.jpg)
Trellix has launched Trellix SecondSight, a proactive threat hunting service that actively identifies low-noise, advanced threats often missed by automated systems. By combining elite human expertise with AI-driven analytics across Trellix EDR, Email Security Cloud, and NDR telemetry, SecondSight provides early warnings, actionable insights, and continuous monitoring to help organizations stay ahead of sophisticated adversaries and reduce risk.
The modern threat landscape increasingly relies on stealthy, low-noise tactics that evade high-confidence alerting. Threat actors leverage AI to amplify sophistication while staying under the radar, making proactive, human-guided hunting essential for uncovering intrusions before significant damage occurs. Trellix SecondSight bridges this gap by applying specialized threat hunting expertise to vast telemetry datasets, identifying patterns and indicators that automated tools alone cannot fully interpret.
Trellix hunters specialize in detecting subtle anomalies across endpoint, network, and email data. By cross-referencing public threat intelligence with customer-specific telemetry—using campaign patterns, infrastructure IOCs, and targeting profiles—SecondSight exposes active breaches that would otherwise remain hidden.
The service runs in parallel with internal analysts, providing an additional layer of visibility and early warnings. This force-multiplier approach ensures low-confidence signals are not overlooked, enabling faster containment and reducing organizational risk exposure.
The accompanying Trellix SecondSight Threat Hunting Report analyzes top campaigns from the past year, including examples like UTA0355’s shift to OAuth abuse to bypass perimeter security. It offers practical defense strategies to counter targeted espionage, zero-day exploits, and other persistent threats.
“Threat actors' use of AI has significantly increased alert fatigue for security analysts,” said John Fokker, VP Threat Intelligence Strategy, Trellix. “While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a 'second set of eyes' to actively monitor for these low-noise signals, acting as a force multiplier.”
“Proactive, actionable threat intelligence is no longer a nice-to-have; it’s a necessity for keeping pace with advanced actors,” said Niklas Chachalatos, Business Manager Security Services at Advania Sweden. “Trellix SecondSight goes a level deeper, proactively hunting for threats for our customers and providing actionable guidance to thwart attacks and build cyber resilience.”
Learn more about Trellix SecondSight here.
Additional Resources:
About Trellix
Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.