Remediation Without Re-Imaging

One of the benefits of the Triumfant solution for endpoint security is that it builds a situational remediation for the problems it detects.  These remediations not only address the source of the problem, but also clean up all the collateral damage of the attack.  This unique ability has an interesting associated benefit of eliminating the need to re-image the infected machine.

The analytics of Triumfant Resolution Manager do a remarkable job of finding the boundaries of an attack and all of the changes to the machine within those boundaries.  Triumfant continually scans endpoint machines for over 200,000 attributes to identify all of the changes in that machine.  When it detects an attack it uses dependency walks on the affected files and temporal analysis to ensure that it sees all of the related ripples.  In this way, Triumfant sees the attack in its complete form and knows everything that was changed in that machine.  While other tools simply kill the offending executable, Triumfant builds a surgical remediation that restores the machine back to the pre-attack condition, changed attribute by changed attribute. No roll-backs or logs, no need to reboot.  And best of all, no need to re-image.

Think about the time and money that would be saved by eliminating the re-imaging process.  I know that in these days of virtual machines the process is not that complicated from a technical point of view, but it is still an intrusion on the user and still uses up valuable people time on the IT staff. 

In my time in the security industry, I have found that most CISOs and IT security managers look for ways to move their teams from the defensive, reactive work of fixing problems to the offensive, proactive work of protecting the organization.  Eliminating the need to write a remediation for an infected machine and further eliminating the need to re-image the machine would seem to be two pretty good places to recover people time from the reactive side of the ledger.