Trellix: Attack Path Discovery Now Available

APD maps and prioritizes attack paths to high-value targets by correlating vulnerability, asset, identity, configuration, and user activity data with adversary tactics and techniques. APD models how exposures chain together (such as lateral movement routes, privilege escalation paths, and identity misconfigurations) to show how an attacker could reach critical systems. Paths are recalculated continuously as infrastructure and configurations change.

Capabilities

• Automatic attack path mapping: Helps to identify critical assets that need to be addressed BEFORE an attack by modeling how exposures connect across the environment, revealing multi-step paths to high-value targets including lateral movement routes, privilege escalation opportunities, and identity misconfigurations.
   
• Prioritizing risks in context: Simplifies remediation tasks by ranking attack paths by technical feasibility, asset sensitivity, and business impact rather than CVSS scores alone, reducing noise and focusing remediation on paths that affect critical systems.
   
• Continuously updates exposure risk: Provides real-time visibility by updating attack paths automatically as infrastructure, vulnerabilities, and configurations change. Paths adjust to reflect newly onboarded assets, applied patches, environmental drift, and newly disclosed CVEs.
   
• Integrated exposure context: Delivers a big picture analysis by correlating data from native scans and third-party vulnerability sources with identity, configuration, user activity, and asset data to show how individual weaknesses combine into potential attack chains.
   
• Scoping: Bounds analysis using sensitive asset policies, allowing discovery to focus on systems with defined business impact rather than the full asset inventory.

APD is available as an add-on to Trellix Endpoint Core, Essentials, and Enterprise product bundles for U.S. based ePolicy Orchestrator - SaaS deployments. 

For more information on this release, see the Release Notes.

Document links

• Release Notes
• Product Guide
• Supported platforms for Trellix Attack Path Discovery
• Trellix Attack Path Discovery 1.x known issue

Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.