Corporate Social Responsibility and Sustainability

Trellix Corporate Social Responsibility & Sustainability

We are passionately driven by our mission to create a resilient digital world, enabling trust and success for all. This cannot be accomplished through technological innovation alone. At Trellix, we empower our world to thrive through our people, purpose, ethical and sustainable practices that, together, work as a positive force on society.

Corporate citizenship and sustainable business practices strengthen our mission to protect our customers from cyber threats. At the end of the day, cybersecurity is about protecting people and their most important data. We have a responsibility and a commitment to create a brighter tomorrow, together, and we’re doing this through Purpose, People, Ethical Processes and Sustainability.

Purpose

Our mission is power a resilient, thriving world. A world where organizations and governments can focus on strategic work an innovation, while their cybersecurity technology learns and adapts in real time to mitigate threats. To deliver on this purpose, our efforts are focused on solving the cybersecurity talent crisis, building a diverse talent pipeline, and creating one of the industry’s strongest threat intelligence research groups to better inform and protect our digital lives.

Soulful Work

At Trellix, we are driven to help those who dedicate themselves to cybersecurity – whether they work at Trellix or elsewhere. Our collective work is deeply honorable. One of our biggest priorities at Trellix is to bring purpose and soulfulness into our work.

Soulful Work is a global, industrywide campaign developed to address the growing cybersecurity talent gap while providing recommendations to build a larger, stronger cybersecurity workforce. This isn’t just about Trellix; it’s about cybersecurity at the highest level.

At Trellix, we are taking concrete steps to increase diversity and foster a culture of soulful work. Here are some highlights.

1. The HACE-Trellix Cybersecurity Accelerator Program: The Equal Employment Opportunity Commission estimates that Latinos make up just 7% of the U.S. high tech workforce. For Latinas specifically, that number is closer to 3%. Our survey of 1000 cybersecurity experts found only 2% of respondents were Hispanic. We want to change that, not just at Trellix but within the industry. To that end, Trellix has partnered with the Hispanic Alliance for Career Enhancement (HACE). Our program intends to expand opportunities for Latinos in the cybersecurity industry. HACE will source candidates from its network of 85,000 members and provide soft skills training while Trellix creates curriculum and provides cybersecurity education. Participants who complete the program will be given priority consideration for full-time roles at Trellix. This program takes candidates who may not have a background in cybersecurity but have the aptitude to learn the hard and soft skills necessary to succeed in the field.
2. Trellix’s Partnership with Gotara: This wonderful organization serves as a global career growth platform for women in STEM+. Founded by an exceptionally accomplished leader, D. Sangeeta, Gotara provides women with confidential, personalized, and just-in-time career-related “nano-learning” from STEM + leaders to thrive in their career. Together our goal is to help STEM + women at Trellix stay and thrive in their careers with us and in our industry. We’ve invested to offer this program and service to our women at Trellix.
3. Trellix Joins the HBCU Career Program: In partnership with the National Cybersecurity Alliance (NCA), Trellix joined the HBCU (Historic Black Colleges and Universities) Career Program. Launched in partnership with top HBCUs – including Prairie View A&M, Southern University, St. Philip’s College, Texas Southern University, and organizations including CISA and Dell – the HBCU Career Program will equip students with the necessary skills to navigate the search process for positions in security, privacy and risk, helping build a pipeline of Black professionals to fill the cyber workforce gap. Trellix’s involvement will span across initiatives from networking and mentoring to recruitment. The HBCU Career Program will open new pathways for those seeking purposeful careers and introduce fresh, diverse perspectives to the industry.

Threat Intelligence & Advocacy

As technology becomes completely entwined with our most basic human activities, the impact of cyberattacks increases. Without a coordinated global response, there are few risks or repercussions for attackers. Annual losses due to ransomware and other attacks are in the billions, and recent cyber-attacks on hospitals, democratic elections, schools, and government institutions demonstrate the destructive potential of unchecked cybercrime and state-backed espionage.

When we empower organizations to protect themselves — with threat intelligence, expertise, and technology — we become a partner in progress toward greater global equity and a more sustainable future. This is our mission and the cause that inspires us daily.

Our research organization has one of the industry's most comprehensive charters and is purpose-built to deliver insights to our customers and the industry at large. We do this through:

 

• Collecting, producing, and leveraging leading threat intelligence to empower our customers and the industry to stay ahead of emerging threats
• Innovating continually to deliver agile technologies that adapt and respond to rapidly changing threats
• Addressing the shortage of cybersecurity talent by recruiting and training the professionals who join us on the front lines of the cyber battlefield
• Collaborating with law enforcement and governments to increase the risks and repercussions to attackers
• Being the cybersecurity experts that the SecOps professionals turn to in times of complexity or duress
• Studying nefarious actors across cybercriminal enterprises, advanced persistent threats and nation-state backed actors

 

Trellix research organization is made up of elite intelligence analysts who bring to work a passion for protecting people. Their passion for this work is the heart and soul of Trellix, and supports our broader purpose. Insights and work from this team shape the industry, response best practices and R&D through:

Adversarial Intelligence

As organizations prepare for cyberactivity, understanding what data an attacker is after is key to creating strong risk prevention strategies. Our team leverages known, new and novel techniques to study the world’s most nefarious cyber actors, and to understand how and why they engage in cyberattacks. The team is closely following the blurring lines between nation-state actors, who execute cyberattacks to gain intelligence through espionage, and cybercriminal groups, who engage in activity for monetary gain. Through understanding what data an actor is after, how they operate and what they are accountable to (their government, their bank account, or somewhere in between), our researchers advance the industry at large.

Cyberwarfare Deep Expertise

Trellix tracks and monitors adversarial actors, cybercriminal groups and vigilante groups globally. Trellix has historically had a significant customer base in Ukraine and when the cyberattacks targeting the country intensified, we coordinated closely with government and industry partners to provide greater visibility into the evolving threat landscape. Our team is eager to support the region against malicious cyber activity and have been able to go beyond sharing knowledge to also provide a wide range of security appliances at no cost in the affected region (our special thanks go out to our partners at Mandiant in getting some of the appliances deployed at those organizations who needed protection the most). To support our customers and the people of Ukraine, Trellix coordinated with multiple government institutions to provide them with the necessary telemetry insights, intelligence briefings and analysis of the malware tools used by Russian actors. A large portion of Trellix's efforts were performed in discretion as protection of our customers is our highest priority.

Industry Action

Our team helped found NoMoreRansom.Org, a partnership of law enforcement and cybersecurity organizations joining forces to stop ransomware. To date, the project has helped more than 6 million victims free their systems of ransomware, saving them nearly a billion dollars overall. Trellix contributes to the MITRE ATT&CK Framework to drive industry uniformity in classifying and describing attacker tactics, techniques and procedures. In the U.S., we support the Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Agency (CISA) and are founding members of the Joint Cyber Defense Collaborative (JCDC).

People

Without our employees, our mission, vision and values are just words. Our people are Trellix. At Trellix, our employees are empowered to bring their best selves to work, to collaborate, invent, to challenge the status quo and engage in thoughtful discourse about the industry, and – most importantly – to cultivate rich lives outside of work. Every day, our global team delivers new insights and new innovations to better protect people, organizations, and their data. In building a new kind of cybersecurity company looking to redefine the industry’s future, we are focused on nurturing a purpose-driven workforce and curating an authentic, diverse and spirited culture. We do this through evaluation of our own diversity, pay parity, and strategies to increase equity and employee engagement across our business.

Diversity, Equity & Inclusion

At Trellix, we celebrate and advance diversity efforts in all its forms. When we bring people together who are different from one another in gender, race, religion, sexual orientation and background, we also bring together information, experiences, viewpoints and opinions that are unlike our own. This means we are challenged in our own thinking and ideas to produce smart, creative and innovative solutions for the business.

This means working hard to anchor diversity and inclusion into our culture – not only because it will result in the best possible workforce but also because we believe in the principles for their own sake. It is not difficult to imagine that a diverse incident response team could benefit from looking at cyber incidents and responses from a multitude of perspectives. Diversity and inclusion challenge our standard ways of thinking and make us smarter, more creative and more capable of producing innovative solutions.

However, our commitment to diversity and inclusion is about more than business benefits. It is also about the right for every person to feel comfortable bringing their authentic self to work, to be able to contribute openly with their own unique perspectives and ideas. At Trellix we promote acceptance in the workplace, and diversity and inclusion help form the foundation of our open culture.

We have tenants of diversity and inclusion as a part of our global diversity strategy:

• Education - Diversity training will provide knowledge, skills and tools to strengthen our ability to respect and leverage diversity to produce better results. Trellix is committed to required training to improve awareness and change behaviors.
• Hiring Practices - Implementation of hiring and recruitment practices will help advance our diversity goals. To achieve this, every recruiter will hold an internal target in line with the available talent pool within the function they support. This focused effort will result in a diverse slate of candidates presented to the hiring manager for every job opening. To further ensure impartiality, any interview panel must also contain a member who represents diversity. Lastly, a dedicated recruiter for diversity hiring practices and strategy has been hired to further enhance our reach and ability to attract and retain diverse talent.
• Strategic Partnership - We must educate the cybersecurity talent of tomorrow to fuel our talent pool. We will do this with industry and university partnerships. By forging strong partnerships with universities known for developing diverse candidates, we will be able to better target and build our future candidate pipeline.
• Alignment to Company Goals - As further evidence of our commitment to diversity and inclusion, Trellix will ensure diversity targets are built into our company goals. This year, Trellix's Annual Bonus Payout will, in part, be dependent on the company’s ability to meet its diversity targets, among other important factors. This means every Trellix employee has a vested interest in driving diversity.
• Trellix supports policies that actively promote diversity and inclusion. We oppose discrimination of any kind at the state or federal level and more generally across our international operations. As a global company, Trellix is home to a diverse workforce that represents the best and brightest minds in the field. A diverse and inclusive society attracts and retains this kind of talent.

Trellix VOICE

Trellix VOICE is the company’s voluntary, employee-led resource groups (ERGs). Trellix VOICE plays an important role in defining our culture by bringing our people together to create a sense of belonging for all. Trellix VOICE groups include:

• Trellix Pride VOICE
• Trellix Women’s VOICE
• Trellix Black Heritage VOICE
• Trellix Hispanic Heritage VOICE

 

Ensuring a Safe Workplace

Trellix is committed to providing a workplace that is free of harassment based on race, color, religion, gender, national origin, ancestry, age, disability, medical condition, genetic information, veteran status, marital status, pregnancy, gender identity or expression, sexual orientation, or any other characteristic protected by federal, state, or local law, regulation or ordinance.

Ethical Processes

We are committed to conducting business with the highest degree of honesty and integrity wherever we operate. Just as we dedicate ourselves to keeping the world safe from cyber threats, we also pledge to do so in an ethical manner. While we strive to cultivate a working environment that promotes individual and company success, we apply the highest ethical standards to all our interactions with colleagues, customers, and business partners across the globe. Our Code of Conduct upholds our values and reinforces our commitment to ethical behavior in our workforce and with our customers and business partners.

Integrity at Trellix

We support and uphold a set of core values and principles based on integrity. Our integrity is demonstrated in the way we work, every minute of every day, both internally at Trellix and externally with those with whom we interact. We accept our role as a responsible corporate citizen, including upholding equal employment opportunities and supporting diversity and inclusion.

We demonstrate the highest ethical standards in every business interaction, treating our employees, customers, independent contractors, consultants, suppliers, partners, distributors, and others with fairness, honesty, and respect. We avoid situations where conflicts of interest can interfere, or appear to interfere, with our ability to make sound business decisions that support Trellix goals, principles, and policies.

We adhere to compliance requirements as our standard operating procedure. We uphold the applicable laws and regulations of the countries where we do business, including following guidelines to ensure the safety and lawful collection and use of the personal data that our employees, customers, independent contractors, consultants, suppliers, partners, distributors, and others entrust to us.

Protecting Ourselves to Maintain Customer Trust

We believe information privacy and data protection is a critical element of corporate responsibility for every organization. Customer trust — in our products, our services and our business practices — is a foundational to our mission. We recognize that we cannot protect our customers and achieve our mission without a deep commitment to information security and data privacy ourselves. As cybersecurity requirements evolve in response to work from home mandates, changes in the threat environment, digital transformation and other factors, we strive to follow the same cybersecurity best practices we recommend to our customers in our consulting engagements.

We recently launched of the new data center in Mumbai, India, to help customers in India meet their data residency and compliance requirements. The new data center will provide direct, high-performance access to Trellix's EDR, EPP, and local management allowing direct and faster access to the Trellix platform while supporting the government’s Digital India initiative. The initiative aims to improve online infrastructure and increase internet access among citizens, enabling the country to become more digitally advanced.

Supply Chain Risk Management

Product Data Management System

Product Data Management is the business function used within a product lifecycle management (PLM) that is responsible for the management of product data and process documentation. Trellix products and process supporting documentation are maintained and controlled for collaboration with Trellix business units and/or external Supply Chain Partners using the Agile PDM System.

Supplier Expectations

Trellix expects that every link in our supply chain, both in-bound and out-bound, will adopt and follow industry best practices for supply chain risk management. Links in our supply chain that fail to achieve acceptable SCRM levels will be removed from Trellix’s vendor list. We expect every link in our internal and outsourced supply chain to maintain records of incoming and outgoing materials in a manner that enables that link to produce credible evidence of where a batch or unit came from, was consumed, and where a batch or unit was shipped. We expect that every link in our supply chain to establish a supply chain data access policy that clearly states requirements and conditions for disclosure of batch and unit shipment data.

Sustainability

Trellix is committed to sustainable business practices for our people and for the environment. This responsibility extends from our internal operations to our diverse eco-system of partners and to our customers. We believe every individual can make a difference and that even small changes can have a big impact. In consideration of our responsibility in the global fight against climate change and otherwise negative environmental impact, Trellix is committed to the following action guidelines:

• Strive to promote resource and energy saving in all aspects of business activities
• Strive to promote purchases and sales of products in line with environmental conservation
• Understand environmental risks and strive to reduce such risks in society in general

Reducing the Environmental Footprint of our Solutions

We are committed to reducing the environmental impact of our solutions through innovation. Our efforts are focused on increasing efficiency and scalability with cloud-based solutions.

Most of our products are delivered electronically, eliminating the need for packaging materials. Our packaging and shipping materials are reused until they eventually get recycled. We have a company-wide recycling program. We recycle consumables, reduce waste, and practice energy reduction wherever possible.

Reducing the Environmental Footprint of our IT Practices

Trellix data centers are co-located with others. The data center team constantly reviews practices from our suppliers and vendors and make decisions to grow or shrink based on several factors, including energy efficiency.

We host most of our cloud-native solutions on Amazon Web Services (AWS). This allows us to scale the capacity of our threat detection and analysis solutions to meet our commitments to customers without an increase in property, plant and equipment. The global availability of Amazon Web Services (AWS) and their commitment to environmentally friendly business practices and renewable energy is consistent with our own efforts to reduce our energy consumption and carbon footprint.

Reducing the Environmental Footprint of our Facilities

Our commitment to sustainability through innovation extends to our workplaces. We have several initiatives underway, including:

LEED and other Environmental Certifications

We are currently evaluating LEED and Energy Star certifications for our Milpitas, CA facility. The buildings that house our offices in Alexandria, VA, Reston, VA, and San Francisco, CA have been LEED certified. Additionally, the facilities in Alexandria and San Francisco have been awarded Energy Star certification.

Energy Consumption

While many of our locations are partial leases of larger complexes, giving us limited control over energy consumption and sources, we are currently evaluating our energy use and sources worldwide. This initiative will allow us to identify new opportunities to conserve energy, access sustainable energy sources and reduce our carbon emissions.

Flexible Use Workspaces

As we prepare to return to our workplaces, we took employees’ responses to our COVID-19 surveys into account. As a result, we are planning for a more flexible/hybrid model of workplace design with more shared workspaces and fewer assigned offices. We expect this initiative to reduce the total square footage of our facilities and lessen commute times for our employees. As we design these new, modern workplaces, we are taking into account the latest innovations and environmental design standards. We believe these efforts will, in turn, increase productivity and contribute to a better work-life balance for our people, help diminish congestion on our roadways, and reduce total carbon emissions.

Everyday Environmental Awareness

We believe that small steps, when implemented by a large number of people, can have a big impact on our environmental footprint. We have taken measures to conserve water through flow regulators and automatic faucets in our breakrooms and lavatories and reduce electricity use with motion sensors. We also encourage our employees around the world to participate in our environmental sustainability efforts, including programs to reduce the use of disposable plastic water bottles and promote recycling and composting to divert waste from landfills.

Our Approach to Sustainable Global Priorities

We actively support the United Nations Sustainable Development Goals (SDGs), which offers a blueprint for a future of sustainable, inclusive human development. While our mission to keep the world safe enables us to advance many of the SDGs, we narrowed our social responsibility efforts to focus on four goals that align to our competencies and expertise. These include quality education (SDG4), gender equality (SDG5), reduced inequalities (SDG10), and climate action (SDG13).