Worawut - stock.adobe.com

FireEye, McAfee Enterprise relaunch as XDR-focused Trellix

Though the new company is a combination of two high-profile security vendors, private equity firm STG relaunched the merger under an entirely different name.

Symphony Technology Group relaunched the FireEye and McAfee Enterprise merger as Trellix, a new cybersecurity vendor focused on the competitive extended detection and response market.

In June, STG bought FireEye for $1.2 billion following its split from Mandiant. The next month, a consortium led by STG acquired McAfee Enterprise for $4 billion. Then in September, the private equity firm announced it would combine the product lines of FireEye and McAfee into a single entity, which was finalized in October.

The new company will offer extended detection and response (XDR) to Trellix's more than 40,000 combined business and government customers, according to the press release. Trellix told SearchSecurity that it will offer both McAfee and FireEye XDR products as versions of Trellix XDR, and will eventually integrate the two into one version; FireEye just released its own XDR offering last August.

Over the past few years, many companies have entered the XDR arena. For example, in October, Cybereason and Google Cloud combined for a new cloud-native XDR service through Google Chronicle. Chris Steffen, research director at Enterprise Management Associates, referred to the XDR market as "crowded."

While the FireEye and McAfee merger came as no surprise to infosec analysts, the XDR focus and renaming raised several questions.

Dave Gruber, analyst at Enterprise Strategy Group (ESG), a division of TechTarget, said that while he is a believer in the XDR movement, he is not a fan of this announcement. On one hand, he understands the new team is looking to narrow their focus. On the other, rallying the entire company around XDR will end up being shortsighted over time, he said.

"Good to attach your wagon to an important, trending agenda, however coming at it from a position of differentiation may be a tall order for Trellix," Gruber said in an email to SearchSecurity.

Steffen told SearchSecurity that STG has been working to become a significant security vendor since the FireEye and McAfee merger, and Trellix is a logical extension of its combined security portfolio and existing security talent. Despite the XDR influx, Steffen said he hopes STG will be able to provide some interesting innovations within the market and improve on the overall effectiveness of their combined offerings.

Eric Parizo, principal analyst at Omdia, had concerns about the move. Though Parizo thought the combination of FireEye and McAfee Enterprise was a great move at the time of the merger, noting several overlaps between the companies in key areas such as endpoint, network security and SIEM, the relaunch Wednesday highlighted new challenges.

"I think they are making two disastrous strategic decisions right out of the gate: first with the rebranding, and then with the somewhat downplayed decision to split off the security service edge business into its own separate company," Parizo said in an email to SearchSecurity.

In the Trellix announcement, STG also revealed that later this quarter it will relaunch the McAfee Enterprise Security Service Edge (SSE) portfolio as a separate business, which will include its cloud access security broker and zero-trust network access offerings.

One reason for which Parizo marked the move as a mistake is the importance of cybersecurity for the cloud and from the cloud, which he referred to as an "enterprise imperative." Without the SSE technology, Parizo said, it will be more difficult for Trellix to weave the necessary cloud-specific capabilities into the rest of its legacy product portfolio.

"With this move, it is difficult to conceptualize how Trellix can effectively modernize its portfolio and successfully compete with other top-tier cybersecurity vendors," Parizo said. "Unfortunately, it seems the desire by STG to turn a quick profit by splitting the company so soon has won out."

As for the rebranding, Parizo said he's on record in the past as saying that it would be "absolutely idiotic" if Trellix CEO Bryan Palma abandoned the FireEye name because of how established and respected it is.

"I believe that analysis rings even more true now. The FireEye name can open doors. The Trellix name has no clear connection to security, and it doesn't help articulate what the company actually is or does," Parizo said. "Ultimately, Omdia believes the Trellix rebrand will prove to be a costly mistake."

While Gruber said distinguishing itself may be tough for Trellix, Jon Oltsik, ESG analyst, believes the wide portfolio, integrations and partnerships, as well as the broader XDR definition, are the differentiation. Trellix wants XDR to enable the inclusion of threat prevention offerings, he said, in addition to traditional threat detection and response.

"The definition of XDR is still in flux in the industry (though not at ESG) so I believe that Trellix wants to capitalize on both the popularity of the term and the uncertainty," Oltsik said in an email to SearchSecurity.

Dig Deeper on Threat detection and response

Enterprise Desktop
Cloud Computing