Trellix

---

title: "Trellix" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["2013-initial-public-offerings", "american-companies-established-in-2004", "companies-based-in-milpitas,-california", "companies-listed-on-the-nasdaq", "computer-forensics", "computer-security-companies-specializing-in-botnets", "in-q-tel", "technology-companies-of-the-united-states"] description: "American cybersecurity company" topic_path: "technology/computing" source: "https://en.wikipedia.org/wiki/Trellix" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary American cybersecurity company ::

::data[format=table title="Infobox company"]

Field	Value
name	Trellix
logo	Trellix Logo.svg
type	Private
foundation
location	Milpitas, California, United States
key_people	Vishal Rao (CEO)
industry	Computer security
products	Cyber Security Hardware and Software
services	IT Security Consulting Services
revenue	(2020)
assets	(2020)
equity	(2020)
num_employees	~3,400 (December 2020)
owner	Symphony Technology Group
homepage
::

| name = Trellix | logo = Trellix Logo.svg | type = Private | foundation = | founder = | location = Milpitas, California, United States | locations = | area_served = | key_people = Vishal Rao (CEO) | industry = Computer security | products = Cyber Security Hardware and Software | services = IT Security Consulting Services | revenue = (2020) | assets = (2020) | equity = (2020) | num_employees = ~3,400 (December 2020) | owner = Symphony Technology Group | divisions = | subsid = | homepage = | footnotes = | intl = Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company that was founded in 2022. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

In June 2021, FireEye sold its name and products business to Symphony Technology Group (STG) for $1.2bn. STG acquired McAfee Enterprise in an all-cash transaction for US$4.0 billion in July 2021. STG combined FireEye with McAfee's enterprise business to launch Trellix, an extended detection and response (XDR) company. McAfee Enterprise's security service edge (SSE) business operated as a separate company known as Skyhigh Security.

History

FireEye was founded in 2004 by Ashar Aziz, a former Sun Microsystems engineer. FireEye's first commercial product was developed and sold in 2010. Initially, FireEye focused on developing virtual machines to download and test internet traffic before transferring it to a corporate or government network.

In December 2012, founder Aziz stepped down as CEO and former McAfee CEO, David DeWalt, was appointed to the position to prepare the company for an initial public offering (IPO). The following year, FireEye raised an additional $50 million in venture capital, bringing its total funding to $85M. In late 2013, FireEye went public, raising $300M. FireEye remained public until 2021.

In December 2013, FireEye acquired Mandiant, an incident response services company, for US$1.0 billion. Mandiant became a subsidiary of FireEye. After the Mandiant acquisition, FireEye was called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem, and others.

In 2010, FireEye expanded into the Middle East and the Asian Pacific. The company entered Europe in 2011 and Africa in 2013. Despite the expansions, FireEye was not profitable, due to high operating costs such as research and development expenses.

In late 2014, FireEye initiated a secondary offering, selling another $1.1billion in shares, to fund the development of a wider range of products. Shortly afterward, FireEye acquired high-speed packet capture company, nPulse, for approximately $60M. By 2015, FireEye made over $100M in annual revenue, but was still unprofitable.

In January 2016, FireEye acquired iSIGHT Partners for $275M. iSIGHT was a threat intelligence company that gathered information about hacker groups and other cybersecurity risks. This was followed by the acquisition of Invotas, an IT security automation company. DeWalt stepped down as CEO in 2016 and was replaced by Mandiant CEO and former FireEye President Kevin Mandia. Due to lower-than-expected sales, the company downsized, resulting in a layoff of 300–400 employees. Profit and revenue increased on account of shifts to a subscription model and lower costs.

In June 2021, FireEye announced the sale of its products business and name to STG for $1.2 bn. In July 2021, Symphony Technology Group (STG) acquired McAfee Enterprise for $4bn. The sale split off its cyber forensics unit, Mandiant, and the FireEye stock symbol FEYE was relaunched as MNDT on the NASDAQ on October 5, 2021.

In January 2022, STG announced the launch of Trellix, an extended detection and response company, which is a combination of FireEye and the McAfee enterprise business. On September 30, 2021, STG announced Bryan Palma as CEO of the combined company.

In January 2025, Symphony Technology Group tapped Vishal Rao to take over as CEO of Trellix while continuing to serve as chief executive of sister company Skyhigh Security.

Products and services

FireEye started with "sandboxing", in which incoming network traffic is opened within a virtual machine to test it for malicious software before being introduced into the network. FireEye's products diversified over time, in part through acquisitions. In 2017, FireEye transitioned from primarily selling appliances, to a software-as-a-service model.

FireEye sells technology products including network, email, and endpoint security, a platform for managing security operations centers called Helix, and consulting services primarily based on incident response and threat intelligence products.

The Central Management System (CMS) consolidates the management, reporting, and data sharing of Web MPS (Malware Protection System), Email MPS, File MPS, and Malware Analysis System (MAS) into a single network-based appliance by acting as a distribution hub for malware security intelligence.

As of its inception in January 2022, Trellix has more than 40,000 customers, 5,000 employees, and $2bn in annual revenue. Trellix includes the endpoint, cloud, collaboration, data and user, application, and infrastructure security capabilities of FireEye and McAfee. The business focuses on threat detection and response using machine learning and automation, with security technology that can learn and adapt to combat advanced threats.

Operations

2008–2014

In Fall 2009, FireEye participated to take down the Mega-D botnet (also known as Ozdok).

On March 16, 2011, the Rustock botnet was taken down through action by Microsoft, US federal law enforcement agents, FireEye, and the University of Washington.

In July 2012, FireEye was involved in the analysis of the Grum botnet's command and control servers located in the Netherlands, Panama, and Russia.

In 2014, the FireEye Labs team identified two new zero-day vulnerabilities – – as part of limited, targeted attacks against major corporations. Both zero-days exploit the Windows kernel. Microsoft addressed the vulnerabilities in the October 2014 Security Bulletin. Also in 2014, FireEye provided information on a threat group it calls FIN4. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies.

The group has targeted hundreds of companies and specifically targets the emails of corporate-level executives, legal counsel, regulatory personnel, and individuals who would regularly discuss market-moving information. Also in 2014, FireEye released a report focused on a threat group it refers to as APT28. APT28 focuses on collecting intelligence that would be most useful to a government. FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries, and security organizations that would likely benefit the Russian government.

2015

In 2015, FireEye confirmed the existence of at least 14 router implants spread across four different countries: Ukraine, the Philippines, Mexico, and India. Referred to as SYNful Knock, the implant is a stealthy modification of the router's firmware image that can be used to maintain persistence within a victim's network.

In September 2015, FireEye obtained an injunction against a security researcher attempting to report vulnerabilities in FireEye Malware Protection System.

In 2015, FireEye uncovered an attack exploiting two previously unknown vulnerabilities, one in Microsoft Office () and another in Windows (). The attackers hid the exploit within a Microsoft Word document (.docx) that appeared to be a résumé. The combination of these two exploits grants fully privileged remote code execution. Both vulnerabilities were patched by Microsoft.

In 2015, the FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (). Adobe released a patch for the vulnerability with an out-of-band security bulletin. FireEye attributed the activity to a China-based threat group it tracks as APT3.

2016

In 2016, FireEye announced that it had been tracking a pair of cybercriminals referred to as the "Vendetta Brothers." The company said that the enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information, and sell it on their underground marketplace "Vendetta World." In mid-2016, FireEye released a report on the impact of the 2015 agreement between former U.S. President Barack Obama and China's paramount leader Xi Jinping that neither government would "conduct or knowingly support cyber-enabled theft of intellectual property" for economic advantage.

The security firm reviewed the activity of 72 groups that it suspects are operating in China or otherwise support Chinese state interests and determined that, as of mid-2014, there was an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries.

In 2016, FireEye announced that it had identified several versions of an ICS-focused malware – dubbed IRON GATE – crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. Although Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed to FireEye that IRON GATE is not viable against operational Siemens control systems and that IRON GATE does not exploit any vulnerabilities in Siemens products, the security firm said that IRON GATE invokes ICS attack concepts first seen in Stuxnet.

In May 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player (). The security firm reported the issue to the Adobe Product Security Incident Response Team (PSIRT) and Adobe released a patch for the vulnerability four days later.

In 2016, FireEye discovered a widespread vulnerability affecting Android devices that permit local privilege escalation to the built-in user "radio", making it so an attacker can potentially perform activities such as viewing the victim's SMS database and phone history. FireEye reached out to Qualcomm in January 2016 and subsequently worked with the Qualcomm Product Security Team to address the issue.

In 2016, FireEye provided details on FIN6, a cybercriminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems, and making off millions of payment card numbers that were later sold on an underground marketplace.

2017–2019

In 2017, FireEye detected malicious Microsoft Office RTF documents leveraging a previously undisclosed vulnerability, . This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. FireEye shared the details of the vulnerability with Microsoft and coordinated public disclosure timed with the release of a patch by Microsoft to address the vulnerability.

In 2018, FireEye helped Facebook identify 652 fake accounts.

2020–2021

FireEye revealed on Tuesday, December 8, 2020, that its systems were pierced by what it called "a nation with top-tier offensive capabilities". The company said the attackers used "novel techniques" to steal copies of FireEye's red team tool kit, which the attackers could potentially use in other attacks. The same day, FireEye published countermeasures against the tools that had been stolen.

A week later in December 2020, FireEye reported the SolarWinds supply chain attack to the U.S. National Security Agency (NSA), the federal agency responsible for defending the U.S. from cyberattacks, and said its tools were stolen by the same actors. The NSA is not known to have been aware of the attack before being notified by FireEye. The NSA uses SolarWinds software itself.

Within a week of FireEye's breach, cyber-security firm McAfee said the stolen tools had been used in at least 19 countries, including the US, the UK, Ireland, the Netherlands, and Australia.

During the continued investigation of the hack of their data and that of federal agencies revealed on December 8, 2020, FireEye reported in early January that the hacks originated from inside the USA, sometimes very close to the facilities affected, which enabled the hackers to evade surveillance by the National Security Agency and the defenses used by the Department of Homeland Security.

2022

A 2022 report by Trellix noted that hacking groups Wicked Panda (linked to China) and Cozy Bear (linked to Russia) were behind 46% of all state-sponsored hacking campaigns in the third quarter of 2021 and that in a third of all state-sponsored cyber attacks, the hackers abused Cobalt Strike security tools to get access to the victim's network. In a January 2022 report on Fox News, Trellix CEO, Bryan Palma, stated that there is an increasing level of cyberwarfare threats from Russia and China.

A 2022 Trellix report stated that hackers are using Microsoft OneDrive in an espionage campaign against government officials in Western Asia. The malware, named by Trellix as Graphite, employs Microsoft Graph to use OneDrive as a command and control server and execute the malware. The attack is split into multiple stages to remain hidden for as long as possible.

Acquisitions

::data[format=table]

Announcement date	Company	Business	Deal size	References
December 30, 2013	Mandiant	Information security	$1bn
May 8, 2014	nPulse Technologies	Information security	$60M
January 2016	iSight Partners	Cyber Threat Intelligence	$275M
February 2016	Invotas	Security Orchestration
October 2017	The Email Laundry	Email Security
January 2018	X15 Software	Machine and Log Data Management	$15M in equity and $5M in cash
May 2019	Verodin, Inc.	Security Instrumentation	Approximately $250M in cash and stock
January 2020	Cloudvisory	Cloud Security	$13.2M in cash
November 2020	Respond Software	Decision Automation	Approximately $186M in cash and stock
::

References

References

1. (February 2021). "FireEye, Inc. 2020 Annual Report (Form 10-K)". [[U.S. Securities and Exchange Commission]].
2. Springer, P.J.. (2017). "Encyclopedia of Cyber Warfare". ABC-CLIO.
3. (June 2, 2021). "FireEye is selling its products business and name for $1.2 billion".
4. (March 8, 2021). "McAfee Announces Sale of Enterprise Business to Symphony Technology Group for $4.0 Billion".
5. (January 27, 2022). "McAfee Enterprise and FireEye combo is now Trellix".
6. (March 22, 2022). "McAfee Enterprise cloud security biz relaunches as Skyhigh".
7. Anderson, Mae. (August 24, 2018). "FireEye is tech firms' weapon against disinformation, staffed with 'the Navy SEALs of cyber security'". latimes.com.
8. (September 20, 2013). "FireEye shares double as hot security firm goes public".
9. Hackett, Robert. (May 6, 2016). "FireEye Names New CEO".
10. (September 20, 2013). "FireEye's price more than doubles on Wall Street after eye-popping IPO". [[The Mercury News]].
11. (November 28, 2012). "FireEye names former McAfee exec Dave DeWalt as CEO, plans IPO".
12. Kelly, Meghan. (August 5, 2013). "FireEye brings more legitimacy to new security solutions with IPO filing".
13. Westervelt, Robert. (January 10, 2013). "FireEye Scores $50M Funding, Beefs Up Executive Team".
14. Bort, Julie. (January 10, 2013). "Now Worth $1.25 Billion, FireEye Is The Next Hot Enterprise Startup To Watch".
15. (January 3, 2014). "FireEye Computer Security Firm Acquires Mandiant".
16. (January 2, 2014). "FireEye Buys Mandiant For $1 Billion In Huge Cyber Security Merger".
17. "FireEye has become Go-to Company for Breaches".
18. Enzer, Georgina. "FireEye Inc steps into the Middle East".
19. (November 15, 2018). "Security Watch: FireEye appoints first ever Asia Pac president".
20. Brewster, Tom. (March 17, 2011). "FireEye looks to break into UK".
21. Doyle, Kirsten. (August 7, 2013). "FireEye opens local office".
22. de la Merced, Michael J.. (March 10, 2014). "With Its Stock Riding High, FireEye Sells More Shares for $1.1 Billion".
23. Miller, Ron. (May 6, 2014). "FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite".
24. Finkle, Jim. (January 20, 2016). "FireEye buys cyber intelligence firm iSight Partners for $200 million".
25. Hackett, Robert. (January 20, 2016). "FireEye Makes a Big Acquisition".
26. Kuchler, Hannah. (January 20, 2016). "FireEye bulks up for 'cyber arms race'".
27. Morgan, Steve. (February 2, 2016). "FireEye acquires Invotas; Who's next?".
28. Beckerman, Josh. (February 2, 2016). "FireEye Buys Invotas International".
29. Wieczner, Jen. (August 5, 2016). "What FireEye's Stock Crash Says About Hacking".
30. Owens, Jeremy C.. (August 4, 2016). "FireEye plans layoffs as new CEO takes the helm, stock plunges".
31. Sharma, Vibhuti. (October 30, 2018). "FireEye earnings boosted by lower costs, higher subscriptions".
32. "McAfee Enterprise and FireEye are now called Trellix".
33. "FireEye Announces Sale of FireEye Products Business to Symphony Technology Group for $1.2 Billion".
34. FireEye's [https://www.fireeye.com/company/press-releases/2021/fireeye-announces-mandiant-relaunch-at-cds-2021-trade-as-mndt.html press release] {{Webarchive. link. (October 19, 2021 about relaunch of Mandiant in [[Nasdaq). NASDAQ]]
35. [https://www.fireeye.com/company/press-releases/2021/symphony-technology-group-announces-bryan-palma-appointment.html Symphony Technology Group Announces Bryan Palma Appointment]
36. Michael Novinson. (January 22, 2025). "Vishal Rao to Pull Double Duty as CEO of Trellix, Skyhigh".
37. Oltsik, Jon. (October 15, 2015). "FireEye Myth and Reality".
38. Weise, Elizabeth. (May 20, 2015). "FireEye has become go-to company for breaches".
39. (July 1, 2017). "Cybersecurity Firm FireEye's Revenue Beats Street".
40. Casaretto, John. (February 14, 2014). "FireEye launches a new platform and details Mandiant integration".
41. Kuranda, Sarah. (November 30, 2016). "FireEye Brings Together Security Portfolio Under New Helix Platform".
42. (May 6, 2016). "FireEye Forecasts Downbeat Results for Current Quarter; Shares Tumble (NASDAQ:FEYE) – Sonoran Weekly Review".
43. Cheng, Jacqui. (November 11, 2009). "Researchers' well-aimed stone takes down Goliath botnet". Ars Technica.
44. Wingfield, Nick. (March 18, 2011). "Spam Network Shut Down". Wall Street Journal.
45. "FireEye Blog | Threat Research, Analysis, and Mitigation". Blog.fireeye.com.
46. (July 19, 2012). "Cybercriminals no longer control Grum botnet, researchers say".
47. "Microsoft Security Bulletin Summary for October 2014". Microsoft.
48. (December 2, 2014). "Report: 'FIN4' hackers are gaming markets by stealing insider info". Washington Post.
49. (October 29, 2014). "'State sponsored' Russian hacker group linked to cyber attacks on neighbours". The Guardian.
50. (September 15, 2015). "Compromised Cisco routers spotted bimbling about in the wild". The Register.
51. Goodin, Dan. (September 11, 2015). "Security company litigates to bar disclosure related to its flaws".
52. "Acknowledgments – 2015". Microsoft.
53. "Security updates available for Adobe Flash Player". Adobe.
54. (September 29, 2016). "Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business". CSO.
55. (June 25, 2016). "China's Cyber Spying on the U.S. Has Drastically Changed". Fortune.
56. (June 2, 2016). "There's a Stuxnet Copycat, and We Have No Idea Where It Came From". Motherboard.
57. "Security updates available for Adobe Flash Player". Adobe.
58. (May 5, 2016). "Critical Qualcomm security bug leaves many phones open to attack". Ars Technica.
59. (April 20, 2016). "What one criminal gang does with stolen credit cards". CNBC.
60. "CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API". Microsoft.
61. (August 23, 2018). "How FireEye Helped Facebook Spot a Disinformation Campaign".
62. (December 8, 2020). "FireEye hacked, red team tools stolen".
63. (December 8, 2020). "FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State".
64. agencies, Guardian staff and. (December 9, 2020). "US cybersecurity firm FireEye says it was hacked by foreign government".
65. "Russia's FireEye Hack Is a Statement—but Not a Catastrophe".
66. "fireeye/red_team_tool_countermeasures".
67. (December 15, 2020). "Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit". The New York Times.
68. (2020-12-15). "SolarWinds Orion: More US government agencies hacked".
69. Allen, Mike, ''[https://www.axios.com/newsletters/axios-am-d4d77f20-c35e-492f-8b9a-babd95007cc9.html Russia hacked from inside U.S.]'', Axios, January 3, 2021
70. "Bracing for cyber-spying at the Olympics".
71. "Russia and China ramping up cyber threats: Trellix CEO".
72. "Trellix finds OneDrive malware targeting government officials in Western Asia".
73. (January 2, 2014). "FireEye Computer Security Firm Acquires Mandiant". The New York Times.
74. Miller, Ron. (May 8, 2014). "FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite".
75. Lennon, Mike. (2016-01-20). "FireEye Acquires iSIGHT Partners in $275 Million Deal".
76. Beckerman, Josh. (2016-02-02). "FireEye Buys Invotas International". Wall Street Journal.
77. Panettieri, Joe. (2020-05-30). "FireEye's The Email Laundry: End of Life Migration Plan for Partners -".
78. Otto, Greg. (2018-01-12). "FireEye acquires X15 software to boost big data capabilities".
79. Novinson, Michael. "FireEye Buys Startup Verodin For $250M To Find Security Gaps {{!}} CRN".
80. Lennon, Mike. (2020-01-21). "FireEye Acquires Cloud Governance Firm Cloudvisory".
81. Coble, Sarah. (2020-11-20). "FireEye Acquires Respond Software".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::