The Triumfant 3 Minute Malware Challenge is Not Hype – We Have the Video to Prove It
April 29, 2009 Leave a comment
For those of you who may have thought that the Triumfant 3 Minute Malware Challenge at RSA 2009 was hype, the video team from Infoweek/Dark reading came to our booth and recorded Dave Hooks, our CTO, doing the demo. Have a look at http://tinyurl.com/y94sgly
Dave’s set-up was live and he was careful to ensure that Triumfant Resolution Manager was free of any policies or controls that would have given it any prior knowledge of the malware. For this demo he is actually running the server and the client in two different virtual machines on his laptop – not exactly a configuration optimized for speed. Dave clicks on the malware and the date/time stamps on the screen tell the story: 3 minutes from introduction to remediation. He even takes the time to show the effects of the malware such as the disabling of Task Manager to show the machine was in fact infected.
Watch the video and step back for a second. Think of your endpoint machines being attacked. First, you hope that the traditional signature based antivirus on your machine will detect the attack, which if there is no signature Gartner says your chances are 50/50. If your defensive software does see the attack, your security people would get an alert and start to investigate. Before your security people likely open their first screen for analysis, Triumfant has analyzed the attack, built a custom yet completely comprehensive remediation on the fly, and is executing it on the machine to kill the attack and address all of the collateral damage of the attack.
Done. Fixed. No human interaction, no re-imaging.
You however still have to call your A/V vendor, hope that their “A” team is on deck, and get them to write you a new signature and a remediation script. At best, four hours later (I use that time because an AV vendor was positively giddy about a four hour turnaround on a recent web cast) you get back the signature and script. Now you get to send the signature out to the endpoints and then push the script out like a patch. And then you get to start the process of re-imaging any infected machines, because the remediation you received will likely miss changes to the machine that could result in new vulnerabilities. Think about that in the context of the demo.
There is a better way out there. While the established vendors are talking about innovation, an evolved way of detecting and remediating malware is here and it works – in 3 minutes! And now we have the video to prove it.