Understanding What We Are By Understanding What We Are Not

When you have an endpoint security solution that is based on technology as unique as Triumfant, introductory conversations take two paths.  The first path requires a bit of Gestalt on the part of the listener who is able to hear how the technology works and immediately begin to connect the dots on the practical applications of our ability to detect, analyze and remediate every change on an endpoint machine or server.   There is normally a very enlightened look and phrases such as “then that means you can <insert cool practical application here>.” I find in presentations that go this way, I immediately shut down PowerPoint and engage in a very lively conversation about the value of Triumfant and our solutions.

The second path gets to the same destination, but the conversation includes a line of discussion where people seek a reference point to compare Triumfant with other endpoint protection products or product categories.  This is natural and I by no means imply that such people are not smart or perceptive – it is human nature to build new knowledge off our existing points of reference.  This path begins with the phrase “oh, so you are like <insert product name or product category here>?”, and that is where the fun begins as we spend some time discovering what our product is not. 

Which leads me to today’s post – I thought I would provide a primer on what we are not:

  • Antivirus – If you did not know this, you must be a first time visitor and may want to check out the post on our malware counter.  We are most definitely not an antivirus product and do not use signatures to detect malicious activity.  Not that there is anything wrong with that.
  • Behavioral Analysis – behavioral analysis is getting some attention as an alternative to AV but has been met with mixed results.  Essentially behavioral analysis tools watch running processes and create an alert if the process does something that it deems suspicious.  These tools are touted as protection against zero-day attacks but can suffer from false positives that make them problematic.  (Note: Some vendors will position their behavioral based tools as comparable to Triumfant.  The comparisons don’t stand up.)
  • Heuristics – heuristic analysis attempt to operationalize experience to identify new malware or variants of known malware. Three methods are used: file analysis, file emulation, and generic signatures, all of which require some previous knowledge of the attack and therefore suffer from the same diminishing (Gartner’s word, not mine) capabilities as signature based AV software as the number of attacks grow geometrically. Triumfant makes use of some heuristic analysis once we detect an attack, but it is not how we detect an attack.
  • HIPS – some people feel that HIPS (host intrusion based protection) tools are a close match to Triumfant. These tools use a combination of firewall, system-level action control and sandboxing in an attempt to detect malware and prevent it from being loaded onto the host machine.  These tools have found limited success and are considered resource intensive and prone to false positives. Triumfant takes a very different approach to HIPS and does not require extensive blacklisting, nor does it result in resource issues on the host machine or the network. 

It should be noted that none of these tools include the capabilities of synthesizing situational remediations for detected problems that fix not only the malicious attack but all of the collateral damage associated with the attack.

So there you go – a brief discussion of what we are not.  You can now free your mind and think about what we are: a unique tool that uses granular change to detect, analyze and remediate unexpected changes to endpoint machines and servers.  Understanding how we are different further frees you mind to grasp the practical applications of our technology such as the real-time detection and remediation of malicious attacks. For a better explanation let me suggest you start with our web site or with some of the following blog entries:

This entry was posted on Wednesday, May 27th, 2009 at 12:17 pm and is filed under Endpoint Security, Triumfant Resolution Manager. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply