Trellix Intrusion Prevention System

Trellix Intrusion Prevention System (IPS) is a network-based intrusion prevention system that detects and blocks malware threats across network infrastructure. The system combines signature-based detection with behavioral analysis techniques to identify both known and unknown threats. The platform supports deployment across hybrid environments including on-premises physical appliances, virtual instances, and cloud platforms such as AWS, Azure, and Oracle Cloud Infrastructure (OCI). Physical appliances provide throughput up to 100 Gbps, while cloud deployments integrate with AWS Gateway Load Balancer and Azure Gateway Load Balancer for automatic scaling. Detection capabilities include signature-based pattern matching, behavioral analysis, botnet and malware detection, DDoS prevention, and sandboxing through the Trellix IVX dynamic analysis engine. The system inspects encrypted traffic using SSL decryption with support for various encryption protocols including Diffie-Hellman and Elliptic-Curve Diffie-Hellman ciphers, achieving up to 90 Gbps throughput with 10% SSL traffic. The IPS+ version integrates with Trellix NDR (Network Detection and Response) to provide Layer 7 metadata and enable machine learning-based threat detection. The platform includes investigative workflows with dashboards for alert correlation and threat analysis. Real-time blocking capabilities mitigate threats across diverse network architectures. Management features include centralized configuration, custom IOC support, solution tuning, and incident response capabilities. The system is designed for NDR-ready deployments with GenAI-driven investigation support.