Copyright © 2023 Musarubra US LLC

What is Trellix XDR? ...............................................................................................................................................................................................................................................................................................................................................................................................................3

Common Customer Challenges .........................................................................................................................................................................................................................................................................................................................................................................3

Target Audience for EDR to XDR Play................................................................................................................................................................................................................................................................................................................................................................. 4

Market Opportunity (Size of the Prize) ....................................................................................................................................................................................................................................................................................................................................................... 4

Organizational Profiles and Personas ........................................................................................................................................................................................................................................................................................................................................................... 4
Discovery Questions.............................................................................................................................................................................................................................................................................................................................................................................................................5

Solution Overview ................................................................................................................................................................................................................................................................................................................................................................................................................... 7

Value Proposition..................................................................................................................................................................................................................................................................................................................................................................................................................... 7
Differentiators .....................................................................................................................................................................................................................................................................................................................................................................................................................8
Overall Benefits ..................................................................................................................................................................................................................................................................................................................................................................................................................8
Benefits and Outcomes for Each Persona ..............................................................................................................................................................................................................................................................................................................................................9
How to Quote XDR .............................................................................................................................................................................................................................................................................................................................................................................................................. 10

Competitive Intelligence .................................................................................................................................................................................................................................................................................................................................................................................................11

Objection Handling...............................................................................................................................................................................................................................................................................................................................................................................................................12

Collateral / Content ........................................................................................................................................................................................................................................................................................................................................................................................................... 16

Who to Contact ..................................................................................................................................................................................................................................................................................................................................................................................................................... 16

2
Welcome!

This Kick-Start Guide is to help you sell the value of extending XDR to your EDR customers.

• Share why your customers will want to extend their detection and response beyond endpoint.
• Start the conversations sooner. Sell more now.
• More information and resources to come! (i.e., The XDR Sales Play.)

Trellix XDR provides a simplified and insightful security operations experience for effective extended threat detection and response to
rapidly stop attacks and keep organizations safe. It and provides a security
operations experience to .

Common Customer Challenges

• Unable to see and control all threat vectors

• Medium SOC maturity is inefficient (missing alerts, slow MTTD and MTTR)
• Pressure to increase SOC maturity to decrease risk

3
 • MV6 install-base customers
o Mid-market to large organizations with mid-maturity level (developing) SOCs likely with a few analysts and limited SOC
processes in place

Market Opportunity (Size of the Prize)

• Market size = $2.9B and CAGR = 69.5% (source: IDC 2022)

o 1,585 MV6 customers
• Gartner: “By year-end 2027, XDR will be used by up to 40% of end-user organizations, up from less than 5% today.”

Organizational Profiles and Personas

Ideal Profile
• Enterprises in the process of bringing their SOC to the next level:
o Insufficient resources and competencies
o Limited hunting and investigation skills
o Highly reactive
o Struggle with technology and may have too many tools trying to solve their problems
o Entry-level to mid-experience analysts

Personas
• SecOps and Security Operations Centers (SOCs)

• CIO / CISO

4
 o Concerns: Business risks and costs

• SOC Manager
o Concerns: Finding and security data and SOC team efficiency

• SOC Analyst
o Concerns: Business continuity and end user experience

Below are key questions you can ask during the discovery phase.

•
1. Are your current capabilities covering your attack surfaces?

2. What threats and vectors most concern you?

3. What are the weaknesses you are trying to address?

4. Where do you spend most of your time?

5. How would better visibility impact your security operations?

•
1. How is your team dealing with the daily number of alerts?

2. How do you prioritize and respond to alerts?

3. What is your response time for high-priority alerts?

5
 4. What resources do you need to mitigate attacks?

•
1. What is your current approach for detecting breaches and attacks?

2. What detection and prioritization methods would you like to add?

3. What methods do you use to prioritize alerts?

4. What are your priorities for reducing human error?

Below are the key responses to listen for during customer discussions:

• Too many tools / disparate tools (the average number of tools inside an organization could be 150 to 200)
• Too many people to coordinate / manage
• Manually coordinating and analyzing events and alerts
• Too many alerts to manage from multiple sources with slow response times or missing alerts altogether
• Relying on external enrichment and external hunting
• Lack visibility and control

6
Buyers want a simplified, insightful platform to:

• Simplify threat management

• Delivers actionable threat intelligence
• Improve detection effectiveness
• Enable immediate automated responses
• Accelerate attack mitigation

Trellix XDR correlates multiple data sources (i.e., web, threat intelligence, etc.) and brings together all the alerts into a simple, storyboard
view.

Trellix XDR provides the most comprehensive native and open XDR that extends detection and response beyond the endpoint and
simplifies the SecOps experience to rapidly stop multi-vector attacks.

• Insightful visibility across different security threat vectors

• Simplified analysis with automated data aggregation and correlation
• Fast & Accurate Detections
• Automate Attack Mitigation and Preventions

7
Differentiators

correlation enables insightful workflows • Enrich and accelerate

visiblity and response investigations
Pre-built, automated response
• Broader visiblity across siloed tools playbooks (no bolt-on SOAR) likely threats and mitigate
attacks
(with professioanl
proven track record services) playbooks • From Trellix customers and
our Advanced Research Center

Trellix Endpoint is a critical pillar and Empowers analysts (L1 – L3) for Preempt threats with prescriptive
natively integrates in Trellix XDR. easier and faster attack mitigation. and actionable guidance to optimize
security posture.

Overall Benefits

• Improved detection
• Better alerts prioritization
• Accelerated response
• Reduce risks and costs
• Boosted SOC productivity with guided and automated workflows
• Actionable threat intelligence to help prioritize and respond to threats

8
Benefits and Outcomes for Each Persona

Higher level of SOC Maturity reduces Improved SOC Efficiency and Empowers the analyst and streamlines
risk Effectiveness workflows

• Leverage existing endpoint • SOC gains comprehensive • Automated correlation and

investment visibility & control across vectors prioritized alerts cross all vectors
– allows analysts to focus on what
• Holistic understanding of security • Automation moves the analyst to matters
posture a faster resolution
• Centralized access to critical
• Improved SOC metrics (better • Streamline existing endpoint tools controls telemetry and data
MTTD, MTTR) improves efficiency and reduces
risk

9
Below is what to quote and include on your order form for your MV6 customers who want to extend their capabilities with Trellix XDR.

1. Priced by per user

a. Included:
i. Native telemetry
ii. 90 days of storage
iii. Trellix Insights
iv. Response Actions
2. Optional Add-Ons:
a. Extended storage (extend 90 days of storage up to 13 months – per GB per day rate)
b. Third-party telemetry (open) – charged per GB per day rate
i. For example, a customer partners with a 3rd-party (i.e., Proofpoint) and pays for the data that is sent to the back-
end.
c. Quick Start Services
d. Advisory Services Subscription

10
 Most Comprehensive Native and Open XDR
• Native correlation with endpoint, email,
network, and cloud.
• 600+ possible data sources.
• Easily view related alerts and assets.
• Native integration and direct access to
endpoints provides faster and more
detailed investigation and response
capabilities.
• Proactive prescriptive guidance to
optimize endpoint configurations
relative to relevant threat campaigns
reduces alert fatigue in the SOC.
11
• M365 Defender has limited integrations
and no customizable playbooks.
Integration with CWPP/CSPM requires
Sentinel.
• Customers need MS Sentinel to get
integrations and customizable
playbooks introducing commercial and
technical complexity.
Superior Analyst Experience
• Noisy and generic endpoint alerting
and complex XDR interface.
• Limited response options at scale, less
control.
Actionable Threat Intelligence
• Threat Intelligence isn’t customizable
to prioritize proactive actions.
• Missing extended native integration like
email and network.
• Less open integrations compared to
Trellix. CrowdStrike has about 20 open
integrations.
• Complex to use.
• Missing direct access to clients at scale
for deeper visibility and forensic
investigations.
• Threat Intelligence is customizable but
is an extra cost and doesn’t provide
prescriptive guidance to optimize
endpoints.
 1. Is Trellix XDR just a rebranding of Helix?
a. Trellix XDR is a new set of capabilities featuring an open and native extended detection and response (XDR) platform. It is
to help organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of
their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine
learning and automation to empower over 40,000 business and government customers with living security.

2. I already have several security tools and platforms. So why do I need Trellix XDR?
a. Trellix brings a living XDR architecture that adapts at the speed of threat actors and delivers advanced cyber threat
intelligence. As a result, Trellix is changing what security means and what it can do, giving everyone in your organization
the confidence that comes with being more secure every day.

Trellix XDR can boost your existing security controls by unifying detection and response, so they work together to
protect against multi-vector threats. It provides a simplified and insightful security operations experience for effective
extended threat detection and response to keep organizations safe. The platform eliminates blind spots using native and
open APIs to integrate with existing security controls seamlessly, detects and prioritizes emerging high-impact threats
leveraging real-time, ML and AI-driven security analytics and streamlines threat investigations with an intuitive, guided
solution built for security analysts by security analysts.

3. I don’t see the value/benefit in extending to XDR.

a. The value is in improving your existing security controls, so they work together, cohesively, even better than before to
help protect you against multi-vector threats.

4. I already have SIEM product. Why do I need Trellix XDR?

a. Trellix XDR offers an easier approach than SIEM. Trellix XDR can ingest SIEM data, helping to remove SIEM complexity.
SIEMs have difficulty separating signals from noise, resulting in many false positives. Trellix XDR is more effective at
finding threats and providing meaningful responses (automated or ad hoc), data/telemetry correlation, guided
12
 investigation, and actionable intelligence backed by a research team. Trellix removes alert fatigue and guides your SOC to
act on critical alerts. It delivers a strong level of integration with Endpoint, Email, Cloud, Identity, Network and Threat
Intelligence with a keen focus on threat detection and response. Simplifies the effort with a unified console and workflow.

5. How does Trellix XDR go about providing faster, more accurate detection?
a. Trellix XDR detects and prioritizes emerging, high-impact threats leveraging real-time, ML and AI-driven security analytics
that evolve at the speed of your adversaries, enabling living protection. Trellix has a broader and deeper understanding of
the telemetry from many control points (endpoint, email, network, data) since we offer these controls. This drives better
detection. Customers can gain actionable intelligence for guided threat hunting and preemptive prevention based on
environmental indicators, adjusting for approaching threats and responding to existing attacks. In addition, Trellix XDR
learns and adapts at the speed of threat actors with immediate, meaningful insights, constantly updated, based on the
changing threat landscape.

b. Trellix XDR enriches data against its comprehensive intelligence making sure it is pertinent to your environment (a key
differentiator for Trellix).

13
Below are a few FAQs. For more information, check out the full internal FAQs here. It includes information on Helix, Xconsole, SIEM &
XDR, Playbooks, Integrations, Management, Threat Intelligence, Data Management & Storage, Competitors, MSSP,
Support/Services/Training, and Pricing.

• Can we offer a teaser or sampler to customers so they can see how XDR would be helpful if they buy/upgrade?
o There will be an XDR trial offering at GA—it is live today. Open a ticket and product management will generate a
federated console for use with customers.

• When is the best time to start positioning XDR to large providers?

o Today. Large and advanced organizations have established processes that can be enhanced by Trellix XDR.

• Will support be available and who will be delivering post-sale support for XDR?
o There is a ranges of support options from Trellix and Trellix partners that offer deployment support to consultative and
best practices.

• Does XDR add any value on top of just running MVISION EDR?
o XDR goes beyond the endpoint for detection and response. This is helpful with the more advanced threats that leverage
multi-vector approach.

• How do we best position XDR to customers who already use a SIEM (Qradar, Siemplify, etc.)? How do we coexist with
customers who have an existing SIEM?
o Trellix XDR can ingest and aggregate insights from many existing SIEM products. Trellix XDR distills and filters the insights
from SIEM and other sources from a threat-centric view with a laser focus on detection and response.

14
 • Can Trellix XDR replace a SIEM or do customers need to buy it along with XDR?
o It depends on the use case desired. Trellix XDR excels at fast and accurate detection and response. SIEMs can augment
Trellix XDR. Most SIEMS are quite useful in security monitoring with large data amounts for compliance and have
attempted to deliver incident response but do not have agility that XDR has. Trellix XDR pulls the necessary data to move
quickly to accurate detection and response.

• Will partners have the ability to create playbooks on behalf of their customers?
o Trellix XDR will have the option to customize playbooks. A partner may leverage to service their customers.

• Can we offer long-term storage?

o Trellix XDR Extended Data Storage add-on module can be extended to 13 months, 5 years, or 7 years.

15
 • XDR Platform Sales Collateral Hub Page
• The Competitive Intelligence Center
• Trellix XDR Website Product Page
• EDR to XDR Pitch (new)
• XDR Value Discovery Guide
• XDR Pitch Deck
• XDR How to Sell Deck
• XDR Solution Overview
• Internal Sales FAQ on Trellix XDR

• Product Marketing: Kathleen Trahan

• Sales Engineering: Tom Los
• SecOps and XDR: Pawan Bajaj
• XDR and Helix: Rob Cappiello
• XDR Analytics (L1 SOC): Randy Kersey
• Professional Services: Zak Krider
• XDR Investigations (L2/3 SOC): Henrik Olson
• XDR Ingest and Platform: Don Goodman
• Trellix Insights: Ryan Delaney
• EPO: Hitesh Menghnani
• Sales Enablement: Carl Thaw

16