Ep117: Breaking Down Silos: Trellix's AI-Driven Security Operations

Trellix formed from McAfee Enterprise and FireEye merger

Provides full security stack visibility in single platform

Serves SMBs to Fortune 500 and government customers

Used machine learning for two decades with 30 models

Recently pivoted to generative AI with Wwise platform

AI finds critical events among thousands daily alerts

Incorporates threat hunting knowledge into AI prompt structures

AWS Bedrock central to AI strategy for model flexibility

Formed small tiger team to investigate generative AI

Anthropic Claude provided breakthrough "aha moments" for capabilities

Adopted "fail fast, learn fast" innovation culture approach

Enabled employee access to models through Bedrock API

Conducted innovation jam sessions with VC-style pitches

AI decoded Base64 without prompting, identified benign activity

Junior analysts elevated to level two with AI

Common misconception: models train on customer data falsely

Early challenge: providing too much data overwhelmed models

Smaller models hallucinated more with plausible-sounding responses

Design partner programs help prioritize product development

Democratize AI access beyond just technical teams

Test multiple models for specific use cases

Large models work better than small ones initially

Prompt engineering crucial for effective model communication

Model Context Protocol will gain traction next year

Backend data security remains largely unsolved challenge

Federal customers require on-premises, air-gapped AI solutions