Trellix last week announced the appointment of Aparna Rayasam as its new CPO to lead the extended detection and response (XDR) product innovation and oversee Trellix Threat Labs. The exec is also being tasked with continuing to integrate McAfee Enterprise and FireEye.

Rayasam previously worked at Akamai Technologies' Application Security business as SVP and GM. One of the reasons she decided to join Trellix is the vendor’s vision to offer “the world's best XDR,” she told SDxCentral. “It was almost like music.”

One week into the new role, one of her immediate tasks is to help Trellix’s XDR team continue integrating the platforms from McAfee Enterprise and FireEye.

The two software giants officially merged in October 2021 and rebranded as Trellix this January. Both FireEye and McAfee had rolled out their own XDR platforms before merging. 

FireEye’s cloud-native Helix XDR platform, launched last summer, provides security orchestration, automation, and response (SOAR); security incident and event management (SIEM); and correlation capabilities along with threat intelligence functions from Mandiant. McAfee's Mvision XDR platform builds on the vendor’s email security, endpoint detection and response (EDR), cloud, network visibility, and security technologies, along with its analytics engine and artificial intelligence (AI) for threat hunting and investigations.

Trellix’s XDR team is working to avoid duplication, Rayasam explained. “We definitely don't want to be exposing our customers to multiple options,” she said. “And in doing so my guidance to the team has been: let's pick the best customer experience … the best security posture,” and go with the service capturing more data.

The emerging XDR market is a crowded race. Major security vendors such as Fortinet, Palo Alto Networks, VMware, and Cisco have all rolled out XDR platforms or strategies. 

Rayasam touted Trellix’s differentiations are experienced endpoint and enterprise security experts, rich data, and the secret sauce — the vendor’s “living security” mantra that relies on strong research teams and keeps security products more automatically and continuously evolving. 

It “validates the thesis and predicts that Trellix came up with way ahead of everyone else,” she said. 

Cloud giants Google and Microsoft also made moves into field through acquisitions. Most recently, Google announced buying cyber defense and response vendor Mandiant, which spun off from FireEye last year. 

Trellix works with Mandiant for incident response, and the partnership will continue, at least for the short term. 

“There are obviously very close discussions going on with that,” Rayasam noted. “Nothing changes for the immediate term, at least for the next year or so. Beyond that … we will work with Mandiant and figure out the best path forward for our customers.”

With Mandiant’s split from FireEye and McAfee’s secure access service edge (SASE) business becoming Skyhigh Security, Trellix is in a period of re-envisioning its threat labs, Rayasam said.

She expects the lab team to have at least four major functions including providing the best security outcomes, detecting trends ahead of the market, testing adversarial resilience and awareness, and automating security functions. 

“We envision that the labs team will partner with every product team to provide intelligence and product research for those teams to stay security products current,” Rayasam said. “Obviously, there is a team within the labs team that is going to not be aligned to any product, we want them to be watching the industry at large and the world at large.”