www.trellix.com Open in urlscan Pro
2a02:26f0:1700:5::5f65:1b66 Public Scan

Back to summary

Submitted URL:
https://pdt.trellix.com/e/479502/tm-medium-email-utm-source-pdt/hzll4c/509199319/0031J00001HIz9YQAT
Effective URL:
https://www.trellix.com/en-us/about/events/2022/trellix-xpand-live-2022.html?contactid=0031J00001HIz9YQAT&smcid=EM&eid=W...
Submission: On September 12 via api (September 12th 2022, 10:50:27 am UTC) from IE — Scanned from DE

Form analysis
1 forms found in the DOM

<form class="d-flex py-2 gap-3" id="searchForm">
  <input class="flex-grow-1 form-control custom-mobile-search-field p-2 border-1 rounded-0" placeholder="Search" aria-label="Search" id="msearch" data-result-path="/en-us/search.html">
  <button class="btn btn-primary" type="submit">Submit</button>
  <div class="d-none d-lg-flex gap-2 align-items-center">
    <a href="#" onclick="document.getElementById('msearch').value = ''" datalink-type="internal" datalink-id="newco:#">Clear</a>
    <span>|</span>
    <a id="searchTip" class="no-break" href="#" data-bs-toggle="modal" data-bs-target="#searchTipModal" datalink-type="internal" datalink-id="newco:#">Search
                        Tips</a>
  </div>
</form>

Text Content

Search Menu
Register Now!
News Contact Search
Deutsch (Deutschland) English (Australia) English (Canada) English (United
Kingdom) English (Hong Kong SAR China) English (India) English (Singapore)
English (United States) español (España) español (México) français (Canada)
français (France) italiano (Italia) 日本語 (日本) 한국어(대한민국) português (Brasil)
русский (Россия) 中文 (简体，中国) 中文 (繁體，台灣)
Submit
Clear | Search Tips
Why Trellix?

Products

Threats

Resources

Support

Partners

Why Trellix?
Products
Threats
Resources
Support
Partners
Stories
Contact Us
Main menu
About Us
Why Trellix? Leadership Careers Contact Us
Competition
vs Crowdstrike vs SentinelOne
Main menu
Products
Trellix XDR Endpoint Security SecOps and Analytics Data Protection Network
Security Email Security Cloud Security
Main menu
Threat Research
Threat Center Threat Reports Advanced Threat Research
Main menu
Resources
Training and Education Consulting Services Webinars Events Resource Library
Newsroom
News Stories
Integrations
Marketplace Developer Portal MVISION Login MVISION Trial
Security Awareness
What is XDR? What is Endpoint Security? What is EDR? What is MITRE? What is
Ransomware?
Main menu
Product Help
Product Support Customer Success Plans Product Documentation
Contact Us
Detection Dispute Form Submit a Sample
McAfee Enterprise
Support Portal
FireEye
Support Portal
Main menu
Partners
Security Innovation Alliance OEM & Embedded Alliances
McAfee Enterprise
Partner Portal
FireEye
Partner Portal Partner Information
About Us

--------------------------------------------------------------------------------

Why Trellix? Leadership Careers Contact Us
Competition

--------------------------------------------------------------------------------

vs Crowdstrike vs SentinelOne
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to
align with our leadership teams to learn our vision for a new kind of
cybersecurity and learn more about our innovations in cyber intelligence and XDR
architecture.

Products

--------------------------------------------------------------------------------

Trellix XDR Endpoint Security SecOps and Analytics Data Protection Network
Security Email Security Cloud Security
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always
learning.

Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat
prevention, detection and response."

Threat Research

--------------------------------------------------------------------------------

Threat Center Threat Reports Advanced Threat Research
Latest Report

Our Summer 2022 threat report details the evolution of Russian cybercrime,
research into medical devices and access control systems, and includes analysis
of email security trends.

Critical Flaws in Widely Used Building Access Control System

At Hardwear.io 2022, Trellix researchers disclosed 8 zero-day vulnerabilities in
HID Global Mercury access control panels, allowing them to remotely unlock and
lock doors, modify and configure user accounts and subvert detection from
management software.

Resources

--------------------------------------------------------------------------------

Training and Education Consulting Services Webinars Events Resource Library
Newsroom

--------------------------------------------------------------------------------

News Stories

Integrations

--------------------------------------------------------------------------------

Marketplace Developer Portal
MVISION Login |  Trial
Security Awareness

--------------------------------------------------------------------------------

What is XDR? What is Endpoint Security? What is EDR? What is MITRE? What is
Ransomware?
Product Help

--------------------------------------------------------------------------------

Product Support Product Documentation

Contact Us

--------------------------------------------------------------------------------

Detection Dispute Form Submit a Sample
McAfee Enterprise

--------------------------------------------------------------------------------

Support Portal Customer Success Plans

FireEye

--------------------------------------------------------------------------------

Support Portal
Our CEO on Living Security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always
learning.

Partners

--------------------------------------------------------------------------------

Security Innovation Alliance OEM & Embedded Alliances
McAfee Enterprise

--------------------------------------------------------------------------------

Partner Portal

FireEye

--------------------------------------------------------------------------------

Partner Portal Partner Information
Register Now

September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to
align with our leadership teams to learn our vision for a new kind of
cybersecurity and learn more about our innovations in cyber intelligence and XDR
architecture.


ARIA RESORT & CASINO | LAS VEGAS
SEPTEMBER 27-29, 2022


15

days


5

hrs


9

mins


34

secs

Register Now



SEPTEMBER 27-29, 2022
ARIA HOTEL & CASINO

Register Now
Introduction
Sessions
Training
Keynote
Agenda
Accommodations



TRELLIX XPAND LIVE 2022

On January 19th of this year, Trellix was born. Over 40,000 customers of both
McAfee Enterprise and FireEye became part of one family – all committed to the
same mission: To power a resilient, thriving world.

On September 27-29, at the Aria Hotel in Las Vegas, Trellix Xpand Live will
share our vision for a new kind of defense. Cybersecurity that’s alive and
embedded, that learns and adapts as fast as threat actors do - and can turn
today’s threats into tomorrow’s advantage.

Through compelling keynotes to over 60 sessions of best practices, case studies,
technical training, speaker panels, product demonstrations and our Innovation
Xpo – you will learn our platform and product roadmap for bringing security to
life.

LIVE KEYNOTES  |  3 FULL DAYS OF CONTENT  |  FINAL NIGHT CELEBRATION


XPAND LIVE 2022 - SPONSORS



Living Security Now


BRYAN
PALMA


CHIEF EXECUTIVE
OFFICER

View Speaker View All Speakers

Living Security Now


APARNA
RAYASAM


CHIEF PRODUCT
OFFICER

View Speaker View All Speakers

Living Security Now


AMOL
MATHUR


SVP, PRODUCT
MANAGEMENT

View Speaker View All Speakers

Living Security Now


CHRISTIAAN
BEEK


LEAD SCIENTIST &
SR. PRINCIPAL ENGINEER

View Speaker View All Speakers

Living Security Now


JOHN
FOKKER


HEAD OF CYBER
INVESTIGATIONS FOR
TRELLIX THREAT LABS

View Speaker View All Speakers

Living Security Now


ADAM
PHILPOTT


CHIEF REVENUE
OFFICER

View Speaker View All Speakers

Living Security Now


BRETT
HANNATH


CHIEF MARKETING
OFFICER

View Speaker View All Speakers


DISCOVERY THEMES

DISCOVERY THEMES

SECOPS REVOLUTION

UNIFYING ENDPOINT

SECURING THE ECOSYSTEM

ACTIVATING INTELLIGENCE

#SOULFULWORK

Arranged across five key areas of modern security all content of Xpand Live will
dig deep, both strategically, and technically.

Select a key area to the left to get started.

Learn More

Threats have evolved, but security hasn't until now. Learn how XDR will be a key
driver for the Security Operations Center (SOC) of the future.

Key use cases, practical guidance, what to expect from XDR and how it makes your
SOC more efficient, empowers your security practitioners and analysts, and
automates and drives your end-to-end detection and response workflows.

Learn More

Future-proof your defenses and build resilience with unified endpoint
protection.

Accelerate detection and response with the context, visibility, and capabilities
to uncover, investigate, and act on threats with increased speed and accuracy.
Proactively protect every endpoint, prevent ransomware and other advanced
threats, and find how to easily scale and manage all your endpoints.

Learn More

Get an in-depth look at the most comprehensive set of security controls and
control points in the industry all designed to provide you with earlier, better
protection across all phases of the attack chain.

Network, Email, Data and Cloud Security learn deployment and operational best
practices and use-cases.

Learn More

Learn the depth and breadth of our visibility, research, and thought leadership
in the threat intelligence space.

Whether it's the bad actors we track, specific takedowns of cyber criminals,
discovered vulnerabilities — we will share how research and innovations make it
from the lab and into our products.

Learn More

The cybersecurity industry is seeking 2.72 million professionals, and that
number is only continuing to grow. For decades, we have relied on the same
tactics to close the talent gap.

We need to rethink who we view as talent and work together as an industry to
solve this talent shortage. Collectively, we can make a difference. Hear from
customers on their challenges and successes in the human element of
cybersecurity.

Learn More


BREAKOUT SESSIONS

Discovery Theme
SecOps Revolution
Session Title Presenter(s) Session Abstract

Best Practices of Today’s SOC

Riana Smallberger, Director, Advanced Cyber Threats, Trellix
Mark Boltz-Robinson, Manager, Advanced Cyber Threats, Trellix

Why is a Cyber Security Operation Center so important?
A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Making Security Staff Effective in the Cloud with XDR

Martin Holste, Chief Technology Officer, Cloud, Trellix

What information do security staff have to do their job? When they get an alert,
do they understand what is affected, who is involved, a timeline of what
happened, and what normal behavior looks like? It’s hard enough for SOC
operators to get quality alerts, it’s even harder for them to know what to do
with them, and impossible to make thousands of good decisions every day without
being armed with the insights they need.
Learn how Trellix Helix is the truly open managed XDR platform that incorporates
over a hundred vital integrations to collect raw event telemetry from things
like cloud infrastructure, directories, security products, and source code
repositories and forges it into meaningful models and timelines. This session
will detail how Helix Cloud Connect makes integrating data sources quick and
easy and shows the power of what can be done when defenders are armed with
answers. It will dive into the different types of data Helix can collect, how
they are used in detection and response, and advanced hunting use cases.

Enterprise ePO, DXL and TIE Infrastructure Designs

Steen Pedersen, Principal Architect, CISSP, Trellix

This session will take a look at enterprise designs for ePO infrastructures with
Data Exchange Layer (DXL) and Threat Intelligence Exchange (TIE).
Several real-world examples of infrastructure architectures will be showcased,
as will how a current ePO, DXL and TIE infrastructure can transform to include
cloud servers located in AWS, AZURE and more, to create a hybrid ePO
architecture.

Invasion of the Information Stealers

Taylor Mullins, Sales Engineer, Trellix

Information stealers have become one of the most utilized, damaging, and
simplest to acquire variants of malware observed today. The effects of a
successful information stealer attack can lead to access of company accounts,
deployment of ransomware, and widespread data exfiltration.
In this presentation, we will unveil how threat intelligence and utilizing an
open XDR framework can help a security team proactively apply countermeasures to
prevent, detect an ongoing activity, and monitor the aftermath of a successful
attack across their security solutions.

How XDR is a Game Changer for SecOps

Deepak Seth, Director, XDR Platform Services, Trellix

In the current threat environment, SOC teams continuously face the pressure of
detecting an intrusion as quickly as possible before it becomes a major security
incident. With so many point products in use in a typical organization, it is
often very time consuming and challenging for the SOC team to search through the
noise to find important alerts that may indicate the presence of a threat in the
environment.
XDR can enable a SOC team to detect, respond to and remediate threats across all
attack channels. These include Email, Endpoint, Network and Cloud - without the
inefficiencies of switching between multiple point solutions, and with the
ability to work with relevant data that is actionable.
This session will highlight different phases of a malware attack, the challenges
SecOps face in these phases and how Trellix XDR can help in each of these
phases. We want to help the SecOps team ultimately achieve a stress-free life.
We will demonstrate through a live example of an Advance Persistent Threat, how
various attack phases map to the MITRE/ATT&CK Framework - and how Trellix XDR
enables the SecOps team in each of these phases of the attack kill chain.

Automated Responses - Out of the Box!

Simon Tiku, Snr Director, Engineering, Trellix

We want to make life simpler for security analysts. This session will share
templated security playbooks, task flows and scripts that can be easily tailored
to your organization’s needs.
Built by Trellix security experts, this template library takes the work out of
developing things from scratch for common use cases. For example, a task flow
that covers common functionality and processing related to specific plugins,
which can then be inserted into a multi plugin playbook.

Discovery Theme
Unifying Endpoint
Session Title Presenter(s) Session Abstract

Advanced Forensics

Ryan Fisher, Senior Engineer, Trellix
Fred House, Director, Engineering, Trellix

The Endpoint Security Research and Custom Engineering (RACE) team has been
operating since 2015 with the mission of building rapid-response endpoint
capabilities in support of Mandiant Incident Response engagements. The team has
built over 50 forensic capabilities that enable advanced endpoint forensic
investigations at scale. These forensic capabilities have been used on thousands
of IR engagements, including some of the most high profile breaches around the
world.
The RACE team’s recently released Extended Forensics module, gives customers,
partners, and other IR firms access to this advanced forensic tool set.
In this session, the RACE team will dive into the advanced forensics
capabilities, describing why they are relevant to forensics, how to run them,
and how to analyze the results. We will cover common investigative workflows
such as frequency analysis (stacking), indicator searching (sweeping), YARA
hunting, live response, and timelining across the enterprise.

Endpoint Efficacy and Coverage Reporting

Chris Ubando, Senior Principal Architect, Trellix
Charles Wiggins, Principal Architect

How do we prove to the business the value of any cyber security investment?
Attend this session and learn ways to build reporting within ePO that can be
used to present to the business to the value the Trellix solutions are providing
across the environment.
We will show how to report on the coverage of protection features that help
protect against common malware attacks like Ransomware. We will also discuss how
to use ePO with Active Directory and SCCM to provide clear reporting on the
coverage of the Trellix solutions on systems within the environment - and
highlight systems that are potentially at risk of being targeted by malware that
are unprotected.

Leveraging EDR Integrations into SOC Processes to Build a Better Defense

Matt Smith, Snr Manager, Professional Services, Trellix

Adding another SecOps tool into the day-to-day mix of tools and techniques used
during investigation and triaging threats creates a common concern for the SOC.
How can that tool be incorporated into existing processes so that it does not
duplicate functions provided by an assortment of free and commercial tools? Is
the full value of the new data collected used to pre-emptively block attacks
before they need to be triaged?
Trellix EDR offers several features natively - and externally through via API
integration - which can provide the SOC the ability to consolidate their tools
and techniques used during investigation and triage. It also enables direct
integration with the defense layer to save the business both on time and costs
when tackling threats.
Learn how Trellix EDR is being used by Trellix Professional Services consultants
to enable SOCs to collect information needed during DFIR processes, as well as
provide the ability to react to threat activity using a combination of Trellix
EDR, DXL, ePO and other tools found in many SOC toolkits. We will also explain
how EDR can serve as a data stream to enrich other threat intelligence, data
analysis and defense platforms.

Trellix Endpoint Security for Breach Investigations

Vinoo Thomas, Principal Product Manager, Trellix

Learn how Trellix Endpoint Security can handle investigating 1000’s of endpoints
in a security breach. Get an inside look into how breaches are discovered and
how one compromised endpoint can turn a company upside down.
We will demonstrate how Endpoint Security unleashes world class forensics - from
detection to containment. From detecting data theft, credential harvesting,
compromised assets, actioning alerts, new features and much, much more!

Trellix Unified Endpoint: An Architectural Overview

John Teddy, Engineering, Trellix

This session will preview the architecture of the upcoming Trellix Unified
Endpoint – bringing together the best capabilities of FireEye and McAfee
technologies into an endpoint framework with a common agent serving protection,
detection, and forensics.
We will cover the design goals, the elements that comprise the platform, the
phases of implementation, with some minor deep dives into event handling,
orchestration, and reputations.

Discovery Theme
Securing the Ecosystem
Session Title Presenter(s) Session Abstract

Accelerating Transformation with Detection-as-a-Service

Arthur Cesar Oreana, Account Manager, Trellix

In a Digital Transformation journey, meeting the demands of business areas
quickly is essential for survival in a competitive and connected world. With
businesses needing to launch products quickly - security cannot be an
impediment. Security can be a facilitator and a great ally to business agility.
Attend this session to learn how one of the largest Brazilian digital banks
managed to address the risks of analyzing all files received from external
sources, quickly and easily, positively impacting the customer experience.

Data Security: The Trellix Roadmap



Data Protection is a top priority for today’s organizations. In addition to
adhering to constantly changing regulatory requirements, there are continuous
concerns over external and internal threats. Any breach can have an impact
beyond just the cost of clean-up. Fines can add up, and the loss of trust can
take a very long time to overcome.
In this session, we will discuss the Trellix Data Security portfolio. We will
show the challenges faced by administrators today and illustrate how Trellix
Data Protection products help customers classify, monitor, and protect their
most sensitive data. We will also highlight recent features that have been added
to the products and give a forward-looking view of plans that are in progress
for this suite of products.

Email Security: The Trellix Roadmap



Email continues to be the top attack vector. It is imperative that customers
continue to evaluate their Email security solutions to ensure that they are
capable of detecting the latest threats. Many customers must also protect a wide
range of email systems including on-premise and Cloud deployments.
In this session we will discuss the Trellix Email Security portfolio of products
that provide protection to on-premise and cloud based deployments. We will
discuss the deployment challenges customers face today and highlight how Trellix
provides the industry’s most comprehensive set of detection engines to keep
users safe.

Network Security: The Trellix Roadmap



With network infrastructure now located on-premise, as well as in private,
hybrid and multi-cloud environments - managing and securing them has become
increasingly complex.
In this session, we’ll discuss the opportunities and challenges our customers
face across a growing variety of use cases, how customers can integrate Trellix
detection directly into their custom application, and how they can leverage the
Trellix Network Security portfolio to address infrastructure security wherever
they need it.

Achieve a True Zero Trust Architecture with Trellix and Okta

Martin Holste, Chief Technology Officer, Cloud, Trellix

Trellix and Okta have a strong partnership, demonstrated by the popular Helix
XDR integration - and advanced anomaly detection for Okta.
Learn how organizations are taking advantage of the ability to analyze identity
audit events to find anomalies and correlate those anomalies with a wide range
of information, such as application behavior and user roles. This allows the
matching of suspicious logins with post-login actions in the context of the
person’s role. Response actions can then be taken to limit any potential damage
from a compromised identity. This extended detection and response (XDR) forms
the basis for a Zero Trust Architecture (ZTA).
But what about ZTA for on-prem? Businesses are operating hybrid environments and
manage many endpoints in addition to SaaS and cloud infrastructure. Attend and
preview a universal Trellix ePO connector for Helix XDR that will ensure that
on-prem solutions are fully cloud-aware. The insights shared in the link between
Trellix ePO on-prem and Helix XDR in the cloud lets defenders unlock complete
Zero Trust.

The Cyber EO 14028’s Effect on Software Development

Kent Landfield, Chief Standards and Technology Policy Strategist, Trellix

The US 2021 Executive Order 14028 is changing the way the U.S. Federal
government is viewing the software it purchases and deploys. The EO will alter
the way the software industry creates and delivers software and services.
From the definition of critical software, to requiring software bill of
materials (SBOMs), to documenting secure software development lifecycle
practices, and more, the Cyber EO is impacting the way software producers view
the way they do business.
This lively panel includes those involved in delivering on the requirements of
14028, from NIST and CISA, and a former Federal CISO who will discuss the EO’s
intended impacts and the effect it is having both in and out of government.

PhishVision: Caught on Camera

Manoj Ramasamy - Research Scientist, Trellix

Why is a Cyber Security Operation Center so important?
A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Discovery Theme
Activating Intelligence
Session Title Presenter(s) Session Abstract

PhishVision: Caught on Camera

Manoj Ramasamy - Research Scientist, Trellix

Why is a Cyber Security Operation Center so important?
A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Catch Me If You Can: Living Off the Land Binaries, and The Adversaries Who Abuse
Them

Tim Hux, Security Researcher, Trellix
Alfred Alvarado, Security Researcher, Trellix

The Trellix Threat Intelligence Group collects, correlates, and analyzes attack
techniques deployed by threat actors, and their use of malicious and
non-malicious tools.
This presentation will detail the most common tools used by threat actors, their
associated MITRE techniques, and the countermeasures which can be used to assist
organizations defend their network.
Living off the Land (LotL) attacks are increasing, and often going unnoticed
during the initial infection phase, due to the method’s use of common
non-malicious tools and Windows binaries. You will learn how threat actors may
gain initial access via spear-phishing, access brokers or unpatched
vulnerabilities, and then use common tools and Windows binaries to allow
reconnaissance and persistence phases to remain undetected while additional
payloads are retrieved, exfiltration is automated, and the final payload is
prepared. Tools such as Rclone can be used to exfiltrate data, PsExec to execute
commands and load binaries, and AD Explorer may be used to perform
reconnaissance tasks like user and computer asset discovery.

US Government Cyber Security and Privacy Policies: What to Expect in 2023

Panel hosted by Kent Landfield, Director, Trellix Public Policy

This panel session will provide a perspective on what public policies to expect
from both the White House and Congress in 2023.
Government policies define the contours of the cyber security market. New
legislative initiatives will focus on protecting critical infrastructures and
government agencies, with a focus on EDR, XDR and Zero Trust solutions. Congress
will once again take up national, privacy legislation. These initiatives impact
both government and private sector users of cyber security solutions.
Panelists will include former, senior US government officials, a former White
House official and federal Chief Information Security Officer, a representative
of the Center for Strategic and International Studies, and Tom Gann, Chief
Public Policy Officer of Trellix.

Cyber Tools Shaping Foreign Policy? A False Chinese APT Responds to Nancy
Pelosi’s Visit to Taiwan

Ann An, Security Researcher, Trellix

Trellix endpoint detections reveal cybersecurity and geopolitical activities
well before the media begins reporting them.
On July 29, 2022, Trellix telemetry data showed a spike in detections in Taiwan,
with over 32,000 detections hitting the self-governed island in one day - well
over a typical day range of 9,000 to 17,000 detections. This spike occurred five
days before Nancy Pelosi’s visit to Taiwan on August 3, 2022. Telemetry data
also showed that a significant portion of detections were directed at Taiwan’s
government entities between July 29 and August 6, 2022.
We later noticed an increase in small and medium-sized distributed denial of
service attempts against Taiwan’s website that either report on the Pelosi’s
visit or are perceived as hostile to China. On August 3, 2022, the day after
Pelosi’s visit, one Chinese hacker collective that calls themselves “APT27”
announced a special cyber operation against Taiwan’s government services,
infrastructure, and commercial organizations.
Trellix analysts will explain these DDoS operations and scrutinize the true
identify of APT27 and subsequent activities throughout this Xpand session.

The Minority Threat Landscape Report

Christiaan Beek, Snr Principal Engineer, Trellix

In this session we will take you on a trip through parts of the current threat
landscape and our predictions for its future. Our research will highlight where
we know adversaries are operating now – and our informed position on where they
will go next.
We will unveil how Trellix analyzes threats and anticipates them. Learn how we
innovate, and adapt, to counter unexpected threats.

Using Critical Threat Intelligence Strategically

Panel hosted by Patrick Flynn, Head of Advanced Programs Group, Trellix

The overarching threat facing cyber organizations today is a highly skilled
asymmetric enemy, well-funded and resolute in their task and purpose. While you
never know exactly how they will come at you, come they will. It’s no different
than fighting a kinetic foe in that, before you fight, you must choose your
ground and study your enemy’s tendencies.
Much focus has been placed on tools and updating technology, but often we are
pushed back on our heels and in a defensive posture.
This panel features senior US government representatives debating that while
technology strategy is important, we must embrace and create a thorough Cyber
Threat Intelligence (CTI) doctrine which must take many forms.

Discovery Theme
#SoulfulWork
Session Title Presenter(s) Session Abstract

From Books to Beating Bad Guys

Mike Kizerian, Principal Technical Instructor, Trellix

We have long lamented the growing need for soulful cyber security roles to be
filled as we struggle to find the experienced hires to fill them.
Ten years ago, Mike was a Team Lead in Kuwait as a contractor for the Army.
Although asked for his open requisitions to be filled with candidates that were
experienced cyber security professionals, he was constantly given candidates
with no security background. But, it did not deter him. Through a careful
program of on-the-job training, each of the hires easily filled their cyber
security roles. They have gone on to have extremely successful cyber security
careers.
Come and learn how the desktop support tech, the developer, the server admin,
and anyone with a desire to learn can find rewarding, #soulfulwork in
cybersecurity.

Panel Session: Cyber Security – the Soulful Profession

Hosted by Michael Alicea, Chief Human Resources Officer, Trellix

There’s a place for people who want to protect others. Who want to contribute to
the greater good of society? Who want to keep businesses, essential
infrastructure, and vital information safe? That place? Cybersecurity.
If you’re looking for a career that provides you with the opportunity to do
meaningful, soulful work that enriches people’s lives—you’ve found it. Michael
Alicea will host a thought-provoking panel designed to inspire us to help others
blaze their own trail in cybersecurity.


BREAKOUT SESSIONS

Discovery Themes Session Title Presenter(s) Session Abstract SecOps Revolution
Best Practices of Today’s SOC

Riana Smallberger, Director, Advanced Cyber Threats, Trellix

Mark Boltz-Robinson, Manager, Advanced Cyber Threats, Trellix

Why is a Cyber Security Operation Center so important?

A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

SecOps Revolution Making Security Staff Effective in the Cloud with XDR

Martin Holste, Chief Technology Officer, Cloud, Trellix

What information do security staff have to do their job? When they get an alert,
do they understand what is affected, who is involved, a timeline of what
happened, and what normal behavior looks like? It’s hard enough for SOC
operators to get quality alerts, it’s even harder for them to know what to do
with them, and impossible to make thousands of good decisions every day without
being armed with the insights they need.

Learn how Trellix Helix is the truly open managed XDR platform that incorporates
over a hundred vital integrations to collect raw event telemetry from things
like cloud infrastructure, directories, security products, and source code
repositories and forges it into meaningful models and timelines. This session
will detail how Helix Cloud Connect makes integrating data sources quick and
easy and shows the power of what can be done when defenders are armed with
answers. It will dive into the different types of data Helix can collect, how
they are used in detection and response, and advanced hunting use cases.

SecOps Revolution Enterprise ePO, DXL and TIE Infrastructure Designs

Steen Pedersen, Principal Architect, CISSP, Trellix

This session will take a look at enterprise designs for ePO infrastructures with
Data Exchange Layer (DXL) and Threat Intelligence Exchange (TIE).

Several real-world examples of infrastructure architectures will be showcased,
as will how a current ePO, DXL and TIE infrastructure can transform to include
cloud servers located in AWS, AZURE and more, to create a hybrid ePO
architecture.

SecOps Revolution Invasion of the Information Stealers

Taylor Mullins, Sales Engineer, Trellix

Information stealers have become one of the most utilized, damaging, and
simplest to acquire variants of malware observed today. The effects of a
successful information stealer attack can lead to access of company accounts,
deployment of ransomware, and widespread data exfiltration.

In this presentation, we will unveil how threat intelligence and utilizing an
open XDR framework can help a security team proactively apply countermeasures to
prevent, detect an ongoing activity, and monitor the aftermath of a successful
attack across their security solutions.

SecOps Revolution How XDR is a Game Changer for SecOps

Deepak Seth, Director, XDR Platform Services, Trellix

In the current threat environment, SOC teams continuously face the pressure of
detecting an intrusion as quickly as possible before it becomes a major security
incident. With so many point products in use in a typical organization, it is
often very time consuming and challenging for the SOC team to search through the
noise to find important alerts that may indicate the presence of a threat in the
environment.

XDR can enable a SOC team to detect, respond to and remediate threats across all
attack channels. These include Email, Endpoint, Network and Cloud - without the
inefficiencies of switching between multiple point solutions, and with the
ability to work with relevant data that is actionable.

This session will highlight different phases of a malware attack, the challenges
SecOps face in these phases and how Trellix XDR can help in each of these
phases. We want to help the SecOps team ultimately achieve a stress-free life.
We will demonstrate through a live example of an Advance Persistent Threat, how
various attack phases map to the MITRE/ATT&CK Framework - and how Trellix XDR
enables the SecOps team in each of these phases of the attack kill chain.

SecOps Revolution Automated Responses - Out of the Box!

Simon Tiku, Snr Director, Engineering, Trellix

We want to make life simpler for security analysts. This session will share
templated security playbooks, task flows and scripts that can be easily tailored
to your organization’s needs.

Built by Trellix security experts, this template library takes the work out of
developing things from scratch for common use cases. For example, a task flow
that covers common functionality and processing related to specific plugins,
which can then be inserted into a multi plugin playbook.

Unifying Endpoint Advanced Forensics

Ryan Fisher, Senior Engineer, Trellix

Fred House, Director, Engineering, Trellix

The Endpoint Security Research and Custom Engineering (RACE) team has been
operating since 2015 with the mission of building rapid-response endpoint
capabilities in support of Mandiant Incident Response engagements. The team has
built over 50 forensic capabilities that enable advanced endpoint forensic
investigations at scale. These forensic capabilities have been used on thousands
of IR engagements, including some of the most high profile breaches around the
world.

The RACE team’s recently released Extended Forensics module, gives customers,
partners, and other IR firms access to this advanced forensic tool set.

In this session, the RACE team will dive into the advanced forensics
capabilities, describing why they are relevant to forensics, how to run them,
and how to analyze the results. We will cover common investigative workflows
such as frequency analysis (stacking), indicator searching (sweeping), YARA
hunting, live response, and timelining across the enterprise.

Unifying Endpoint Endpoint Efficacy and Coverage Reporting

Chris Ubando, Senior Principal Architect, Trellix

Charles Wiggins, Principal Architect

How do we prove to the business the value of any cyber security investment?

Attend this session and learn ways to build reporting within ePO that can be
used to present to the business to the value the Trellix solutions are providing
across the environment.

We will show how to report on the coverage of protection features that help
protect against common malware attacks like Ransomware. We will also discuss how
to use ePO with Active Directory and SCCM to provide clear reporting on the
coverage of the Trellix solutions on systems within the environment - and
highlight systems that are potentially at risk of being targeted by malware that
are unprotected.

Unifying Endpoint Leveraging EDR Integrations into SOC Processes to Build a
Better Defense

Matt Smith, Snr Manager, Professional Services, Trellix

Adding another SecOps tool into the day-to-day mix of tools and techniques used
during investigation and triaging threats creates a common concern for the SOC.
How can that tool be incorporated into existing processes so that it does not
duplicate functions provided by an assortment of free and commercial tools? Is
the full value of the new data collected used to pre-emptively block attacks
before they need to be triaged?

Trellix EDR offers several features natively - and externally through via API
integration - which can provide the SOC the ability to consolidate their tools
and techniques used during investigation and triage. It also enables direct
integration with the defense layer to save the business both on time and costs
when tackling threats.

Learn how Trellix EDR is being used by Trellix Professional Services consultants
to enable SOCs to collect information needed during DFIR processes, as well as
provide the ability to react to threat activity using a combination of Trellix
EDR, DXL, ePO and other tools found in many SOC toolkits. We will also explain
how EDR can serve as a data stream to enrich other threat intelligence, data
analysis and defense platforms.

Unifying Endpoint Trellix Endpoint Security for Breach Investigations

Vinoo Thomas, Principal Product Manager, Trellix

Learn how Trellix Endpoint Security can handle investigating 1000’s of endpoints
in a security breach. Get an inside look into how breaches are discovered and
how one compromised endpoint can turn a company upside down.

We will demonstrate how Endpoint Security unleashes world class forensics - from
detection to containment. From detecting data theft, credential harvesting,
compromised assets, actioning alerts, new features and much, much more!

Unifying Endpoint Trellix Unified Endpoint: An Architectural Overview

John Teddy, Engineering, Trellix

This session will preview the architecture of the upcoming Trellix Unified
Endpoint – bringing together the best capabilities of FireEye and McAfee
technologies into an endpoint framework with a common agent serving protection,
detection, and forensics.

We will cover the design goals, the elements that comprise the platform, the
phases of implementation, with some minor deep dives into event handling,
orchestration, and reputations.

Securing the Ecosystem Accelerating Transformation with Detection-as-a-Service

Arthur Cesar Oreana, Account Manager, Trellix

In a Digital Transformation journey, meeting the demands of business areas
quickly is essential for survival in a competitive and connected world. With
businesses needing to launch products quickly - security cannot be an
impediment. Security can be a facilitator and a great ally to business agility.

Attend this session to learn how one of the largest Brazilian digital banks
managed to address the risks of analyzing all files received from external
sources, quickly and easily, positively impacting the customer experience.

Securing the Ecosystem Data Security: The Trellix Roadmap



Data Protection is a top priority for today’s organizations. In addition to
adhering to constantly changing regulatory requirements, there are continuous
concerns over external and internal threats. Any breach can have an impact
beyond just the cost of clean-up. Fines can add up, and the loss of trust can
take a very long time to overcome.

In this session, we will discuss the Trellix Data Security portfolio. We will
show the challenges faced by administrators today and illustrate how Trellix
Data Protection products help customers classify, monitor, and protect their
most sensitive data. We will also highlight recent features that have been added
to the products and give a forward-looking view of plans that are in progress
for this suite of products.

Securing the Ecosystem Email Security: The Trellix Roadmap



Email continues to be the top attack vector. It is imperative that customers
continue to evaluate their Email security solutions to ensure that they are
capable of detecting the latest threats. Many customers must also protect a wide
range of email systems including on-premise and Cloud deployments.

In this session we will discuss the Trellix Email Security portfolio of products
that provide protection to on-premise and cloud based deployments. We will
discuss the deployment challenges customers face today and highlight how Trellix
provides the industry’s most comprehensive set of detection engines to keep
users safe.

Securing the Ecosystem Network Security: The Trellix Roadmap



With network infrastructure now located on-premise, as well as in private,
hybrid and multi-cloud environments - managing and securing them has become
increasingly complex.

In this session, we’ll discuss the opportunities and challenges our customers
face across a growing variety of use cases, how customers can integrate Trellix
detection directly into their custom application, and how they can leverage the
Trellix Network Security portfolio to address infrastructure security wherever
they need it.

Securing the Ecosystem Achieve a True Zero Trust Architecture with Trellix and
Okta

Martin Holste, Chief Technology Officer, Cloud, Trellix

Trellix and Okta have a strong partnership, demonstrated by the popular Helix
XDR integration - and advanced anomaly detection for Okta.

Learn how organizations are taking advantage of the ability to analyze identity
audit events to find anomalies and correlate those anomalies with a wide range
of information, such as application behavior and user roles. This allows the
matching of suspicious logins with post-login actions in the context of the
person’s role. Response actions can then be taken to limit any potential damage
from a compromised identity. This extended detection and response (XDR) forms
the basis for a Zero Trust Architecture (ZTA).

But what about ZTA for on-prem? Businesses are operating hybrid environments and
manage many endpoints in addition to SaaS and cloud infrastructure. Attend and
preview a universal Trellix ePO connector for Helix XDR that will ensure that
on-prem solutions are fully cloud-aware. The insights shared in the link between
Trellix ePO on-prem and Helix XDR in the cloud lets defenders unlock complete
Zero Trust.

Securing the Ecosystem The Cyber EO 14028’s Effect on Software Development

Kent Landfield, Chief Standards and Technology Policy Strategist, Trellix

The US 2021 Executive Order 14028 is changing the way the U.S. Federal
government is viewing the software it purchases and deploys. The EO will alter
the way the software industry creates and delivers software and services.

From the definition of critical software, to requiring software bill of
materials (SBOMs), to documenting secure software development lifecycle
practices, and more, the Cyber EO is impacting the way software producers view
the way they do business.

This lively panel includes those involved in delivering on the requirements of
14028, from NIST and CISA, and a former Federal CISO who will discuss the EO’s
intended impacts and the effect it is having both in and out of government.

Activating Intelligence PhishVision: Caught on Camera

Manoj Ramasamy - Research Scientist, Trellix

Why is a Cyber Security Operation Center so important?

A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Activating Intelligence Catch Me If You Can: Living Off the Land Binaries, and
The Adversaries Who Abuse Them

Tim Hux, Security Researcher, Trellix

Alfred Alvarado, Security Researcher, Trellix

The Trellix Threat Intelligence Group collects, correlates, and analyzes attack
techniques deployed by threat actors, and their use of malicious and
non-malicious tools.

This presentation will detail the most common tools used by threat actors, their
associated MITRE techniques, and the countermeasures which can be used to assist
organizations defend their network.

Living off the Land (LotL) attacks are increasing, and often going unnoticed
during the initial infection phase, due to the method’s use of common
non-malicious tools and Windows binaries. You will learn how threat actors may
gain initial access via spear-phishing, access brokers or unpatched
vulnerabilities, and then use common tools and Windows binaries to allow
reconnaissance and persistence phases to remain undetected while additional
payloads are retrieved, exfiltration is automated, and the final payload is
prepared. Tools such as Rclone can be used to exfiltrate data, PsExec to execute
commands and load binaries, and AD Explorer may be used to perform
reconnaissance tasks like user and computer asset discovery.

Activating Intelligence US Government Cyber Security and Privacy Policies: What
to Expect in 2023

Panel hosted by Kent Landfield, Director, Trellix Public Policy

This panel session will provide a perspective on what public policies to expect
from both the White House and Congress in 2023.

Government policies define the contours of the cyber security market. New
legislative initiatives will focus on protecting critical infrastructures and
government agencies, with a focus on EDR, XDR and Zero Trust solutions. Congress
will once again take up national, privacy legislation. These initiatives impact
both government and private sector users of cyber security solutions.

Panelists will include former, senior US government officials, a former White
House official and federal Chief Information Security Officer, a representative
of the Center for Strategic and International Studies, and Tom Gann, Chief
Public Policy Officer of Trellix.

Activating Intelligence Cyber Tools Shaping Foreign Policy? A False Chinese APT
Responds to Nancy Pelosi’s Visit to Taiwan

Ann An, Security Researcher, Trellix

Trellix endpoint detections reveal cybersecurity and geopolitical activities
well before the media begins reporting them.

On July 29, 2022, Trellix telemetry data showed a spike in detections in Taiwan,
with over 32,000 detections hitting the self-governed island in one day - well
over a typical day range of 9,000 to 17,000 detections. This spike occurred five
days before Nancy Pelosi’s visit to Taiwan on August 3, 2022. Telemetry data
also showed that a significant portion of detections were directed at Taiwan’s
government entities between July 29 and August 6, 2022.

We later noticed an increase in small and medium-sized distributed denial of
service attempts against Taiwan’s website that either report on the Pelosi’s
visit or are perceived as hostile to China. On August 3, 2022, the day after
Pelosi’ visit, one Chinese hacker collective that calls themselves “APT27”
announced a special cyber operation against Taiwan’s government services,
infrastructure, and commercial organizations.

Trellix analysts will explain these DDoS operations and scrutinize the true
identify of APT27 and subsequent activities throughout this Xpand session.
Activating Intelligence The Minority Threat Landscape Report

Christiaan Beek, Snr Principal Engineer, Trellix

In this session we will take you on a trip through parts of the current threat
landscape and our predictions for its future. Our research will highlight where
we know adversaries are operating now – and our informed position on where they
will go next.

We will unveil how Trellix analyzes threats and anticipates them. Learn how we
innovate, and adapt, to counter unexpected threats.

Activating Intelligence Using Critical Threat Intelligence Strategically

Panel hosted by Patrick Flynn, Head of Advanced Programs Group, Trellix

The overarching threat facing cyber organizations today is a highly skilled
asymmetric enemy, well-funded and resolute in their task and purpose. While you
never know exactly how they will come at you, come they will. It’s no different
than fighting a kinetic foe in that, before you fight, you must choose your
ground and study your enemy’s tendencies.

Much focus has been placed on tools and updating technology, but often we are
pushed back on our heels and in a defensive posture.

This panel features senior US government representatives debating that while
technology strategy is important, we must embrace and create a thorough Cyber
Threat Intelligence (CTI) doctrine which must take many forms.

#SoulfulWork From Books to Beating Bad Guys

Mike Kizerian, Principal Technical Instructor, Trellix

We have long lamented the growing need for soulful cyber security roles to be
filled as we struggle to find the experienced hires to fill them.

Ten years ago, Mike was a Team Lead in Kuwait as a contractor for the Army.
Although asked for his open requisitions to be filled with candidates that were
experienced cyber security professionals, he was constantly given candidates
with no security background. But, it did not deter him. Through a careful
program of on-the-job training, each of the hires easily filled their cyber
security roles. They have gone on to have extremely successful cyber security
careers.

Come and learn how the desktop support tech, the developer, the server admin,
and anyone with a desire to learn can find rewarding, #soulfulwork in
cybersecurity.

#SoulfulWork Panel Session: Cyber Security – the Soulful Profession

Hosted by Michael Alicea, Chief Human Resources Officer, Trellix

There’s a place for people who want to protect others. Who want to contribute to
the greater good of society? Who want to keep businesses, essential
infrastructure, and vital information safe? That place? Cybersecurity.

If you’re looking for a career that provides you with the opportunity to do
meaningful, soulful work that enriches people’s lives—you’ve found it. Michael
Alicea will host a thought-provoking panel designed to inspire us to help others
blaze their own trail in cybersecurity.

SECOPS REVOLUTION

Riana Smallberger, Director, Advanced Cyber Threats, Trellix

Mark Boltz-Robinson, Manager, Advanced Cyber Threats, Trellix


BEST PRACTICES OF TODAY’S SOC

Why is a Cyber Security Operation Center so important?

A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Learn More

SECOPS REVOLUTION

Martin Holste, Chief Technology Officer, Cloud, Trellix


MAKING SECURITY STAFF EFFECTIVE IN THE CLOUD WITH XDR

Why is a Cyber Security Operation Center so important?

What information do security staff have to do their job? When they get an alert,
do they understand what is affected, who is involved, a timeline of what
happened, and what normal behavior looks like? It’s hard enough for SOC
operators to get quality alerts, it’s even harder for them to know what to do
with them, and impossible to make thousands of good decisions every day without
being armed with the insights they need.

Learn how Trellix Helix is the truly open managed XDR platform that incorporates
over a hundred vital integrations to collect raw event telemetry from things
like cloud infrastructure, directories, security products, and source code
repositories and forges it into meaningful models and timelines. This session
will detail how Helix Cloud Connect makes integrating data sources quick and
easy and shows the power of what can be done when defenders are armed with
answers. It will dive into the different types of data Helix can collect, how
they are used in detection and response, and advanced hunting use cases.

Learn More

SECOPS REVOLUTION

Steen Pedersen, Principal Architect, CISSP, Trellix


ENTERPRISE EPO, DXL AND TIE INFRASTRUCTURE DESIGNS

This session will take a look at enterprise designs for ePO infrastructures with
Data Exchange Layer (DXL) and Threat Intelligence Exchange (TIE).

Several real-world examples of infrastructure architectures will be showcased,
as will how a current ePO, DXL and TIE infrastructure can transform to include
cloud servers located in AWS, AZURE and more, to create a hybrid ePO
architecture.

Learn More

SECOPS REVOLUTION

Taylor Mullins, Sales Engineer, Trellix


INVASION OF THE INFORMATION STEALERS

Information stealers have become one of the most utilized, damaging, and
simplest to acquire variants of malware observed today. The effects of a
successful information stealer attack can lead to access of company accounts,
deployment of ransomware, and widespread data exfiltration.

In this presentation, we will unveil how threat intelligence and utilizing an
open XDR framework can help a security team proactively apply countermeasures to
prevent, detect an ongoing activity, and monitor the aftermath of a successful
attack across their security solutions.

Learn More

SECOPS REVOLUTION

Deepak Seth, Director, XDR Platform Services, Trellix


HOW XDR IS A GAME CHANGER FOR SECOPS

In the current threat environment, SOC teams continuously face the pressure of
detecting an intrusion as quickly as possible before it becomes a major security
incident. With so many point products in use in a typical organization, it is
often very time consuming and challenging for the SOC team to search through the
noise to find important alerts that may indicate the presence of a threat in the
environment.

XDR can enable a SOC team to detect, respond to and remediate threats across all
attack channels. These include Email, Endpoint, Network and Cloud - without the
inefficiencies of switching between multiple point solutions, and with the
ability to work with relevant data that is actionable.

This session will highlight different phases of a malware attack, the challenges
SecOps face in these phases and how Trellix XDR can help in each of these
phases. We want to help the SecOps team ultimately achieve a stress-free life.
We will demonstrate through a live example of an Advance Persistent

Learn More

SECOPS REVOLUTION

Riana Smallberger, Director, Advanced Cyber Threats, Trellix

Mark Boltz-Robinson, Manager, Advanced Cyber Threats, Trellix


SECOPS AND ANALYTICS

Why is a Cyber Security Operation Center so important?

A SOC exists with the core mission to monitor a wide range of possible threats
against an organization. During this session we will discuss some of the best
practices, procedures, and processes to modernize a SOC. We will also cover the
importance of incorporating Threat Intelligence as a requirement to be
successful.

Learn More

SECOPS REVOLUTION

Martin Holste, Chief Technology Officer, Cloud, Trellix


MAKING SECURITY STAFF EFFECTIVE IN THE CLOUD WITH XDR

Why is a Cyber Security Operation Center so important?

What information do security staff have to do their job? When they get an alert,
do they understand what is affected, who is involved, a timeline of what
happened, and what normal behavior looks like? It’s hard enough for SOC
operators to get quality alerts, it’s even harder for them to know what to do
with them, and impossible to make thousands of good decisions every day without
being armed with the insights they need.

Learn how Trellix Helix is the truly open managed XDR platform that incorporates
over a hundred vital integrations to collect raw event telemetry from things
like cloud infrastructure, directories, security products, and source code
repositories and forges it into meaningful models and timelines. This session
will detail how Helix Cloud Connect makes integrating data sources quick and
easy and shows the power of what can be done when defenders are armed with
answers. It will dive into the different types of data Helix can collect, how
they are used in detection and response, and advanced hunting use cases.

Learn More




TRAINING



TRELLIX DATA LOSS PREVENTION - ENDPOINT INTRODUCTION

With more data to track, classify, and store, that also means more data to
protect. This task has become increasingly difficult due to data volume as well
as limited visibility, organizational silos, and changing compliance needs. The
Trellix Data Loss Prevention - Endpoint Introduction provides attendees with
basic knowledge on the tools you need to design, implement, and configure
Trellix DLP - Endpoint to safeguard intellectual property and ensure compliance.

This course details how this solution uses the XDR solution for centralized
management and can expand your data security by extending on-premises DLP
policies to the cloud to ensure consistent protection. The course also explains
how to monitor and address risky, day-to-day end-user actions such as emailing,
web posting, printing, clipboards, screen captures, device control, uploading to
the cloud, and more.

Date: Tuesday, 27 September

Time Session #1: 9:00AM – 12:00PM

Time Session #2: 1:00PM – 4:00PM

Price: Included with Xpand registration

CPE Credits: 3

Room: Bluethorn 3

COURSE DETAILS

At the end of this course, students should be able to:

 * Provide an overview of Data Loss Prevention Solution
 * Describe the features of Data Loss Prevention Policy Manager

AGENDA

 * Product Introduction
 * Data Loss Prevention Overview

Register Now

WHO SHOULD TAKE THIS CLASS?

System and network administrators, security personnel, auditors, and/or
consultants concerned with system endpoint security should take this course.

Participants should have a working knowledge of Microsoft Windows
administration, system administration concepts, and networking technologies. It
is also desirable to have a basic understanding of computer security and cloud
security concepts, and a general understanding of web technologies. Trellix ePO
- On-prem product knowledge is recommended.

Please note that students are responsible for bringing their own laptop to class
to access the lab materials.

TRELLIX EPOLICY ORCHESTRATOR - SAAS INTRODUCTION

The Trellix ePolicy Orchestrator - SaaS course provides attendees with basic
knowledge to use Trellix ePO - SaaS software for Extended Detection and Response
(XDR) to accelerate incident response, keep ahead of cyberthreats, and unify
your security tools. In addition, students will learn the benefits of running
Trellix ePO - SaaS in their environment, such as the ability to control and
administer all your endpoints from a single console, complete automation and
optimization, and the ability to orchestrate multiple products in an integrated
single pane of glass for policy management and enforcement across the entire
enterprise. You will also learn basic configuration of Trellix ePO – SaaS to
help you maximize these benefits. This course combines lectures, demonstrations,
and practical lab exercises.

Date: Tuesday, 27 September

Time Session #1: 9:00AM – 12:00PM

Time Session #2: 1:00PM – 4:00PM

Price: Included with Xpand registration

CPE Credits: 3

Room: Bluethorn 3

Seating is limited - You must register to attend.

COURSE DETAILS

At the end of this course, students should be able to:

 * Describe the Trellix ePO - SaaS offering
 * Discuss the basic features, functionality, and architecture for the Trellix
   ePO - SaaS offering
 * Describe the process for initial configuration, migration, and deployment of
   Trellix ePO - SaaS
 * Explain how to manage users and roles in Trellix ePO - SaaS
 * Describe basic configuration tasks in Trellix ePO – SaaS

AGENDA

 * Product Overview
 * Features and Architecture
 * Installation, Migration, and Deployment
 * Configuration

Register Now

WHO SHOULD TAKE THIS CLASS?

System and network administrators, security personnel, auditors, and/or
consultants concerned with Trellix ePO - SaaS should take this course.
Participants should have a working knowledge of Microsoft Windows
administration, including Microsoft Windows Defender. It is also desirable to
have a basic understanding of system administration concepts, computer security
and cloud security concepts, and a general understanding of viruses and
anti-virus technologies.

Please note that students are responsible for bringing their own laptop to class
to access the lab materials.

PRODUCT AGNOSTIC THREAT HUNTING

Many organizations have SIEM technology and a variety of detection points that
generate millions, if not billions, of alerts per day. SOC analysts spend time
trying to stave off this tidal wave of data, attempting to identify the key
alerts indicative of an incident - be it a breach, malware outbreak, or
adversary.

During this 3-hour session we will cover methodologies to enable analysts to
effectively hunt for threats in their environment proactively.

Date: Tuesday, 27 September

Time Session #1: 9:00AM – 12:00PM

Time Session #2: 1:00PM – 4:00PM

Price: Included with Xpand registration

CPE Credits: 3

Room: Bluethorn 4

Seating is limited - You must register to attend.

COURSE DETAILS

At the end of this course, students should be able to understand anomalies and
threats in their environments.

This course is designed to enable students to understand hunting methodologies
and how to hunt for threats proactively and effectively in applications and
endpoint alerts, and to apply critical reasoning skills to stay focused and
avoid pitfalls.

AGENDA

 * Introductions
 * Threat Hunting Overview
 * Analytical Thinking
 * Augmenting with Threat Intelligence
 * Organizational Threat Hunting Maturity
 * Threat Hunting Methodology
 * Hunting with Network Tools
 * Hunting with Endpoint Tools
 * Hunting with Application Tools

Register Now

WHO SHOULD TAKE THIS CLASS?

Participants should have a basic understanding of threats, SOC monitoring,
computer forensics, and TCP/IP networking for the course to be fully beneficial.

Basic understanding of Threat Intelligence would also be an advantage.

NETWORK HUNTING WITH TRELLIX XDR

Through the Trellix XDR platform, this one-day workshop introduces the essential
concepts for network hunting and how an XDR platform allows you to pivot from
network logs into critically related endpoint logs to find attacker malware and
its associated C2 connections. C2 communication and data exfiltration are not
always obvious. This course will provide analysis methods to help identify the
communication happening as it leaves your network and how those connections
correlate to the processes creating that communication.

Throughout the course, students will have the opportunity to perform hands-on
activities that follow real-world use cases using typical security toolsets such
as SIEM, packet capture, and EDR. In our lab, we leverage Trellix XDR platform
technologies including Helix, Endpoint Security (HX) and Network Forensics for
packet capture.


This course combines lectures, demonstrations, and practical lab exercises.

Date: Tuesday, 27 September

Time: 9:00AM – 4:00PM

Price: Included with Xpand registration

CPE Credits: 6

Room: Bluethorn 8

Seating is limited - You must register to attend.

COURSE DETAILS

At the end of this course, students should be able to identify network anomalies
and uncover threats in their environments. This course is designed to enable
students to:

 * Enhance an existing hunting program
 * Leverage provided use cases for your hunting program and network data for
   successful hunting
 * Use relevant threat models to implement a network hunt mission by acquiring
   and analyzing relevant data
 * Understand how to ingest and view network and endpoint logs from the unified
   console within the Trellix XDR platform
 * Understand how to implement host-based logging to support network analysis

AGENDA

 * Hunting Overview
 * Network Hunting
 * Network Logs
 * Endpoint Correlation
 * Analysis Techniques
 * Use Cases - Real-world Threats
 * Use Cases - Mitre ATT&CK® Framework
 * Automation

Register Now

WHO SHOULD TAKE THIS CLASS?

Incident response team members, threat hunters, and information security
professionals. Students should have a working understanding of networking and
network security as well as the Windows operating system. Hands-on use of SIEM
and EDR tools would also be of benefit. Please note that students are
responsible for bringing their own laptop to class to access the lab materials.

ENDPOINT INVESTIGATIONS WITH TRELLIX XDR

This one-day workshop introduces essential XDR concepts of log analysis and
endpoint investigations. Using attack methodologies from the Mitre ATT&CK®
framework, you will learn which specific Windows telemetry is critical to a
successful investigation. Within the Trellix XDR platform, you will also learn
how to collect endpoint data and pivot out to an endpoint alert to aid in your
investigation.

Throughout the course, students will have the opportunity to perform hands-on
activities that follow real-world use cases using typical security toolsets such
as SIEM and EDR. In our lab, we leverage Trellix XDR platform technologies
including Helix, Network Security and Endpoint Security (HX).


This course combines lectures, demonstrations, and practical lab exercises.

Date: Tuesday, 27 September

Time: 9:00AM – 4:00PM

Price: Included with Xpand registration

CPE Credits: 6

Room: Bluethorn 9

Seating is limited - You must register to attend.

COURSE DETAILS

The one-day primer covers the analyst workflow: triaging alerts, creating and
scoping incidents, and using the Trellix XDR platform, including Helix and
Endpoint Security (HX) tools, to conduct investigative searches across the
enterprise. At the end of this course, students should be able to identify
anomalies on endpoints and uncover threats in their environments.


This course is designed to enable students to:

 * Describe methods of live analysis
 * Identify critical log sources to send to Helix
 * Use core analyst features of Endpoint Security such as alerting, enterprise
   search, and containing endpoints
 * Validate and provide further context for Trellix alerts
 * Analyze an endpoint data acquisition using a defined methodology
   
   
 * Identify malicious activity hidden among common Windows events

AGENDA

 * Helix Fundamentals
 * Helix Detections: Rules and Analytics
 * Initial Alerts
 * Windows Telemetry and Acquisitions

Register Now

WHO SHOULD TAKE THIS CLASS?

Incident response team members, threat hunters, and information security
professionals. Students should have a working understanding of networking and
network security, the Windows operating system, file system, registry, and use
of the CLI.

Please note that students are responsible for bringing their own laptop to class
to access the lab materials.

TRELLIX ENS EXPERT RULES INTRODUCTION

Building on the ENS Platform, ENS Expert Rules allow the advanced Trellix ENS
administrator to add deeper security to their Trellix ENS Deployment by
authoring rules to reconnoiter and block TTPs observed through XDR or obtained
via industry intelligence.

The course provides insights into our proprietary syntaxes, and a basic view
into Operating System concepts and references needed to better understand how
ENS works and fully comprehend how ENS Expert Rules can provide a more
customized and secure environment.


This course combines lectures and demonstrations.

Date: Tuesday, 27 September

Time: 9:00AM – 12:00PM

Price: Included with Xpand registration

CPE Credits: 3

Room: Bluethorn 1

Seating is limited - You must register to attend.

COURSE DETAILS

At the end of this course, students should be able to:

 * Understand Microsoft Windows Operating System Concepts relevant to Expert
   Rules
 * Understand AAC (Arbitrary Access Control)
 * Understand how to create Expert Rules

AGENDA

 * Concepts
 * Technologies
 * Expert Rules Type
 * Expert Rules Syntax

Register Now

WHO SHOULD TAKE THIS CLASS?

This course is intended for system and network administrators, security
personnel, auditors, and/or consultants concerned with system endpoint security.

TRELLIX ENS EXPERT RULES ADVANCED

Building on the ENS Platform, ENS Expert Rules allow the advanced Trellix ENS
administrator to add deeper security to their Trellix ENS Deployment by
authoring rules to reconnoiter and block TTPs observed through XDR or obtained
via industry intelligence.

The course provides insights into how ENS Expert Rules work and fully comprehend
how ENS Expert Rules can provide a more customized and secure environment.


This course combines lectures and demonstrations.

Date: Tuesday, 27 September

Time: 1:00PM – 12:00PM

Price: Included with Xpand registration

CPE Credits: 3

Room: Bluethorn 1

Seating is limited - You must register to attend.

COURSE DETAILS

At the end of this course, students should be able to:

 * Understand the system impact of expert rules
 * Understand what kinds of items can be protected with Expert Rules
 * Create custom rules

AGENDA

The lecture 'Trellix ENS Expert Rules Advanced' demonstrates ENS Expert Rules
designed for environmental reconnaissance and threat blocking.

Register Now

WHO SHOULD TAKE THIS CLASS?

This course is intended for system and network administrators, security
personnel, auditors, and/or consultants concerned with system endpoint security.


It is recommended for participants to attend the Trellix ENS Expert Rules
Introduction lecture prior to attending this course.


CAPTURE THE FLAG



BLUE TEAM WITH TRELLIX - DEFENDING YOUR ORGANIZATION

This unique CTF challenges you to uncover adversary TTPs using the Trellix XDR
platform.

Take on the #soulful role of a cyber defender. As you come in for your shift,
you are hit with an alert! It’s all-hands-on-deck as you dig in to find out who
is on your network and what they have done, while ensuring management is
well-informed. Through simulated attacks and scenarios based on the MITRE
ATT&CK® framework, participants will leverage a combination of Trellix solutions
and best-of-breed open-source tools to triage, investigate, and hunt for the
presence of the adversary. Participants will practice their security skills
through a series of questions and challenges to interpret alerts, understand
various network and host telemetry, and discover what the threat actor has done.

You will leverage the Trellix XDR platform, navigating between the Helix unified
console and available telemetry from Endpoint Security (HX), as well as the
Network Forensics platform. Questions range from basic to advanced, and
participants earn points in our interactive scoreboard for prizes, unique SWAG,
and bragging rights.

24-hour challenge

StartTuesday, 28 September – 11:30 AM

End Wednesday, 29 September - 11:30 AM

Price: Included with Xpand registration

CPE Credits: 3

Room:Xpo Hall – CTF Area in Trellix Booth

Participation is limited - You must register to attend.

CATEGORIES INCLUDE:

 * Endpoint Investigations
 * Network Analysis
 * Log Analysis

Participants will have conference-long access to required tools through the
Education Services Learning Lab. The Education Services team will be on-site to
provide hands-on support for the CTF during the conference.

Register Now

WHO SHOULD REGISTER FOR CTF?

Anyone can participate and learn! SOC managers, analysts, incident responders,
and other general security practitioners are encouraged to join us in this fun
CTF designed to accommodate all levels of expertise: from the junior analyst to
the expert one.

Participants should possess general security knowledge, including working
knowledge of security tools and investigations. You must have a laptop computer
equipped with Wi-Fi – Laptops will not be provided.

Space is limited. Pre-registration required.

What happens in Vegas won’t stay in Vegas with free technical training.

Ranging from 3 hours – to a full day - these sessions combine lectures with
demonstrations, and practical lab exercises.

TRELLIX DATA LOSS PREVENTION

Learn the tools you need to design, implement, and configure Trellix DLP to
safeguard intellectual property and support compliance.


We share how to monitor and address risky, day-to-day end-user actions such as
emailing, web posting, printing, clipboards, screen captures, device control,
uploading to the cloud, and more.

TRELLIX EPOLICY ORCHESTRATOR - SAAS INTRODUCTION

The Trellix ePolicy Orchestrator - SaaS course provides attendees with basic
knowledge to support Trellix ePO - SaaS software. In addition, students will
learn the benefits of running Trellix ePO - SaaS in their environment, basic
configuration information, as well as Protection Workspace functionality.

PRODUCT AGNOSTIC THREAT HUNTING

Many organizations have SIEM technology and a variety of detection points that
generate millions, if not billions, of alerts per day. SOC analysts spend time
attempting to identify the key alerts indicative of an incident - be it a
breach, malware outbreak, or adversary.

During the session we will cover methodologies to enable analysts to effectively
hunt for threats in their environment proactively.

NETWORK HUNTING

This one-day workshop introduces essential concepts for network hunting and then
allows learners to apply techniques to hunt for anomalous activity.

Throughout the course, the instructor will provide hands-on activities that
follow real-world use cases using typical security toolsets such as SIEM, packet
capture, and EDR. We will leverage Trellix Helix and endpoint logs, such as
Endpoint Security (HX) agent logs and Sysmon.

ENDPOINT INVESTIGATIONS

This one-day workshop introduces essential concepts of endpoint investigations. 
Using attack methodologies from the Mitre ATT&CK® framework, you will learn what
specific Windows telemetry is critical to a successful investigation.

You will also learn how to pivot out to an endpoint and collect any other
necessary data to aid in your investigation

TRELLIX ENS EXPERT RULES

Available in both introduction and advanced sessions – we share how building on
the ENS Platform with ENS Expert Rules allows the advanced Trellix ENS
administrator to add deeper security to their deployment.

Proprietary syntaxes, and a basic view into Operating System concepts and
references will be shared - to enable a more customized and secure environment

CAPTURE THE FLAG – BLUE TEAM

This unique CTF challenges you to uncover adversary TTPs using Trellix Helix and
other available endpoint and network tools.

Take on the #SoulfulWork role of a cyber defender. As you come in for your
shift, you are hit with an alert! It’s all hands on deck as you dig in to find
out who is on your network and what they have done, while ensuring management is
well-informed.




KEYNOTE SPEAKERS


BRYAN
PALMA


CHIEF EXECUTIVE OFFICER

“Cyber threats aren’t static, and our adversaries never stand still. Security
operations teams are bearing the brunt of more sophisticated threats, increasing
technology complexity, and the cyber security skills shortage. Trellix is
focused on helping our customers deploy XDR capabilities to level the playing
field with attackers. Xpand Live offers the opportunity for security
practitioners to learn more about the next generation of Trellix technology.”


APARNA
RAYASAM


CHIEF PRODUCT OFFICER

“Xpand Live offers an insider’s view of the industry’s most comprehensive XDR
platform, powered by Trellix’s innovative technology. Come meet with the experts
delivering the great security outcomes needed to ensure your organization is
fast enough to keep up with dynamic threats, intelligent enough to learn from
them, and constantly evolving to keep the upper hand.”


AMOL
MATHUR


SVP, PRODUCT MANAGEMENT

“Xpand Live provides access to the world’s largest network of cybersecurity
experts, sharing the coveted insight required to deliver earlier, better
detection, response, and remediation across all phases of the attack chain.”


CHRISTIAAN
BEEK


LEAD SCIENTIST & SR. PRINCIPAL ENGINEER

“With cyber threats scaling in complexity, collaboration and sharing information
is invaluable to building a strong defense. Xpand is an important time for us to
come together with our partners and customers to discuss the latest mitigation
strategies and adversary tactics.”


JOHN
FOKKER


HEAD OF CYBER INVESTIGATIONS FOR TRELLIX THREAT LABS

“The threat landscape is rapidly evolving and becoming more sophisticated, and
this needs to be understood by every government, organization, and person. We’re
seeing the lines between nation-state actors and common cybercriminals blurring,
all while adversaries are finding clever ways to leverage non-malicious tools to
infiltrate a network.”


ADAM
PHILPOTT


CHIEF REVENUE OFFICER

“It's a long-held best practice to create harmony between people, process and
technology. However, complexity arising from the myriad tools that support
security tomorrow's digital platforms has natively impacted this balance. It's
time to put that right, thinking not about the next tool but about the entire
system. Bringing together a huge network of cybersecurity experts at Xpand Live
will kick-start these incredible conversations and represent a huge
steppingstone to the future of our customer's businesses.”


BRETT
HANNATH


CHIEF MARKETING OFFICER

 


XPAND LIVE 2022 AGENDA AT-A-GLANCE

Day 1 – September 27th Activity 9:00AM – 3:00PM CAB 9:00AM – 5:00PM Training
Sessions 12:00 Noon – 5:00PM Partner Summit 7:00PM – 10:00PM Partner Summit
Poolside Reception Day 2 – September 28th Activity 7:30AM – 9:00AM Breakfast
9:00AM – 10:30AM General Session Keynote – Main Stage 10:45AM – 11:45AM
Technical Breakout Sessions 11:30PM – 1:00PM Lunch in Xpo Hall / Xpo Hall Open
Capture the Flag Challenge - Begins
Trellix Booth with Live Q&A
Solution Demos
Sponsor Booths
UX Team 1:1 Meetings
Innovation Spotlight
#Soulfulwork Luncheon
Women in Security Luncheon 1:15PM – 2:15PM Technical Breakout Sessions 2:30PM –
3:30PM Technical Breakout Sessions 3:45PM – 4:45PM Technical Breakout Sessions
5:30PM – 7:00PM Xpand Welcome Reception in Xpo Hall Day 3 – September 29th
Activity 7:30AM – 8:30AM Breakfast 8:30AM – 10:00AM General Session Keynote –
Main Stage 10:15AM – 11:15AM Technical Breakout Sessions 11:30PM – 1:00PM Lunch
in Xpo Hall / Xpo Hall Open
Trellix Booth with Live Q&A
Solution Demos
Sponsor Booths
UX Team 1:1 Meetings
Innovation Spotlight
Capture the Flag Challenge – Closes 1:15PM – 2:15PM Technical Breakout Sessions
2:30PM – 3:30PM Technical Breakout Sessions 3:45PM – 4:45PM Technical Breakout
Sessions 7:00PM – 10:00PM Final Night Party at JEWEL Nightclub


XPAND LIVE 2022 ACCOMMODATIONS

ARIA Resort & Casino
3730 Las Vegas Blvd. South
Las Vegas, NV 89158 USA

Questions on Accommodations?
Reservation Questions please email: XpandRegistration@ITAGROUP.com

ARIA Resort & Casino is offering special summit rates to Xpand LIVE 2022
attendees.
ARIA Discounted Room/Suite Rates: Please note-tax is based on current tax and
subject to change (Available nights of September 9/23 - 9/30, 2022)

9/23/22: $245 + Resort Fee + tax / night
9/24/22: $245 + Resort Fee + tax / night
9/25/22: $169 + Resort Fee + tax / night
9/26/22: $169 + Resort Fee + tax / night
9/27/22: $245 + Resort Fee + tax / night
9/28/22: $245 + Resort Fee + tax / night
9/29/22: $169 + Resort Fee + tax / night
9/30/22: $169 + Resort Fee + tax / night

Room Cost Per Day 23-Sep 24-Sep 25-Sep 26-Sep 27-Sep 28-Sep 29-Sep 30-Sep Deluxe
King @ $245 $245 $245 0 0 $245 $245 0 0 Deluxe King @ $169 0 0 $169 $169 0 0
$169 $169

You can book your Xpand Live 2022 hotel accommodations during Xpand Live 2022
registration. NOTE: Hotel reservations should be made ONLY through the Xpand
registration site to secure our special ARIA discounted room rates. Do not
accept external solicitations.

About the ARIA Resort & Casino
ARIA Resort & Casino is a stunning AAA Five Diamond resort on The Strip
featuring spectacular amenities, high-end service, premium meeting and
convention space, striking architecture and sustainable design. Combined with
its unparalleled offerings including the luxurious Shops at Crystals and the
first-of-its-kind public Fine Art Collection, ARIA sets the bar for a new
generation of resort experiences. And because the ARIA Convention Center is
hosting Xpand Live 2022, you’ll enjoy the convenience of having the summit all
under one roof.

Questions on Accommodations?
Reservation Questions please email: XpandRegistration@ITAGROUP.com

 




--------------------------------------------------------------------------------

About Why Trellix? About Us Explore Products Leadership Careers
News and Events Newsroom Press Releases Blogs Webinars Events
Resources Security Awareness Resource Library Training and Education
Communication Preferences Trellix Store
Support Support Customer Success Plans Downloads Product Documentation
Trellix Contact Us
Copyright © 2022 Musarubra US LLC | Privacy | Legal | Terms of Service








YOU'RE EXITING TRELLIX.

Please pardon our appearance as we transition from McAfee Enterprise to Trellix.

Exciting changes are in the works.
We look forward to discussing your enterprise security needs.

You will be redirected in 0 seconds. If not, please click here to continue









YOU'RE EXITING TRELLIX.

Please pardon our appearance as we transition from FireEye to Trellix.

Exciting changes are in the works.
We look forward to discussing your security needs.

You will be redirected in 0 seconds. If not, please click here to continue









MCAFEE ENTERPRISE AND FIREEYE EMERGE AS TRELLIX.


For legal information, please click on the corresponding link below.


Legal
Terms of Service

Legal & Terms of Service

SEARCH TIPS


Be concise and specific:

Wrong: I want to learn how to migrate to Trellix Endpoint Security

Right: Trellix Endpoint Security migration

Use quotation marks to find a specific phrase:

“migrate to Trellix Endpoint security”

Use sets of quotation marks to search for multiple queries:

“endpoint security” “Windows”

Punctuation and special characters are ignored:

Avoid these characters: `, ~, :, @, #, $, %, ^, &, =, +, <, >, (, )

The search engine is not case sensitive:

Endpoint security, endpoint security, and ENDPOINT SECURITY will all yield the
same results.

Close

www.trellix.com Open in urlscan Pro 2a02:26f0:1700:5::5f65:1b66 Public Scan

Form analysis 1 forms found in the DOM

Text Content

www.trellix.com Open in urlscan Pro
2a02:26f0:1700:5::5f65:1b66 Public Scan

Form analysis
1 forms found in the DOM