Trellix has introduced SecondSight, a new proactive threat hunting service designed to help organizations identify advanced cyber threats that often bypass traditional security detection tools. With cyber attackers increasingly using artificial intelligence to evade detection, organizations are facing growing alert fatigue. Therefore, Trellix developed SecondSight to act as an additional intelligence layer that helps security teams detect subtle and low-noise threat signals before they escalate into major incidents.

As cyber threats become more sophisticated, attackers are relying on stealth techniques that blend into normal system activity. For example, multi-stage campaigns such as APT28 espionage operations demonstrate how attackers can bypass conventional security controls by operating quietly over extended periods. To address this challenge, Trellix combines human threat hunting expertise with AI-powered analytics to analyze telemetry data collected from Trellix EDR, Trellix Email Security Cloud, and Trellix NDR solutions. As a result, organizations gain earlier visibility into suspicious activity and can respond faster to potential breaches.

“Threat actors’ use of AI has significantly increased alert fatigue for security analysts,” said John Fokker, VP Threat Intelligence Strategy, Trellix. “While automated systems flag high-level alerts, they often miss subtle, low-noise signals enabling actions like lateral movement. Trellix SecondSight is a critical component, offering analysts a ‘second set of eyes’ to actively monitor for these low-noise signals, acting as a force multiplier.”

Cyber Technology Insights: Niagara Networks Partners with Trellix to Boost Network Visibility and Threat Detection

Moreover, SecondSight focuses on identifying weak signals that automated security tools often dismiss as background noise. Trellix threat hunters correlate these signals with internal intelligence data to detect early indicators of compromise. In addition, the service provides security teams with deeper visibility across endpoints, networks, and email environments. By working alongside internal security teams, Trellix hunters help organizations detect attacker movements earlier and reduce dwell time.

Another key advantage of SecondSight is its ability to combine global AI-driven analytics with experienced human investigators. This hybrid approach enables Trellix to identify subtle breach indicators that automated tools might detect but cannot fully interpret. Consequently, customers receive actionable alerts and proactive threat notifications that help them prevent attacks before damage occurs.

“Proactive, actionable threat intelligence is no longer a nice-to-have; it’s a necessity for keeping pace with advanced actors,” said Niklas Chachalatos, Business Manager Security Services at Advania Sweden. “Trellix SecondSight goes a level deeper, proactively hunting for threats for our customers and providing actionable guidance to thwart attacks and build cyber resilience.”

Cyber Technology Insights: Trellix Announces No-Code Security Workflows for Faster Investigation and Response

Additionally, Trellix released its SecondSight Threat Hunting Report, which outlines the top five critical cyber campaigns observed last year. For instance, the report highlights the UTA0355 spear-phishing campaign, which demonstrated how attackers shifted to OAuth abuse techniques to bypass perimeter security controls. The findings emphasize the importance of correlating public threat intelligence with internal telemetry data using campaign behavior patterns, infrastructure indicators of compromise, and targeting strategies.

Overall, Trellix SecondSight represents a shift toward proactive cyber defense strategies. As threat actors continue to use advanced evasion techniques, organizations must adopt intelligence-driven hunting models. By combining AI technology, global telemetry, and human expertise, Trellix aims to help enterprises stay ahead of evolving cyber threats and strengthen their overall security posture.

Cyber Technology Insights: Trellix Expands Data Security to ARM-Based Windows Devices

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com