A Completely New Approach
Triumfant uses one-of-a-kind technology to detect, analyze and remediate malicious code in real time without the need for human intervention. Triumfant does not stop at real-time detection. Triumfant synthesizes a remediation to remove the malicious code and all of the artifacts and collateral damage associated with the attack, restoring configuration settings and registry attributes to return the machine its secure condition before the attack. Triumfant's sophisticated remediation capability means that a machine goes from infection to remediation in five minutes: no gaps in detection, no time lost analyzing the attack, no exposure waiting for someone to write a remediation script, and no need for costly re-imaging.
Re-writing the Security Automation Detect/Analyze/Act Cycle
Detect. Where the majority of endpoint security tools rely on prior knowledge of an attack to detect the attack, remediate the attack, or both, Triumfant Resolution Manager does not require a signature or any prior knowledge to detect malware. That is because Triumfant continually scans endpoint machines to spot unusual changes in sensitive areas of endpoint software that are consistent with the behavior and structure of malicious applications. Using granular change detection to trigger analysis to identify malware is completely unique in the industry and enables Triumfant to see attacks in real-time that traditional antivirus tools miss at a rate of fifty percent or higher, as well as spot the zero day and targeted attacks that no tools can see.
Analyze. Most tools only see incidents in the context of the affected machine, and can only complete the analysis and remediation if there is prior knowledge of the attack. Triumfant uses our patented analytics to analyze the incident in the context of the broader endpoint population and can effectively group all of the changes to a machine associated with each attack. This context is completely unique to the industry and empowers Triumfant to accurately detect attacks and eliminate the false positive problems that have plagued other attempts at using change detection. The depth and detail of the analysis also makes it possible to build situational and contextual remediations on the fly.
Act. With Triumfant's sophisticated remediation capability, malicious attacks are addressed in mere minutes instead of hours or days, reducing the damage done to the infected machines and minimizing lost productivity. While most AV software only removes the offending malicious code leaving dangerous conditions on the machine like open ports and altered firewall settings, Triumfant holistically remediates all of the collateral and associated damage from the attack, restoring the machine to pre-attack status. This is not done through images or rollbacks – Resolution Manager builds a concise, situational remediation that repairs every change to the machine on an attribute by attribute basis. Triumfant’s unique context enables patent pending donor technology that uses other machines in the endpoint population to provide donor replacements for missing or corrupted files.
Closing the Detection Gap
The ability to identify changes at the most granular level allows Triumfant to detect the attacks that other defenses either miss and the attacks designed specifically to evade existing defenses such as zero days, targeted attacks, and rootkits. Triumfant requires no prior knowledge of the attack in the form of signatures, behavioral patterns, or prevalence data. When an attack changes the affected machine it triggers immediate analysis that identifies all of the components of the attacks and builds a remediation specific to the attack. And Triumfant stands in that gap until new attacks can be analyzed and the appropriate action taken at the appropriate point defenses at the network or the desktop.
For a deeper discussion of the challenges of traditional endpoint protection tools in keeping up with the growing volume of new attacks, please see the Triumfant Worldwide Malware Signature Counter.
top
Benefits
Reduces Risk
The ability of Triumfant to see the attacks that evade other endpoint protections closes a significant gap in endpoint security and provides organizations protection from the affects of those attacks:.
- Triumfant detects and remediates the attacks that other protections cannot or do not see, creating a last line of defense against those attacks that make it through the traditional endpoint security tools.
- Triumfant reduces the gap from infection to remediation to five minutes or less. Note the use of infection, and not detection, as many products leave attacks undetected on machines for days, weeks, and even months.
- Triumfant continuously protects the endpoint population from newly discovered attacks until the proper course of action is determined in regards to updating the existing protections with the new knowledge about the attack.
Reduces Costs
Automating the detect/analyze/act cycle eliminates much of the human costs associated with addressing attacks and the continuous process of enforcing configurations.
- Triumfant reduces and often eliminates the costs of specialized security personnel to analyze the attack and build a remediation.
- Triumfant eliminates lost productivity waiting for human analysis and manual remediation.
- Triumfant eliminates the costs associated re-imaging infected machines.
Increases Situational Awareness.
The scan scope of Triumfant means that our solution continuously gathers and monitors more information than any other tool on the market. The Adaptive Reference Model built by our patented analytics has the secondary benefit of being the most extensive data store of granular endpoint data available. This information is available in actionable form through a broad catalog of reports as well as through an executive dashboard and alerts via email.
top
Features
- Sees all of the attacks on a machine, whether from malicious code or a maliciously intended insider by tracking all of the changes to the machine and identifying indicators of malicious activity. Triumfant’s patent pending analytics compare these indicators against the broader endpoint population to effectively eliminate false positives.
- While most anti-virus applications depend on signatures, Triumfant uses the industry's only granular change detection process to expose undesirable software components. This includes malicious applications that evade anti-virus protection as well as software components such as games, peer-to-peer programs, MP3s, videos, screensavers, etc. that consume resources and/or interfere with business applications.
- A successful attack leaves widespread damage such as file associations, altered security settings and personal firewall settings, and open ports. Anti-virus applications do not have the knowledge or sophistication to correct such problems, but Triumfant is able to synthesize a response on the fly that exactly matches the damage found in a particular machine. The result is a holistic, surgical remediation that affects only those attributes within a computer that are in error.
- Once an attack is identified for any given machine, administrators can use the information gained from addressing that machine to scan the endpoint environment for any other instances of the attack and apply the created remediation, effectively ending the threat to the entire organization in minutes.
top
