Trellix XDR Kick Start Guide
Trellix XDR Kick Start Guide
Value Proposition..................................................................................................................................................................................................................................................................................................................................................................................................................... 7
Differentiators .....................................................................................................................................................................................................................................................................................................................................................................................................................8
Overall Benefits ..................................................................................................................................................................................................................................................................................................................................................................................................................8
Benefits and Outcomes for Each Persona ..............................................................................................................................................................................................................................................................................................................................................9
How to Quote XDR .............................................................................................................................................................................................................................................................................................................................................................................................................. 10
Objection Handling...............................................................................................................................................................................................................................................................................................................................................................................................................12
2
Welcome!
This Kick-Start Guide is to help you sell the value of extending XDR to your EDR customers.
• Share why your customers will want to extend their detection and response beyond endpoint.
• Start the conversations sooner. Sell more now.
• More information and resources to come! (i.e., The XDR Sales Play.)
Trellix XDR provides a simplified and insightful security operations experience for effective extended threat detection and response to
rapidly stop attacks and keep organizations safe. It and provides a security
operations experience to .
3
• MV6 install-base customers
o Mid-market to large organizations with mid-maturity level (developing) SOCs likely with a few analysts and limited SOC
processes in place
Ideal Profile
• Enterprises in the process of bringing their SOC to the next level:
o Insufficient resources and competencies
o Limited hunting and investigation skills
o Highly reactive
o Struggle with technology and may have too many tools trying to solve their problems
o Entry-level to mid-experience analysts
Personas
• SecOps and Security Operations Centers (SOCs)
• CIO / CISO
4
o Concerns: Business risks and costs
• SOC Manager
o Concerns: Finding and security data and SOC team efficiency
• SOC Analyst
o Concerns: Business continuity and end user experience
Below are key questions you can ask during the discovery phase.
•
1. Are your current capabilities covering your attack surfaces?
•
1. How is your team dealing with the daily number of alerts?
•
1. What is your current approach for detecting breaches and attacks?
Below are the key responses to listen for during customer discussions:
• Too many tools / disparate tools (the average number of tools inside an organization could be 150 to 200)
• Too many people to coordinate / manage
• Manually coordinating and analyzing events and alerts
• Too many alerts to manage from multiple sources with slow response times or missing alerts altogether
• Relying on external enrichment and external hunting
• Lack visibility and control
6
Buyers want a simplified, insightful platform to:
Trellix XDR correlates multiple data sources (i.e., web, threat intelligence, etc.) and brings together all the alerts into a simple, storyboard
view.
Trellix XDR provides the most comprehensive native and open XDR that extends detection and response beyond the endpoint and
simplifies the SecOps experience to rapidly stop multi-vector attacks.
7
Differentiators
Trellix Endpoint is a critical pillar and Empowers analysts (L1 – L3) for Preempt threats with prescriptive
natively integrates in Trellix XDR. easier and faster attack mitigation. and actionable guidance to optimize
security posture.
Overall Benefits
• Improved detection
• Better alerts prioritization
• Accelerated response
• Reduce risks and costs
• Boosted SOC productivity with guided and automated workflows
• Actionable threat intelligence to help prioritize and respond to threats
8
Benefits and Outcomes for Each Persona
Higher level of SOC Maturity reduces Improved SOC Efficiency and Empowers the analyst and streamlines
risk Effectiveness workflows
9
Below is what to quote and include on your order form for your MV6 customers who want to extend their capabilities with Trellix XDR.
10
Most Comprehensive Native and Open XDR
• Native correlation with endpoint, email, • M365 Defender has limited integrations • Missing extended native integration like
network, and cloud. and no customizable playbooks. email and network.
Integration with CWPP/CSPM requires
• 600+ possible data sources. Sentinel. • Less open integrations compared to
Trellix. CrowdStrike has about 20 open
• Customers need MS Sentinel to get integrations.
integrations and customizable
playbooks introducing commercial and
technical complexity.
2. I already have several security tools and platforms. So why do I need Trellix XDR?
a. Trellix brings a living XDR architecture that adapts at the speed of threat actors and delivers advanced cyber threat
intelligence. As a result, Trellix is changing what security means and what it can do, giving everyone in your organization
the confidence that comes with being more secure every day.
Trellix XDR can boost your existing security controls by unifying detection and response, so they work together to
protect against multi-vector threats. It provides a simplified and insightful security operations experience for effective
extended threat detection and response to keep organizations safe. The platform eliminates blind spots using native and
open APIs to integrate with existing security controls seamlessly, detects and prioritizes emerging high-impact threats
leveraging real-time, ML and AI-driven security analytics and streamlines threat investigations with an intuitive, guided
solution built for security analysts by security analysts.
5. How does Trellix XDR go about providing faster, more accurate detection?
a. Trellix XDR detects and prioritizes emerging, high-impact threats leveraging real-time, ML and AI-driven security analytics
that evolve at the speed of your adversaries, enabling living protection. Trellix has a broader and deeper understanding of
the telemetry from many control points (endpoint, email, network, data) since we offer these controls. This drives better
detection. Customers can gain actionable intelligence for guided threat hunting and preemptive prevention based on
environmental indicators, adjusting for approaching threats and responding to existing attacks. In addition, Trellix XDR
learns and adapts at the speed of threat actors with immediate, meaningful insights, constantly updated, based on the
changing threat landscape.
b. Trellix XDR enriches data against its comprehensive intelligence making sure it is pertinent to your environment (a key
differentiator for Trellix).
13
Below are a few FAQs. For more information, check out the full internal FAQs here. It includes information on Helix, Xconsole, SIEM &
XDR, Playbooks, Integrations, Management, Threat Intelligence, Data Management & Storage, Competitors, MSSP,
Support/Services/Training, and Pricing.
• Can we offer a teaser or sampler to customers so they can see how XDR would be helpful if they buy/upgrade?
o There will be an XDR trial offering at GA—it is live today. Open a ticket and product management will generate a
federated console for use with customers.
• Will support be available and who will be delivering post-sale support for XDR?
o There is a ranges of support options from Trellix and Trellix partners that offer deployment support to consultative and
best practices.
• Does XDR add any value on top of just running MVISION EDR?
o XDR goes beyond the endpoint for detection and response. This is helpful with the more advanced threats that leverage
multi-vector approach.
• How do we best position XDR to customers who already use a SIEM (Qradar, Siemplify, etc.)? How do we coexist with
customers who have an existing SIEM?
o Trellix XDR can ingest and aggregate insights from many existing SIEM products. Trellix XDR distills and filters the insights
from SIEM and other sources from a threat-centric view with a laser focus on detection and response.
14
• Can Trellix XDR replace a SIEM or do customers need to buy it along with XDR?
o It depends on the use case desired. Trellix XDR excels at fast and accurate detection and response. SIEMs can augment
Trellix XDR. Most SIEMS are quite useful in security monitoring with large data amounts for compliance and have
attempted to deliver incident response but do not have agility that XDR has. Trellix XDR pulls the necessary data to move
quickly to accurate detection and response.
• Will partners have the ability to create playbooks on behalf of their customers?
o Trellix XDR will have the option to customize playbooks. A partner may leverage to service their customers.
15
• XDR Platform Sales Collateral Hub Page
• The Competitive Intelligence Center
• Trellix XDR Website Product Page
• EDR to XDR Pitch (new)
• XDR Value Discovery Guide
• XDR Pitch Deck
• XDR How to Sell Deck
• XDR Solution Overview
• Internal Sales FAQ on Trellix XDR
16