Overview

With the ongoing prevalence of data breaches and the greater sophistication and pervasiveness of malware, and in particular ransomware, the UC system is enhancing legacy endpoint security (anti-virus or anti-malware) with next-generation endpoint protection.  The UCSB Security Operations Center (SOC) provides endpoint security monitoring through an advanced Endpoint Detection and Response (EDR) tool. The Trellix (formerly FireEye) Endpoint Security (TES) platform is designed to address these new sophisticated attacks with features that go well beyond the capabilities of traditional malware protection.  

The Trellix Endpoint Security platform is made available as part of a UC systemwide initiative to help manage and reduce cybersecurity risk. 
 

Capabilities

The Trellix Endpoint Security (TES) agent runs in the background of a system while you do your normal work. What's unique about this software (from other malware or antivirus programs) is that it uses real-time threat intelligence in conjunction with machine learning to quickly detect threats and then automatically act to mitigate any damage utilizing these techniques: 

  • Signature-based engine to find and block known malware (similar to traditional anti-virus and anti-malware software) 
  • MalwareGuard machine learning detection using seeded threat intelligence
  • Behavior-based analytics engine to stop advanced threats 
  • Real-Time Discovery of Indicators of Compromise (IOC) using frontline threat intelligence 
  • Automatic real-time investigation of ongoing security events, greatly expediting incident response and containment

 

Have questions?

Submit a ServiceNow ticket.