Trellix, a global cybersecurity company, has launched Trellix SecondSight, a new threat hunting service designed to proactively detect subtle, low-noise advanced threats that often evade traditional security systems, aiming to reduce organizational risk for its customers.

Trellix SecondSight provides security analysts with an additional layer of oversight, actively monitoring for weak signals that are frequently missed by automated systems. This initiative addresses the growing challenge of alert fatigue among security analysts, exacerbated by the increasing use of artificial intelligence by threat actors.

John Fokker, VP Threat Intelligence Strategy at Trellix, stated, “Threat actors’ use of AI has significantly increased alert fatigue for security analysts. While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a ‘second set of eyes’ to actively monitor for these low-noise signals, acting as a force multiplier.”

The service is specifically designed to expose these “weak signals” that bypass conventional defenses, such as those observed in the APT28 multi-stage espionage campaign. Trellix SecondSight integrates human intuition with AI-driven analytics, processing telemetry data from Trellix EDR, Trellix Email Security Cloud, and Trellix NDR. Trellix Threat Hunters leverage this combination to identify sophisticated threats and deliver proactive notifications to security operations teams, enhancing their ability to preempt adversaries and improve overall Trellix detection capabilities.

Key benefits of Trellix SecondSight include identifying emerging threats by correlating subtle, low-confidence signals with internal intelligence holdings to uncover critical evidence of intrusions that automated filters might dismiss. It also augments intelligence for security teams by providing additional visibility and early warnings across endpoint, network, and email telemetry. Furthermore, the service aims to defend with precision, combining Trellix’s global AI-driven analytics with human expertise to interpret subtle indicators of active breaches that automated tools may surface but struggle to fully understand.

Niklas Chachalatos, Business Manager Security Services at Advania Sweden, commented on the new offering, stating, “Proactive, actionable threat intelligence is no longer a nice-to-have; it’s a necessity for keeping pace with advanced actors. Trellix SecondSight goes a level deeper, proactively hunting for threats for our customers and providing actionable guidance to thwart attacks and build cyber resilience.”

Coinciding with the launch, Trellix also released the Trellix SecondSight Threat Hunting Report, which details five critical campaigns observed last year and offers recommendations for defense. The report highlights use cases such as the UTA0355 spear-fishing campaign, which demonstrates actors’ shift to OAuth abuse to circumvent perimeter security, emphasizing the need to cross-reference public threat intelligence with telemetry using campaign patterns, infrastructure indicators of compromise (IOCs), and targeting profiles. Insights from Trellix SecondSight, expert threat hunters, and a global network of telemetry and intelligence reinforce the importance of proactive hunting against modern threats including targeted espionage, OAuth abuse, and zero-day exploits.

Trellix, headquartered in San Jose, California, is a global company focused on redefining cybersecurity through an open and native cybersecurity platform. The company employs artificial intelligence, automation, and analytics to support over 50,000 business and government customers in protecting their operations.