive Defense (ATI-PD) software version 1.0 and Trellix Host Intrusion Prevention software and Trellix ePO, with Trellix Agent on Windows workstations and servers [EOL].


Anomali delivers innovative and effective technologies and solutions to address cybersecurity challenges for organizations of all sizes. Through trust, collaboration, and communication, Anomali strives to implement intelligence-driven solutions to achieve its vision: a more secure world.

Trellix Enterprise Security Manager


Appgate is a secure access company providing solutions for people, devices and systems based on the principles of Zero Trust. Our defensive solutions are informed by sophisticated offense-oriented capabilities, machine learning, and telemetry gathered across billions of connections monitored and millions of threats mitigated.

Aruba Networks

Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company's Mobility-Defined Networks empower IT departments to support #GenMobile, a new generation of tech-savvy users who rely on mobile devices for every aspect of work and personal communication. Aruba delivers a secure mobility experience by automating infrastructure-wide performance optimization and security actions that previously required manual IT intervention. The results are dramatically improved security, higher productivity, and lower operating costs.

Aruba has partnered with Trellix to deliver an end-to-end enterprise risk mitigation and management solution by integrating with the Trellix SIEM solution. Aruba's ClearPass, a security and management solution, is a Trellix SIEM supported device. ClearPass is an ultra-scalable, high-availability AAA solution with policy management, guest network access, device on-boarding, and device health checks, with a complete understanding of context. It leverages a user's role, device, location, application-use, and time-of-day to execute custom security policies, accelerate device deployments, and streamline network operations across wired, wireless and VPNs. Both the Trellix SIEM solution and ClearPass are positioned as Leaders in Gartner Magic Quadrants, and used together deliver enterprise-class network access.

Aruba Networks ClearPass 6.6x and Trellix Enterprise Security Manager.


A global leader in digital transformation, Atos provides end-to-end hybrid cloud, big data, cybersecurity, and digital workplace solutions and is the Worldwide Information Technology Partner for the Olympic and Paralympic Games.

Trellix and Atos have partnered to provide a cloud access security broker (CASB) service that combines best of breed technology from Trellix MVISION Cloud and Atos cybersecurity products: Trustway for data protection and Evidian for access management. The combined offer ensures greater control to customers for their data encryption and identity and access management needs across multicloud environments. Atos is now the first partner certified by Trellix SIA for MVISION Cloud products. Customers can now seamlessly experience the single sign-on, authentication, and data encryption capabilities provided by Atos products while securing their SaaS, PaaS, and IaaS cloud environments with Trellix MVISION Cloud.

Atos Trustway and Evidian and Trellix MVISION Cloud

Axis Security Application Access Cloud

Axis Security's Application Access Cloud introduces an amazingly simple and secure solution for zero trust network access (ZTNA) to enable access to any application for any user, anywhere. Built on a zero trust, agentless-first approach, Application Access Cloud enables more use cases, covering more apps than any other access solution. Axis eliminates the need for VPNs, VDI's, network changes, or agents on every device.

Reduce risk by significantly minimizing the attack surface as users never touch the network, or vulnerable applications. By collecting and analyzing real-time user behavior, Application Access Cloud continuously ensures the right users access the right apps.

The Application Access Cloud easily solves even difficult use cases such as zero trust access for remote employees with BYOD, employees of an acquisition or outside contractors, partners, and 3rd parties. This ZTNA cloud service is reimagined from the ground up to be simple — making application access fast to deploy, easy to use, and more secure than ever before.

BedRock systems

BedRock secures the runtime of Containers and Linux in a way never before possible, enabling the prevention of runtime attacks vs after-the-fact detect/respond, without negative performance impact or false positives.

BedRock sees and stops unsanctioned privilege escalation and code execution; instantly, at runtime. Without need for signatures or post-facto analytics, it inoculates the stack from the damage of cyber attacks.


BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry's most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. Our products enable the right level of privileges for just the time needed, creating a frictionless experience for users that enhances productivity.

With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 70 percent of the Fortune 500, and a global partner network. Learn more at

PowerBroker for Windows with Trellix ePolicy Orchestrator, Trellix Enterprise Security Manager and Trellix Data Exchange

Boldon James

For over 30 years Boldon James software has helped organizations manage sensitive information securely and in compliance with legislation and standards. The Boldon James Classifier products classify and protectively mark emails, documents, and files from to improve data loss prevention and reduce archiving costs. Boldon James is a wholly-owned subsidiary of QinetiQ, with offices in the US, Europe, and Australia, and channel partners worldwide.

Boldon James Classifier integrates with Trellix data loss prevention products to reduce the risk of data loss. Classifier captures the user's knowledge of the business value of data, in the form of visual and metadata markings applied to messages and documents. This user perspective can then be used to supplement automated content scanning, in order to deliver more accurate data loss prevention outcomes with fewer false positives, improved user acceptance, and greater risk reduction.

Boldon James Classifier is integrated with Trellix ePolicy Orchestrator and Trellix Data Exchange Layer, providing real-time actionable intelligence and the ability to initiate critical data loss prevention activity throughout the line of Trellix products. With Trellix Data Exchange Layer, Boldon James Classifier can share activity events in real-time with Trellix Enterprise Security Manager, which can monitor, correlate, and analyze user classification and data handling. By analyzing this user activity, Trellix Enterprise Security Manager can detect suspicious behavior, report activity through Trellix ePolicy Orchestrator dashboards, and automatically launch remedial actions to tackle insider threats arising from negligent or deliberate actions.


Bottomline makes business payments simple, smart and secure. Over 10,000 corporate customers, 1,400 commercial and business banks, including 15 of the top 25 global banks, rely on our industry-recognized payment technology to accelerate digital transformation in a complex world of business payments and financial management.


BowBridge Software is a leading provider of content security solutions for mission-critical SAP applications. The AntiVirus Bridge products secure file transfers and data feeds into SAP applications and protect them from malware and other content-based threats, such as cross-site scripting and active content. BowBridge content security products have been certified multiple times by SAP and it has a wealth of experience in securing the most complex SAP implementations.

With BowBridge’s latest generation of solutions, customers worldwide benefit from the integration of Trellix virus scan technology into AntiVirus Bridge for SAP solutions. The combination delivers high performance and maximum protection in the most demanding enviroments. AntiVirus Bridge will feed content security related events directly into Trellix ePolicy Orchestrator (Trellix ePO). This will allow customers to monitor and report on their SAP infrastructure without having to access the SAP system, resulting in a more streamlined and consolidated security view.

BowBridge Antivirus Bridge for SAP solutions 3.0 and Trellix ePolicy Orchestrator.


BUFFERZONE defends endpoints from known and unknown zero-day threats, ransomware, drive-by downloads, and file-less malware by isolating browsers, untrusted applications, email attachments, and removable media in a virtual container. BUFFERZONE seamlessly integrates with Trellix ePolicy Orchestrator (Trellix ePO), and you can easily install and update BUFFERZONE using Trellix ePO agent tasks. From the Trellix ePO software policy catalog, you can define, distribute, and update BUFFERZONE endpoint policies for groups or individuals. Additional BUFFERZONE features include:

  • Secure bridge: A configurable CDR process for safely disarming and extracting data from the container, enabling secure and compliant collaboration.
  • Network separation with passport enforcement: Enforced by the organizational proxy server, endpoint connections to the internet use separate networks from connections to internal, trusted resources.
  • Upload blocker: As part of an organizational DLP strategy, BUFFERZONE can require browser uploads to be from an isolated location without any data from internal sources.
  • Endpoint intelligence: Detailed syslog format reporting and SIEM integration identifies and tracks attacks.

BUFFERZONE 4.1 and above (current version: 5.4) and Trellix ePO (versions 4.6 and 5.1x)

Check Point

Check Point Software Technologies is one of the largest globally network security vendors, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises — from networks to mobile devices — in addition to comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes.

Check Point and Trellix will combine forces to provide a leading solution for continuous monitoring, workflow optimization, and maximum security for enterprises. Through seamless integration techniques, Check Point’s next generation threat prevention platform will share information with Trellix's suite of products to provide the most comprehensive end-to-end security from the network perimeter to the endpoint. Trellix Data Exchange Layer will share security intelligence in real-time so these threats can automatically be blocked by Check Point’s next generation threat prevention platform.

Trellix ePO, ESM and DXL with Check Point’s Next Generation Threat Prevention


Chronicle’s cloud-native security, orchestration, automation and response (SOAR) product empowers security teams to respond to cyber threats in minutes - not hours or days. Chronicle SOAR fuses a unique threat-centric approach, powerful yet simple playbook automation, and context-rich investigation to free up valuable time and ensure every security team member is informed, productive and effective.

The Chronicle SOAR and Trellix Enterprise Security Manager integration helps security teams streamline alerts, automate repetitive processes, and speed up response. The integration adds context to alerts, enriches cases with additional data, and automates triage and response processes.


Cisco Systems is an industry leader in security solutions that extend from network to branch and cloud. By focusing on an integrated architectural approach, Cisco provides solutions that are open to easily share critical security information enabling automated policy enforcement which simplifies the management and scalability of security solutions, effectively protecting customers. This holistic approach enables Cisco to collaborate with technology partners to deliver a complete range of integrated cybersecurity solutions.

Cisco Email Security Appliance and Trellix Advanced Threat Defense. Cisco Identity Service Engine/pxGrid and Trellix ePolicy Orchestrator/Data Exchange Layer


Cloudera delivers the modern data management and analytics platform built on Apache Hadoop and the latest open source technologies. The world’s leading organizations trust Cloudera to help solve their most challenging business problems with Cloudera Enterprise, the fastest, easiest and most secure data platform available for the modern world. Customers efficiently capture, store, process, and analyze vast amounts of data, empowering them to use advanced analytics to drive business decisions quickly, flexibly, and at lower cost than has been possible before.

Cloudera’s Enterprise Data Hub for cybersecurity is designed to detect previously unseen threats early in the attack chain—helping organizations avoid financial and reputational damage. Unlike traditional solutions that provide signature and correlation analysis across subsets of security data, Cloudera Enterprise Data Hub can ingest, store, and analyze any volume or variety of data. This allows for behavior-driven analytics that can detect the smallest changes in user or system behavior—traditionally the most reliable indicators of compromise. It works seamlessly with existing cyber defenses, allowing organizations to quickly deploy and improve their security posture with no disruption.

Cloudera Enterprise Data Hub and Trellix Enterprise Security Manager


Cofense, formerly known as PhishMe, is the leading provider of human-driven phishing defense solutions for organizations concerned with their susceptibility to sophisticated cyberattacks. Cofense delivers a collaborative, cooperative approach to cybersecurity by enabling organization-wide response to the most used attack vector—phishing. Cofense serves customers of all sizes across multiple industries including financial services, energy, government, healthcare, technology, and manufacturing, as well as other Global 1000 entities that understand how engaging user behavior will improve security, aid incident response, and reduce the risk of compromise.
Cofense Triage allows security operations and incident responders to automate the identification, remediation, and sharing of phishing-specific threats. The combination of human reporters and analysis identify attacks that evade perimeter defenses and enable a rapid response. Cofense Triage will integrate with Trellix Enterprise Security Manager to enhance incident response and intelligence workflow.

Cofense Triage also integrates with Cofense Intelligence, a human-verified and enriched phishing attack and threat data source. Cofense Intelligence can also be integrated into Trellix Enterprise Security Manager and supports STIX and JSON. The end result is that customers using Trellix Enterprise Security Manager can receive phishing intelligence data and reported phishing human intelligence that integrates and enhances the SOC and incident response team workflow against the threat of phishing.

Cofense Triage 1.5 or above, Cofense Intelligence with Trellix Enterprise Security Manager 9.5.1 or above and Trellix ePolicy Orchestrator


CryptoVision provides hardware-based signature and authentication solutions with a strong commitment to ease of use, flexibility, and security on crypto smart cards and USB tokens. As optimal personal sensitive data protection and storage devices, hardware tokens are widely integrated with CryptoVision’s own or third-party software solutions dealing with PKI-based model of information security.

CryptoVision is committed to open standards and plans to provide a security solution that combines the strengths of Trellix Endpoint Encryption with the protection of secret keys offered by their smart card product line CryptoCard multiSIGN family.

CryptoCard MultiSIGN with Trellix endpoint encryption solutions


CTERA delivers the industry’s first private cloud IT-as-a-Service platform for storing, syncing, sharing, protecting, and governing data across endpoints, remote offices, and servers. Deployed by Global 1000 enterprises and leading cloud service providers, CTERA transforms private or public cloud infrastructure into scalable, secure, business-critical file services to address the storage, data protection, and collaboration needs of business users.

CTERA was founded upon the belief that enterprise organizations would require the benefits of cloud-based file management without the security compromises associated with traditional SaaS offerings. The CTERA Enterprise File Services Platform is optimized for complete security and privacy, deployable on an organization’s cloud infrastructure of choice, behind their firewall, and with no third-party access to data, keys, authentication, etc. The CTERA platform is tightly integrated with Trellix to provide comprehensive protection for data as it travels across endpoints, offices, and the cloud.

ICAP Protocol with Trellix Web Gateway


Cubro is a leading vendor of network visibility solutions that include network TAPs, Advanced Network Packet Brokers, Bypass Switches and Network Probes, for Service Providers and private and public sector Enterprises worldwide. Our solutions improve security posture while reducing costs by increasing the effectiveness and lifecycle of security devices, improving business continuity, and reducing the TCO while increasing the ROI of security solutions.

Cubro’s products remove network ‘blind spots’ to ensure all relevant network traffic is available for security analysis, filter out unnecessary network traffic for analysis, and provide High Availability capabilities for security solutions. Cubro’s Omnia Advanced Network Packet Broker integrates with the Trellix NSP solution by replicating, aggregating and filtering network traffic collected from network TAPs and SPAN ports and passing the filtered traffic to NSP for intrusion prevention and detection analysis which reduces the time taken to analyse the traffic and extends the lifespan and ROI of the NSP solution. Furthermore, the filtered traffic can be load balanced across multiple NSP devices to maximize business continuity in the event of a scheduled or unscheduled NSP service outage.

Trellix Network Security Platform

Cyber Observer

Cyber Observer is a continuous end-to-end cybersecurity assessment platform.The single pane orientation integrates security tools into a single intuitive interface that enables organizations to continuously monitor tool performance and maintain alignment with cybersecurity, business, and regulatory frameworks. The platform reduces business losses and audit costs by leveraging technology that performs continuous monitoring and auditing using Continuous Controls Monitoring (CCM) On-premises and in cloud (SSPM and CSPM).

Cyber Observer Version 4.0 engages via APIs and direct database connections and supports multiple Trellix solutions (Trellix Database Security, Trellix Web Security, and Trellix ePO) to ensure maximum coverage that provides a strategic approach to a secure environment. Our proprietary connector-based solution coupled with the Trellix suite helps enterprises better manage their cybersecurity environments while continuously monitoring their cybersecurity ecosystem posture.


CyberArk is the only security company that proactively stops the most advanced cyberthreats that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyberthreats before causing irreparable business damage. CyberArk is trusted by the world’s leading companies to protect their highest value information assets, infrastructure, and applications, while ensuring tight regulatory compliance and audit requirements.

CyberArk Privileged Account Security Solution integrated with Trellix Enterprise Security Manager enables security teams to monitor and protect privileged activity, and gain unified, real-time visibility, enabling the identification of critical security threats associated with privileged account activities. The solution generates exceptional detailed tracking and reporting on all privileged activity, meeting auditing and compliance requirements.

CyberArk Privileged Account Security integrated with Trellix ePolicy Orchestrator (Trellix ePO) provides privileged account security monitoring. CyberArk sends Trellix ePO alerts regarding the usage of privileged account credentials. IT administrators can set policies for alerts to be sent to Trellix ePO based on their most important IT. The solution generates compliance reports directly from the Trellix ePO.

The Trellix Enterprise Security Manager and CyberArk Privileged Threat Analytics integrated solution provides unmatched privileged activity intelligence empowering organizations to quickly identify and disrupt the most critical in-progress attacks.

CyberArk Privileged Account Security Solution with Trellix Enterprise Security Manager and Trellix ePO CyberArk Privileged Threat Analytics with Trellix Enterprise Security Manager


Cythereal unifies your existing security products so detection and response can be achieved faster and more economically at scale. Powered by data science, Cythereal completely automates traditionally resource-intensive manual investigations without adding security staff, playbooks, or additional software on your endpoints. Within minutes, its investigations predict attacks likely to succeed, delivering IOCs and signatures tailored from the actual threats attacking your infrastructure. Its reports and intuitive interface let you visualize your organization's current threats, their severity, and depth of penetration. This automated workflow provides continuous assessment without increasing the footprint of your current security team. With Cythereal's MAGIC Early Warning System (EWS), organizations without a SOC can significantly reduce their risk at a fraction of the cost without increasing staff.

The easy integration between MAGIC EWS with Trellix products allows organizations to quickly and dramatically reduce their risk of breach by advanced threat actors. For customers with existing Trellix products, MAGIC EWS can be deployed in days. This is much faster than similar security automation products that require trained staff to operate, playbooks to be written, and months to deploy. By unifying sensor data to realize automatic informed decision options, MAGIC-driven investigations deliver proactive and predictive prevention and maximize the value of your existing security infrastructure—saving you both time and resources.

MAGIC EWS 1.0 and Trellix MVISION Insights


Cyware helps enterprises transform security operations while breaking through silos for threat intelligence sharing, collaboration, and automated threat response. Cyware’s Cyber Fusion platform integrates seamlessly with Trellix ESM, enabling security teams to proactively stop threats, connect the dots on security incidents, and dramatically reduce response time and analyst burnout.


D3 SOAR is the first and only security orchestration, automation and response platform with MITRE ATT&CK in its DNA. D3's Automation and ATT&CK Intelligence streamline enrichment and response while eliminating manual tasks and false positives. D3's Orchestration allows SOC operators to coordinate incident response workflows across all tools and assets, ensuring rapid and consistent remediations.

The tight integration between D3 SOAR and Trellix ESM helps SOC and IR teams by improving the speed and quality of investigations, enabling proactive analysis, and dramatically reducing MTTR. Events in ESM trigger detailed playbooks in D3, which automatically act on intelligence and from the security infrastructure and data sources. Playbooks can be built using D3's drag-and-drop Visual Canvas, or through ready-to-deploy apps and runbooks within D3. D3's powerful ATT&CK features extend automation beyond IR, to deeper investigations and threat hunting. By surfacing ultra-rich context about adversarial intent, D3 keeps SOC operators focused on suspicious behaviors and critical threats.

D3 SOAR and Trellix Enterprise Security Manager

DB CyberTech

DB CyberTech pioneered predictive data loss prevention for databases. Its patented technologies are based on deep protocol extraction, machine learning, and behavioral analysis. DB CyberTech provides real-time visibility and continuous situational awareness of all conversations between databases and their connected clients. This is critical because you can’t protect what you can’t see. Through non-intrusive analysis of data in motion, DB CyberTech discovers database assets, classifies high-value structured data, and identifies imminent threats of data loss in the earliest phases of an attack—before any data loss has occurred.

The planned integration with Trellix Data Loss Prevention and Trellix database security solutions will provide continuous full-spectrum data tier visibility and threat detection. In addition, DB CyberTech’s machine learning and behavioral analysis capabilities will integrate with Trellix Enterprise Security Manager to provide additional threat insight on suspicious activity detection. This will in turn be reported through Trellix ePolicy Orchestrator for cross-infrastructure alarm correlation and initiate immediate remediation response.

DB CyberTech Visibility, Privacy, Security 6.1 and Trellix ePolicy Orchestrator 5.10.0

Deep Secure

Deep Secure is a cybersecurity company that delivers content threat removal. The solution addresses a gap in the market for defeating unknown undetectable content threats without the need to examine or isolate threats. It works by extracting the useful business information from the source data and builds new, clean data to carry the information to its destination.

Deep Secure's Content Threat Removal for Web Gateways and the Anti-Steganography Solution will be integrated with Trellix Web Gateway to completely remove content-borne threats, such as zero day, ransomware and sophisticated steganography exploits, from office productivity formats and image data types during any web upload or download activity. This integration ensures that the web browsing user experience can be maintained whilst providing assured threat free content to the user. The integration between Deep Secure and Trellix uses ICAP to always deliver new rebuilt data to the user's browser.


Def-Logix, Inc. is an emerging leader in the provision of Information Assurance, Software Engineering, and Information Technology services to the Defense, Intelligence and Commercial communities. Our mission is to provide innovative technological expertise and solutions to our customers. We offer specialized services in computer and network security and state-of-the-art technology solutions to serve the critical needs of our government and commercial customers. Def-Logix sets itself apart by the caliber of its work and a strong culture of innovation.

Deployable Enhanced Forensics (DEF) - End Node Detector (END) includes cutting edge tools for performing computer/network forensics in the Enterprise. It automatically correlates boundary network events to host systems, and then automatically collects forensic information from effected devices. This information is analyzed by a server to determine if the system has been compromised. DEF-END will be integrated with ePO, with incidents reported back to ePO dashboards where appropriate action can be taken by system administrators or incident responders.


Demisto Enterprise is the first security operations platform to combine intelligent automation and collaboration into a single ChatOps interface. Demisto’s automation is provided by DBot which interacts with users via ChatOps for playbook-based workflows, cross-correlation, and information sharing, helping security teams scale while learning how humans are wired together.

The integration helps incident responders optimize usage of Trellix products by automating incident investigations through real-time collaboration and lightning-fast automation of the complete incidence response cycle. The platform helps plan, prioritize, and track response to incidents as they appear in Trellix Enterprise Security Manager. It also provides threat feed providers to enhance incident data with threat and organizational context, automating remediation and response by triggering incident-specific playbook/workflows using Trellix ePolicy Orchestrator.

Demisto Enterprise and Trellix Enterprise Security Manager

Digital Defense

Founded in 1999, Digital Defense, Inc. is an industry recognized provider of security assessment solutions, helping organizations defend data and protect brands. The company’s Frontline.Cloud is a cloud-based suite of solutions underpinned by innovative, patented technology, complemented with unparalleled service and support, while its security awareness training promotes security-minded behavior. The company has been designated Best Scan Engine by Frost & Sullivan, ranks 16 in Cybersecurity Ventures World’s 500 Hottest Cybersecurity Companies, and was awarded a five-star review by SC Magazine.

Integrations with Data Exchange Layer, Trellix ePolicy Orchestrator, and Trellix Enterprise Security Manager will enable more informed decisions, automation of remediation, and faster, more accurate responses.


Dragos has a global mission: to safeguard civilization from those trying to disrupt the industrial infrastructure we depend on every day. The expert practitioners who founded Dragos were drawn to this mission through their decades of experience in the US Military and Intelligence Community going head-to-head with cyber attackers who threaten the world’s industrial infrastructure. Our solutions combine advanced technologies for asset identification, threat detection and response with the battle-honed insights of our elite team of industrial control systems (ICS) cybersecurity experts. We arm enterprises with the tools to identify threats and respond to them before they become significant breaches. Dragos currently protects hundreds of organizations and provides the industrial control systems community with select free technology products, research and thought leadership. Dragos is privately held and headquartered in the Washington, DC area.

Dragos Platform and Trellix Enterprise Security Manager

Extreme Networks

Extreme Networks, Inc. delivers software-driven networking solutions that help IT departments everywhere deliver the ultimate business outcome: stronger connections with customers, partners, and employees. It provides solutions from wired to wireless, desktop to data center, on premise or through the cloud. Trellix and Extreme Networks are integrating ExtremeControl and Trellix ePolicy Orchestrator and Trellix Data Exchange Layer products for enhanced visibility and control of system endpoints, so users can connect securely anywhere and anytime.


Fasoo has built a worldwide reputation as an enterprise digital rights management (ENTERPRISE DIGITAL RIGHTS MANAGEMENT) solution provider with industry-leading solutions and services. Fasoo Enterprise Digital Rights Management allows organizations to prevent unintended information disclosure or exposure, ensuring a secure information-sharing environment, to better manage workflows and simplify secure collaborations both internally and externally. Fasoo has successfully retained its leadership in the Fasoo Enterprise Digital Rights Management market by deploying enterprise-wide solutions for more than 1,100 organizations, securing more than 2 million users. Fasoo is seeing continuous improvement in its global market position, based on its unique technology, ongoing R&D, and strategic approach to comprehensive product capabilities. Fasoo is also planning for future expansion through new business models, including database security (Solidbase), static code analysis (Sparrow), and content platform solutions.

Trellix Data Loss Prevention scans, detects data, and enforces appropriate actions using contextual awareness to reduce the risk of losing sensitive data through exfiltration. When sensitive data has been legitimately sent to authorize users outside the organization, Fasoo Enterprise Digital Rights Management protects the data from subsequent transfers to unauthorized users. Fasoo Enterprise Digital Rights Management integrated with Trellix Data Loss Prevention forms an essential solution to protect sensitive data, both within and outside of the organization. Considering most data leaks originate from insiders who have or had authorized access to sensitive documents, organizations must enhance existing security infrastructures with data-centric security solutions to persistently protect data in use. This integrated solution enables organizations to allow Trellix Data Loss Prevention to scan DRM-protected documents and apply policies; enforce policy engines to encrypt (reclassify) as DRM-protected documents; and secure data persistently to reduce the risk of losing sensitive data from both insiders and outsiders.

Fasoo Enterprise Digital Rights Management and Trellix Data Loss Prevention

Fidelis Cybersecurity

Fidelis Cybersecurity helps organizations emerge stronger and more secure. Developed and used by cyber experts from the DoD, US Intel Communities, Managed Security Providers, and Fortune 100 companies, Fidelis Cybersecurity defends private and public global enterprises from the next high-profile security breach. We have built some of the most secure environments, and Fidelis Elevate has been relied upon to find, stop, or remediate some of the world’s most high-profile security attacks in both the commercial and government sectors.

Trellix Endpoint combined with Fidelis Network Detection and Response (Fidelis Network or NDR) provide a powerful solution to help customers quickly discover, disrupt, respond, and stop network and endpoint threats. When combined with Trellix EDR, Fidelis can automate responses and escalate the priority of any network detection that evades endpoint detection and becomes active. The integration can also trigger manual and automated responses at the endpoint, providing a more global response. Fidelis Deception is an optional addition that builds an automated decoy network based on terrain to help engage, find and neutralize adversaries earlier.


FireMon, formerly Secure Passage, provides enterprise security management software that gives companies deeper visibility and tighter control over their network security infrastructure. A leading provider of firewall policy, risk, and compliance management solutions, FireMon’s flagship product, Security Manager, simplifies and automates the analysis of configuration and change management processes to enhance security, optimize performance, and speed compliance reporting. Security Manager analyzes changes and performs audits in real time, simplifies policy management, and enforces configuration governance across firewalls, switches, routers, and other network devices. Security Manager is the only solution on the market that can be customized to meet the unique audit and compliance reporting requirements for networks of all sizes, while enabling IT organizations to do more with less effort. Enterprise-strength deployments of Security Manager around the world support more than 40,000 active security devices.

FireMon Security Manager helps keep Trellix Firewall Enterprise running smoothly with a complete configuration management solution. Wizard-based discovery monitors device configurations and verifies their current state, usage, and connections. FireMon Security Manager also monitors the complete Trellix Firewall Enterprise infrastructure, where it checks for user editing events and captures a full audit trail of operations. Enforcement points are monitored for policy installations and inefficiencies, as well as usage.


ForeScout offers Global 2000 enterprises and government organizations the unique ability to see devices, including non-traditional devices, the instant they connect to the network. It lets you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Unlike traditional security alternatives, ForeScout achieves this without requiring software agents or previous device knowledge. The company’s solutions integrate with leading network, security, mobility, and IT management products to overcome security silos, automate workflows, and enable significant cost savings. More than 2,000 customers in over 60 countries improve their network security and compliance posture with ForeScout solutions.

The ForeScout Extended Module for Trellix ePolicy Orchestrator (Trellix ePO) provides bi-directional integration between ForeScout CounterACT and Trellix ePO. This integration improves security and operational efficiency, simplifies risk and compliance management, and provides IT security managers with superior visibility and control of both managed and unmanaged endpoints on the network. In addition, ForeScout’s solution helps organizations save time by automating installation of security agents, including those from Trellix, and verifies that those agents are healthy and up-to-date.

ForeScout Extended Module 2.8 and Trellix ePolicy Orchestrator
ForeScout CounterACT and Trellix Enterprise Security Manager


Fortinet secures enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network. The Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. More than 320,000 customers worldwide trust Fortinet to protect their businesses.

Fortinet plans to integrate with Trellix Enterprise Security Manager to provide a solution that leverages Fortinet’s best-in-class network security and Trellix Enterprise Security Manager’s advanced capabilities to deliver performance, actionable intelligence, and solution integration at the speed and scale required for security organizations. The joint solution will enable customers to use Trellix Enterprise Security Manager for prioritizing, investigating, and responding to threats, and leverage the Fortinet FortiGate firewalls and Fortinet Security Fabric to enforce network compliance and gain end-to-end visibility of their endpoints and network infrastructure.


Getvisibility enables organizations to understand and secure their sensitive information and align to multiple regulatory standards. Getvisibility’s dual approach to data classification, allows end users to classify documents as they are created, aided by AI suggestions. Once classified, the suitable level of protection is then applied. Our AI engine then verifies end user activity and provides reporting on misclassification and unusual activity. Meanwhile, using state-of-the-art machine learning algorithms, we combine natural language processing with neural networks and optical character recognition. This allows us to discover and classify unstructured data across organizations with unparalleled accuracy and speed without affecting server performance. The Getvisibility reporting suite enables data remediation through tactical reporting on issues such as duplicate data, redundant obsolete or trivial data (ROT), data retention, access permissions and much more. Through the Getvisibility Data Risk Score, organisations have access to multi-layered data risk reports, applicable stakeholders at varying levels and with tangible metrics and recommendations.

Integration between Trellix and Getvisibility allows Trellix products to read data labelled by Getvisibility and apply protection rules based on classification labels. Getvisibility’s discovery and classification solution is integrated with Trellix ePolicy Orchestrator and Trellix Data Exchange Layer, instantaneously enabling data protection activity throughout the line of Trellix products. Getvisibility provides end user activity reporting with the Trellix Security manager via the Trellix Data exchange Layer, including user misclassifications and blocked activity. This enables organisations to quickly apply remediations around retraining, negligence or possible insider threats as this suspicious behaviour can be analysed by Trellix enterprise Security Manager and reported via Trellix ePolicy Orchestrator dashboards.


HyprEdge platform empowers Enterprise Teams to achieve business outcomes using automation that is independent of the tools and applications.

HyprEdge was formed on the core belief that organizations pursuing digital transformation should have automation as a core part of their strategy to become a successful a Digital-1st business.

IBM Security

Trellix Threat Intelligence Exchange (TIE) acts as a reputation broker to enable adaptive threat detection and response. It combines local intelligence from security solutions across your organization, with external, global threat data, and instantly shares this collective intelligence across your security ecosystem, enabling solutions to exchange and act on shared intelligence.

This integration with IBM Resilient automatically searches Trellix TIE for reputation when IOCs and artifacts are tracked within the Resilient IRP, alerting the incident response team to significant IOCs. This ensures that security analysts can operationalize threat intelligence data in real time, allowing them to focus energy on investigation and response.


Illumio, the Zero Trust Segmentation company, stops breaches from spreading across the hybrid attack surface.

The Illumio ZTS Platform visualizes all communication and traffic between workflows, devices, and the internet in one console, automatically sets granular segmentation policies to control unnecessary and unwanted communications, and isolates high-value assets and compromised systems to proactively or reactively stop the spread of a breach.

ZTS is proven to help organizations of all sizes, from Fortune 100 to small business, stop breaches and ransomware in minutes, save millions in application downtime, and accelerate cloud and digital transformation projects.

Assume breach. Minimize impact. Increase resilience.


With Illusive’s early, reliable detection, advanced persistent threats (APTs) become manageable events. Typically, APTs are the hardest to detect and derail because attackers silently slip past even the best-tuned security controls, establish a foothold in a network, and move undercover toward their targets. If there are warning signs, SOC teams, drowning in alerts and IT data, can easily miss them. By the time the adversary is revealed, the incident has become a full-blown business crisis. Developed by some of the world’s leading cyberwarfare experts with decades of hands-on experience, Illusive applies a deep understanding of how attackers think and operate to better stop these threats.

Illusive will be integrating with Trellix ePolicy Orchestrator (ePO), Advanced Threat Detection (ATD), and Enterprise Security Manager (ESM). Upon detection of malicious actors, the Illusive solution will capture the attacking executable and send it over for detonation in Trellix ATD. In addition, the incident information will be forwarded to Trellix ESM to provide the SOC with incident response information based on Illusive's forensics capabilities.

Intel 471

Intel 471 arms enterprises and government agencies to win the cybersecurity war by leveraging our platform to gain real-time monitoring of threats to protect their organizations from costly, debilitating security breaches and cyber incidents.

Our partnership complements Trellix’s native threat intelligence capability by delivering increased contextual intelligence. Global customers gain unique insight into malware families by leveraging our advanced cybercrime and adversary intelligence.


IntSights Cyber Intelligence is redefining cybersecurity with the industry’s first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our groundbreaking data-mining algorithms and unique cyber reconnaissance capabilities continuously monitor an enterprise's external digital profile across the surface as well as the deep and dark web, categorize and analyze millions of threats, and automate the risk remediation lifecycle—streamlining workflows, maximizing resources, and securing business operations.


A leading cybersecurity provider and Trellix Partner that helps tens of thousands of organizations worldwide make email safer, restore trust and strengthen cyber resilience.

  • Enhanced email security to further protect against phishing, malware attacks and impersonation attempts
  • Web security to ensure your users remain safe online
  • Continuity with a 100% SLA on availability - keep users communicating during an email migration or downtime
  • A multipurpose archive and data protection for both remediation, corporate governance and compliance
  • Awareness training to educate your users on the best practice when tackling the modern emerging threats
  • DMARC enforcement and brand protection to protect against the fraudulent web domains you own and don't own
All delivered through one simple interface and designed to help you stand strong in the face of cyberattacks, compliance risk, human error and technical failure. Whether you choose one, some, or all of the services in the Mimecast suite, we make it easy to do business with us.


Minerva Labs is an innovative endpoint security solution provider that protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. Minerva’s Anti-Evasion platform blocks unknown threats that bypass existing defenses by deceiving the malware and controlling how it perceives its environment. Without relying on signatures, models or behavioral patterns, Minerva’s solution deceives the malware and causes it to disarm itself, thwarting it before the need to engage costly security resources.

Minerva Anti-Evasion Platform integrates with Trellix ePolicy Orchestrator and the Data Exchange Layer (DXL) to prevent malware infections that use evasive techniques without duplicating security approaches. Minerva’s software can be deployed and managed within the Trellix ePO environment to strengthen endpoint security on both modern and legacy systems without management overhead or performance concerns. To facilitate “single pane of glass” oversight, the infections prevented by Minerva can be seen in the Trellix ePO dashboard. This avoids the complexity and costs of introducing a new process into the organization.

Minerva Anti-Evasion Platform and Trellix ePolicy Orchestrator and DXL

Mira Security Logo

Our mission is to provide visibility into network traffic as our customers transition to higher speeds and new architectures, and to eliminate the compromise between privacy and security along their journey.

Mira Encrypted Traffic Orchestration (ETO) enables enterprises to remove this “blind spot” by providing visibility into encrypted traffic for the full range of security and analytic tools being used. The Mira solution addresses encryption challenges and removes bottlenecks today, and can scale with the architectures of tomorrow.


MONET+ is a major central European player in the payment solutions industry. MONET+ ranks among the leading suppliers of smart card-based systems on the Czech and Slovak IT markets, providing comprehensive, sophisticated solutions that meet strict compliance and security standards. MONET+ focuses on secure transaction systems and related products, such as secure communication and client authentication. MONET+ solutions are used by companies in the banking sector, large supermarket chains, private companies, and state administration offices. Thousands of users use MONET+ products and solutions daily to securely access their working and user environment.

MONET+ will integrate ProID+, its two-factor authentication product, with Trellix Endpoint Encryption. ProID+ enables secure access to systems via microchip-embedded cards. ProID+ provides strong authentication for end users and single sign-on to any application throughout the enterprise, and delivers implementation of Public Key Infrastructure (PKI) to customer's IT systems. Using the CryptoPlus architecture, which supports a wide range of applications within organizations, ProID+ customers can easily build secure information systems.


Morphisec is the industry leader for endpoint protection against in memory and fileless attacks with its Moving Target Defense technology, which instantly and deterministically stops the most dangerous unknown and evasive threats while allowing companies to cut operational costs. With a true prevention-first approach to stopping zero days with no false positives, Morphisec eliminates the complexity and burden for organizations struggling to respond to cyberattacks. Morphisec traps are deterministic as malicious and therefore means it has bypassed all other detection, scanning tools. Therefore 100% no-false positives provides very high-fidelity, actionable threat intelligence including attack description, full attack timeline from its earliest stages and internal memory information about the attack that is instantly visible from Trellix ESM.

Morphisec adds its advanced threat prevention capabilities and the rich forensic event data that is integrated directly into Trellix ESM platform and management console. The added preventative capability from Morphisec gives operators a significant value-add on top of Trellix's own endpoint suite for reporting through Trellix ESM. Because Morphisec can prevent a high volume of advanced, fileless attacks, it complements Trellix's detection and exploration capabilities across devices, subsequently supporting large-scale incident response. This creates additional value and residual efficacy for Trellix customers to cover a larger landscape of unknown threats.


Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix enterprise cloud platform delivers the agility, pay-as-you-grow economics and operational simplicity of the public cloud, without sacrificing the predictability, security and control of on-premises infrastructure. Nutanix solutions leverage web-scale engineering and consumer-grade design to natively converge compute, virtualization and storage into a resilient, software-defined solution that delivers any application at any scale.


NXLog was established to develop IT security tools, with event log collection solutions being the primary focus. Using NXLog’s products, customers can build a secure, flexible, and reliable log infrastructure that satisfies the highest IT requirements of any organization and enables them to achieve regulatory compliance, easily identify security risks and policy breaches, or analyze operational problems. Its log collection technology allows harvesting event data on all major operating systems and can handle data sources that others cannot cope with, giving total insight into what's happening in IT systems. NXLog is known for its exclusive log collection capabilities and is chosen and trusted by security experts and partners who also rely on our technology.

The inclusion of NXLog Enterprise Edition version 4.1 in the Trellix Security Innovation Alliance is evidence of a mutual commitment to empower security teams by strengthening their IT defenses. Integrating with Trellix Enterprise Security Manager, a leader in the Gartner Magic Quadrant for SIEM, NXLog Enterprise Edition version 4.1 allows analysts to feed event log data of all formats. Through secure and reliable log data collection offered by NXLog, teams can be assured that their log data collection needs are covered to manage potential security incidents for further prioritization and management.


OPSWAT is a software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, it delivers solutions and technologies that protect organizations from threats and help secure digital data flow. OPSWAT helps protect some of the world’s critical operations: critical infrastructure, government agencies, and financial institutions.

The joint solution allows any Trellix Web Gateway user to leverage the power of OPSWAT’s Metadefender ICAP Server solution. Through the ICAP integration, all traffic will first be filtered by Metadefender, which offers high-class protection for known vulnerabilities, known and unknown threats, and for all zero-day threats embedded in productivity files, which will be sanitized through the data sanitization engine.

Panasonic Security

Panasonic Security is built on a heritage of providing evidential quality CCTV footage, delivering the highest image quality in all environmental conditions using reliable, advanced technology cameras and image recording systems developed over the last 50 years. Its continuously expanding range of security products contain a variety of intelligent features, many of which can be seamlessly integrated to create a complete, reliable, and cost effective security system.

Panasonic Security provide a variety of products to cater to a wide range of applications; from a fully integrated security system to single items such as security cameras, access control systems, fire alarms, and video intercom. Logo evolves both humans and AI. converts human analysts’ actions across their tools into rich knowledge, which drives the automation and streamlining of cybersecurity ticket processing while continuously upskilling humans. products now support the latest versions of Trellix Helix. With our partnership, Trellix Helix users can further scale their operation; reduce mean time to resolve incidents (MTTR) by 25%, reduce the likelihood of SLO breaches, generate playbook recommendations to automate 15% additional workloads while upskilling human analysts with on-the-job context coaching. Value is demonstrated within weeks of deployment.

Picus Security

The Picus Security Validation Platform simulates real-world cyber threats to validate organizations’ cyber readiness across on-premises environments and the cloud. Supplying actionable insights and mitigation suggestions, the platform helps security teams address coverage gaps and optimize security controls before breaches can occur.


Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cybersecurity. Rapid7 combines its extensive experience in security data and analytics, and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Its solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks.

Rapid7 is integrating Nexpose, the leading vulnerability management toolset, with Trellix ePolicy Orchestrator and Trellix Data Exchange Layer. This will enable organizations to see the risks that are present on and off their network and drive action towards remediating those risks.

Rapid7 Nexpose and Metaspoloit Pro are integrated with Trellix Enterprise Security Manager
Rapid 7 Nexpost is integrated with Trellix Data Exchange Layer


Raz-Lee Security is a leading international provider of security, auditing, and compliance (SOX, PCI, HIPAA, etc.) solutions for the IBM i. Raz-Lee’s customers include companies of all sizes, from SMBs to enterprises in all vertical markets and industries. Raz-Lee’s iSecurity suite of products includes both infrastructure security solutions that protect network access, monitor and report on system activities, manage user profiles and authorities, and track software changes, as well as application security solutions which audit database activity, provide real-time alerts when critical business data changes, enable business intelligence analysis of application data changes, and much more. iSecurity has full multi-LPAR management capabilities and works in both green-screen and full GUI modes.

iSecurity’s integration with Trellix Database Activity Monitoring (DAM) will entail collection and transfer of DB2 activity originating on the IBM i. The Trellix sensor running on an external Linux machine will receive events from iSecurity, evaluate each event, and communicate with the DAM server to apply policy rules and report on the events. As such, iSecurity will enable multiplatform users of Trellix DAM to incorporate database and security-related information originating from IBM i systems, resulting in increased security visibility and faster time to problem resolution.

Raz-Lee Firewall 16, Raz-Lee Audit 12, Trellix Database Activity Monitor, and Trellix Enterprise Security Manager.


ReversingLabs provides cybersecurity software for analyzing and classifying unknown file content on enterprise networks. Solutions are powered by next generation automated static analysis, the proprietary RHA functional similarity algorithm, and the world's largest file reputation repository. This technology provides a rich resource of critical and actionable information to SIEMs and other security solutions. Capable of analyzing over 1 million unique files per day per server ReversingLabs is more than a sandbox. It adds another layer of protection beyond traditional advanced analysis solutions. It also provides an activity log for all files moving across the network (internal and external IP addresses) regardless of the data flow direction (inbound, outbound, or lateral). Its automatic retrospection analysis supports security teams and forensics investigations providing instant notification on any file that has been seen before and whose disposition has changed.

The ReversingLabs N1000 Network File Flow Analysis sensor analyzes all web, FTP, and email payloads. Regardless of port or traffic direction, every extracted file is analyzed and logged. N1000 integration forwards ‘interesting events’ to Trellix Enterprise Security Manager via CEF logs. The appliance monitors all configurable traffic. Extracted files are classified in real-time and recursively unpacked removing obfuscation and all internal files and objects. Using advanced hashing techniques this technology neutralizes effects of polymorphism identifying similarities to known malware and goodware, classifying unknown threats.

The ReversingLabs N1000 Network File Flow Sensor Appliance and Trellix Enterprise Security Manager

Ridge Security

RidgeBot by Ridge Security enables CISOs to reduce cyber risks through exposure management: conducting extensive AI-powered automated penetration testing and attack simulation that prioritizes and validates cybersecurity efforts and controls. RidgeBot is integrated with the Trellix Helix platform to strengthen SecOps efficiency by continuously providing cyber risk visibility.


SailPoint brings the power of identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster, and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency, and compliance to enterprises with complex IT environments. SailPoint's customers are among the world’s largest companies in virtually every industry.


SanDisk has been transforming digital storage with breakthrough products and ideas that push the boundaries of what’s possible. Its flash memory technologies are used by many of the world's leading data centers, embedded in the most advanced smartphones, tablets, and laptops. From handheld devices to hyper-scale data centers, SanDisk is expanding the possibilities of storage.

Safeguard data and stay compliant with Trellix data protection solutions and SanDisk Self-Encryption Solid State Drives which are designed for strong hardware-based data encryption for endpoint data loss prevention. Hardware-based data encryption found on SanDisk Solid State Drives provide the maximum data protection for corporate data or sensitive consumer data such as found in regulated industries such as healthcare and government. All SanDisk Solid State Drives have been validated with the drive encryption software component available in three Trellix data and endpoint protection suites, and is managed through Trellix ePolicy Orchestrator.

SanDisk Self-Encryption Solid State Drives with Trellix ePolicy Orchestrator


Seclore offers the market’s first fully browser-based Data-Centric Security Platform, which gives organizations the agility to use best-of-breed solutions to discover, identify, protect, and track the usage of data wherever it goes, both within and outside the organization’s boundaries. The ability to automate the Data-Centric Security process enables organizations to fully protect information with minimal friction and cost. Over 6,000 companies in 29 countries are using Seclore to achieve their data security, governance, and compliance objectives.

Seclore enhances the protection of confidential information provided by Trellix Data Loss Prevention (Trellix DLP) solutions, by extending the jurisdiction of DLP beyond the enterprise perimeter, adding granular usage permissions, and providing the full tracking and audit records needed for compliance. Also, as part of its Data-Centric Security Platform, Seclore provides the most advanced, most secure, and most connected Rights Management, protecting sensitive files in transit, at rest, and even in use.

Seclore Rights Management, Seclore Data Classification, Seclore Policy Manager, and Desktop Client are all integrated with the latest versions of Trellix DLP Endpoint Discovery, Trellix DLP Endpoint Cloud Protection, and Trellix ePolicy Orchestrator.


SecMaker is the leading supplier of smart card-based security solutions to companies, public agencies, and organizations in the Nordic region. Its solutions protect and safeguard information, systems, and data traffic for more than 1 million business users in Scandinavia. SecMaker has 20 years of experience in IT security for complex environments.

SecMaker offers complete security solutions for IT in cooperation with other key players in the industry. It cooperates in development projects with manufacturers of platforms, thin clients, smart cards, and card readers. It also takes an active role in achieving international standardization of smart card-based security. It’s developing tomorrow’s security solutions based on PKI and smart cards.


SecureCo offers a software-defined data delivery network to provide superior assurance and confidentiality for internet transmissions using stealth, deception, and obfuscation. Our solutions protect both data-in-transit and the systems and end users whose connected activity might otherwise make them vulnerable. SecureCo’s zero trust technology is designed to hold up against the toughest cyber adversaries in untrusted network environments, going beyond encryption to anonymize and cloak data transmissions. SecureCo complements existing government and enterprise security solutions, making their sensitive data-in-transit and endpoints much harder for threat actors to find, observe and disrupt.

SecureCo will be integrating its CONNECT product with the Trellix ePolicy Orchestrator (ePO) and the MVISION Cloud CASB solution. With this integration, SecureCo CONNECT will be able to provide Trellix customers with obfuscated internet data routing between their protected device endpoints and their secure cloud services. These obfuscated connections not only provide multiple layers of encryption security, but are designed to camouflage customer data transmissions to avoid detection and interception.


Securonix provides a leading information risk intelligence platform for security and compliance professionals. The platform consumes identity, access, and activity information from any source and then uses behavior, access, and identity risk analytics to continuously identify the highest risk users, resources, and activity in the environment for proactive management. At the enterprise application level, such as SAP and Oracle, Securonix goes deeper to automatically and continuously identify and fingerprint sensitive data for data loss protection while monitoring high-risk activity and access.

Trellix DLP, ePO, and NitroSecurity customers can use Securonix to extend their visibility, monitoring, and critical data protection into key enterprise applications while enriching their security management with advanced identity, access, behavior analysis, and dynamic policies. This integrated Trellix-Securonix solution extends valuable coverage to an enterprise’s critical applications while focusing the output down to an actionable set through analytics.

Securonix Identity Intelligence 3.1, Securonix Threat & Risk Intelligence 3.1, Securonix Application Intelligence 3.1, Trellix Data Loss Prevention, and Trellix Enterprise Security Manager


ServiceNow helps the modern enterprise operate faster and be more scalable. Its service model defines, structures, and automates the workflows, removing dependencies on email and spreadsheets to transform the delivery and management of services for the enterprise. ServiceNow enables service management for every department in the enterprise including IT, security, and human resources.

ServiceNow Security Operations will integrate with Trellix Enterprise Security Manager and Trellix ePolicy Orchestrator to send action or data requests and visualize security posture through customizable dashboards. This will allow IT to enable faster response to security incidents and import intelligence data to assist in making incident remediation more efficient. It then automatically creates new incidents from security alerts and streamlines response efforts with workflows and automation.

ServiceNow Security Operations integrates with Trellix Enterprise Security Manager and ePolicy Orchestrator

Skyhigh Security

Skyhigh Security and Trellix provide a deep integration of DLP classifications and incidents with Trellix ePolicy Orchestrator (ePO) for a 360 view of DLP by extending on-prem DLP classifications to Skyhigh Cloud Platform and sending incidents to ePO for centralized SOC management.


Spirion (formerly Identity Finder) is the leading provider of sensitive data risk reduction solutions. The company's flagship product, the Spirion data platform, accurately finds all sensitive data, anywhere, anytime, and in any format on endpoints, servers, fileshares, databases, and in the cloud with practically zero false positives. For more than a decade, Spirion has been helping organizations eliminate and prevent sensitive data sprawl by reducing the sensitive data footprint by 99% or more and operationalizes data protection policies and controls to meet a broad range of compliance requirements from PCI to PII to HIPAA and beyond. Spirion is used by thousands of organizations among leading firms in the healthcare, public sector, retail, education, financial services, energy, industrial, and entertainment markets.

When Spirion integrates with Trellix Total Protection for Data Loss Prevention, customers can accurately classify their sensitive data assets and leverage Trellix endpoint technology for corporate policy enforcement.

Spirion version 8.x and later, and Trellix Total Protection for Data Loss Prevention

Splunk> Phantom

The Splunk Phantom platform combines security infrastructure orchestration, playbook automation, and case management capabilities to integrate your team, processes, and tools. Splunk Phantom’s flexible app model enables you to connect and coordinate complex workflows across your team and tools. Powerful abstraction allows you to focus on what you want to accomplish, while the platform translates that into tool-specific actions.

Splunk Phantom integrates with Trellix Enterprise Security Manager and Trellix ePolicy Orchestrator (Trellix ePO) to make security operations smarter, faster, and stronger. Security events ingested from Trellix Enterprise Security Manager trigger the automated execution of playbooks on the Splunk Phantom platform. Phantom Playbooks automate workflows for threat investigation, indicator hunting, containment with Trellix ePO, remediation, and other scenarios.

Trellix Enterprise Security Manager and Trellix ePolicy Orchestrator with Phantom and Phantom Playbook


SPP is a value-added technology driven solution provider based in Vienna, Austria. SPP was founded in July 1987 to distribute standard software products to the Austrian market and serve as the local representation for key software manufacturing vendors, while delivering high customer satisfaction.

For the last 10 years SPP’s core competencies are IT-security, enterprise content management, change and transport management for SAP-customers, as well as operational intelligence (log-management and SIEM solutions). SPP works mostly with the IT-departments from major enterprise accounts. It provides services in the area of product evaluation, planning, implementation, support, and training, so our customers can focus on the operation and day-to-day business of their IT-infrastructure.


As the inventor of the SSH protocol, SSH Communications Security has a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control, and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture, and save on operational costs.

CryptoAuditor is a network-based, inline virtual appliance that has the capability to control, monitor, and audit encrypted administrator sessions, as well as file transfers. Because CryptoAuditor requires no agents to be deployed or access portal to go through, it is fast to implement and has no impact on end user experience or workflows. When coupled with Trellix Web Gateway, you can apply data loss prevention and antivirus functionality to encrypted sessions running through SSH (SFTP), RDP, or HTTPS.

CryptoAuditor 1.5 and Trellix Web Gateway, Trellix Enterprise Security Manager


Swimlane is a security automation and orchestration company with a platform that empowers organizations to manage, respond to, and neutralize cyberthreats with the adaptability, efficiency, and speed necessary to combat today’s rapidly evolving cyberthreats. By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real time dashboards, and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations.

Integration with Swimlane allows Trellix Enterprise Security Manager and Trellix ePolicy Orchestrator customers to automatically initiate and execute incident response workflows in response to any alarm. Importing security event data from Trellix Enterprise Security Manager and Trellix ePolicy Orchestrator into Swimlane delivers consolidated event details from multiple platforms for rapid investigation and alarm triage, helping to ensure a faster incident response and greater return on investment from the entire security infrastructure.

Integrated with Trellix Enterprise Security Manager and ePolicy Orchestrator


Thales Security is the industry leader in data security solutions that span physical, virtual, and cloud environments. Thales Security helps over 1,300 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — sensitive data. The company’s scalable solution protects any file, any database, and any application — within enterprise data center, cloud, and big data environments — with a high performance, market-leading Thales Security Data Security Platform that incorporates application and transparent encryption, access controls and security intelligence.

Thales Security has partnered with Trellix to extend the data-security coverage of Trellix Database Activity Monitoring (DAM) and Trellix Enterprise Security Manager (ESM). Thales Security adds another layer of security to Trellix DAM by preventing unauthorized users and processes from accessing or viewing the database files through transparent encryption, key management, and access controls. Thales Security provides granular audit logs on file-level access of sensitive data that provides valuable contextual information used by Trellix ESM for compliance reporting or alerting on suspicious and unusual behavior at the file-level.

Read the following solution briefs for more details:

Thales Security Data Security Manager 5.2.1, Thales Security Transparent Encryption 5.2.1, Thales Security Application Encryption 5.2.1, and Trellix Database Activity Monitor; Thales Security Data Security Manager 5.2.1, Thales Security Transparent Encryption 5.2.1, Thales Security Application Encryption 5.2.1, and Trellix Enterprise Security Manager


ThreatConnect unites cybersecurity people, processes, and technologies behind a cohesive intelligence-driven defense. Built for security teams at all maturity levels, the ThreatConnect platform enables organizations to benefit from their collective knowledge and talents; develop security processes; and leverage their existing technologies to identify, protect, and respond to threats in a measurable way. Companies and agencies worldwide use ThreatConnect to maximize the value of their security technology investments, combat the fragmentation of their security organizations, and enhance their infrastructure with relevant threat intelligence.

ThreatConnect Platform with Trellix Enterprise Security Manager


ThreatQuotient understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ, empowers security teams with the context, customization, and prioritization needed to make better decisions, accelerate detection, and response and advance team collaboration. Leading global companies use ThreatQ as the cornerstone of their threat operations and management system, increasing security effectiveness and efficiency.

The ThreatQ platform provides Trellix SIEM installations with visibility into security events and creates a place for security analysts to research and make informed decisions about security events on their network. The combined solution helps security and vulnerability analysts work more effectively to identify and stop unwanted traffic on their networks.

ThreatQ Threat Intelligence Platform with Trellix Enterprise Security Manager


HelpSystems is a people-first software company focused on helping exceptional organizations Build a Better ITTM. Providing security and automation software to simplify critical IT processes, and give customers peace of mind. Offering best-of-breed data classification solutions (Titus and Boldon James) tailored to specifically fit customer requirements or circumstance. Data classification from HelpSystems gives you both a foundation for your wider security posture and competitive advantage.

HelpSystems data classification identifies and classifies emails and documents at the point of creation, in motion, or at rest. When integrated with Trellix ePO, policies can be applied based on the granular metadata provided by HelpSystems data classification, enhancing DLP functionality. Discover and appropriately protect sensitive data in the cloud with Trellix MVision Cloud and Titus, and reduce threats when contextual metadata supplied by HelpSystems data classification is sent to Trellix ESM for review and correlation.

Toshiba Storage Device Division (SDD)

Toshiba Storage Device Division, a division of Toshiba America Information Systems, is a market leader in the development, design, and manufacturing of small form factor 2 1/2" and 1 1/8" hard disk drives for original equipment manufacturers, value-added resellers, value-added dealers, systems integrators, distributors, and retailers in the United States. Toshiba SDD also offers a line of personal storage devices that enable consumers to quickly and easily back up personal digital content and entertainment libraries.

Toshiba and Trellix integrates Toshiba’s self-encrypting drive technologies with Trellix data security solutions. Toshiba products will comply with the Trusted Computing Group’s trusted storage device specifications.

Toshiba Self-Encryption Drive with Trellix Data Loss Protection

Tukan IT

Tukan IT is the provider of the GREENmod solution which raises employee awareness of security issues and the importance of information they process. Organizations’ security departments may lack the ability to replace business departments and indicate methods of classifying information that may be implemented in data loss prevention (DLP) systems.

Tukan GREENmod integrates with Microsoft Office applications, enforcing the classification of each created document before saving it on the computer’s disk. Similarly, Tukan GREENmod prevents sending an email that has not been classified. The solution adds metadata to files and emails and will enable a DLP system to apply a relevant security policy adequate for the protected content.

GreenMod with Trellix ePO and Trellix Agent


Tychon was created to break the silos between cybersecurity and systems management with a single console that can address the challenges faced by both teams across an enterprise. Tychon has any and all endpoints covered.

Tychon is a suite of modules fully integrated into Trellix ePolicy Orchestrator and can provide real-time situational awareness of your organization’s network within the familiarity of your existing platform. Deploying Tychon to your enterprise requires minimal changes to existing host and network device configurations, reducing complexity while providing secure communication with FIPS 140-2 compliant encryption. The host-based endpoint journal provides always-on endpoint monitoring, recording, and indexing capability. Data and file types continuously recorded are completely configurable. Tychon generates, records, and indexes a fuzzy hash of all files providing for automatic searching and termination for variants of indicators of compromise and vulnerabilities and provides a proactive vulnerability mitigation platform that alleviates risk by informing users. It provides real-time monitoring of software migrations and upgrades leveraging a high-speed data exchange layer fabric providing instant endpoint visibility.

Tychon with Trellix ePolicy Orchestrator and Trellix Data Exchange Layer


Versa Networks, the leader in Secure SD-WAN, combines full-featured SD-WAN, complete integrated security, advanced scalable routing, genuine multi-tenancy, and sophisticated analytics to meet WAN Edge requirements for small to extremely large enterprises and Service Providers. Versa Secure SD-WAN is available on-premises, hosted through Versa-powered Service Providers, cloud-delivered, and via the simplified Versa Titan cloud service designed for Lean IT.

Versa Secure SD-WAN integrates with Trellix's suite of cloud security solutions to provide an easy way for customers to increase visibility and control over advanced threats, vulnerabilities, and risks whether on-premises, hosted, or in the cloud. Versa provides advanced routing and multi-tenant segmentation to take full advantage of Trellix's security analytics and detection capabilities, dynamically stopping malicious activity and cutting down operational and IT costs.

Versa Secure SD-WAN and Trellix Secure Web Gateway


Virtru is a data security company that eliminates the trade-off between data protection and ease of use. More than 8,000 organizations trust the Virtru Data Protection platform to easily protect and control sensitive information regardless of where it’s been created, stored, or shared. Only Virtru comes with patented Secure User-First Technology, which allows users anywhere, on any device, to work the way they do today—without requiring a separate login, user interface, or application. The Virtru Data Protection Platform and all Virtru-enabled applications are built on Trusted Data Format (TDF), an open standard for self-protecting data. Using the TDF, Virtru can protect and encrypt any data type and apply fine-grained access control no matter how or where data is shared. Commonly deployed as part of a cloud migration, Virtru seamlessly integrates into platforms like Microsoft Office 365, G Suite, and other SaaS applications to make it easy to create and consume protected content.

Trellix Data Loss Prevention (DLP) Prevent


What if your users could download, unzip, and open files from anywhere, securely and without friction? Votiro is a passionate team of cyber security experts on a mission to redefine file security – so organizations can do business freely and confidently.

Our Secure File Gateway product line, which includes Secure File Gateway for Email, Web Applications, and Web Browser, sanitizes all malicious code and exploit threats from incoming files while preserving the integrity and functionality of the original file. Votiro protects against 150+ weaponized file types including .ppt, docs, pdfs and image files, all the way to more complex formats like zipped and password-protected files.

Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Votiro’s Positive Selection Technology singles out only the safe elements of each file, ensuring every file that enters your organization is 100% safe. No more blocking, quarantining, or sandboxing needed!

Votiro is proud to integrate our Secure File Gateway with the Trellix Web Gateway to make file security seamless. This integration will allow users to prevent unknown threats before they take shape and operate with full confidence, without sacrificing productivity.

Integrated with Trellix Web Gateway


Xerox Corporation is a leading provider of business process and document management. Its technology, expertise, and services enable workplaces – from small businesses to large global enterprises – to simplify the way work gets done so they operate more effectively. The company also provides extensive leading-edge document technology, services, software and genuine Xerox supplies for graphic communication and office printing environments of any size.

Xerox has integrated its first networked multifunction printer to use Trellix Embedded Control software, a sophisticated filtering method that allows only approved programs to get through. The Xerox and Trellix security solution simplifies processes for IT administrators with software embedded into a multifunction device’s controller (the machine’s main onboard computer) to provide an immediate alert and audit trail to track and investigate the time and origin of security threats – and take appropriate action. This eliminates the need for IT administrators to constantly stay on top of malware threats and proactively block them.

Xerox MFP extension 1.0 and Trellix ePO.


Zimperium is the industry leader in enterprise mobile security, providing world-class protection for mobile devices against the next generation of advanced mobile cyberattacks, phishing, and malware. Zimperium is the first and only company to provide a complete mobile threat defense system that offers real-time, on-device protection against both known and previously unknown threats. The Mobile Threat Defense (MTD) platform provides visibility, security, and management of attacks on all four mobile threat vectors—device, network, applications, and phishing for iOS, Android, and Windows devices. With its unique machine learning, non-intrusive approach, mobile user privacy is protected at all times.

Zimperium's zIPS solution integrates seamlessly with Trellix ePolicy Orchestrator (Trellix ePO) to provide a complete view and management of mobile threats across the entire enterprise on iOS and Android mobile devices.

Become a Partner

Get Started

More Information

Contact Us