I have the great privilege to have been asked to speak tomorrow at the NIST Security Automation Conference. My presentation will address how the unique approach and technology behind our offering helps drive three critical shifts in the thinking behind endpoint security:
The move from manual to automated processes. Triumfant represents a significant step forward in automating the detect-analyze-act cycle. Most if not all tools automated the detect activities, but as you move through analysis and ultimately action in the form of remediation, manual intervention by specialized security personnel is required. Triumfant uses our Adaptive Reference Model to analyze events in the context of the broader endpoint population and group changes into broader events. Most tools only see events on the context of the affected machine, and further analysis becomes a manual process. Remediations are performed manually and require some form of script to be written by either a vendor or in-house security staff. Triumfant builds a comprehensive remediation that fixes the malicious code and all the collateral damage of the attack. This remediation is written automatically, and is applied to the affected machine without interaction from the user, without the need for rebooting, and without the need to re-image. Only Triumfant can demonstrate the complete automation of the detect-analyze-act cycle. And we haven’t even begun to discuss the ramifications in regards to costs saved by automating the remediation process.
The move from periodic to continuous activities. Triumfant continuously scans and remediates, creating a state of what we call persistent security readiness. The automated processes continuously enforce policies and configurations by monitoring the machines, using changes at the granular level to trigger analysis and determining the ultimate affect of those changes on each machine. Triumfant then builds a remediation to return the machine to compliance. The result is every machine, every day readiness. We also use the SCAP vulnerability database to scan each machine for vulnerabilities and detail the patches required to eliminate those vulnerabilities.
The move from global to contextual requirements. As stated, most endpoint protection tools view events in the context of the affected machine. And they only see the malicious code and have no way to know the collateral damage from the attack. They may address the malicious code, but leave all forms of collateral damage such as altered configuration settings, open ports and secondary payloads to name a few. Only Triumfant provides the contextual information needed to fully remediate a machine under attack. By monitoring over 200,000 elemental attributes for every machine, only Triumfant sees all of the damage to the machine and can build a remediation that is in complete context with the attack and the specific needs of the attacked machine. Other tools may have pre-written remediations, but this is a one-size-fits-all approach that can leave a machine vulnerable. And of course, this approach assumes prior knowledge of the attack while Triumfant requires no such knowledge.
Because we fully automate the detect-analyze-act cycle, Triumfant addresses malicious attacks in less than five minutes from infection to remediation. This includes targeted attacks and attacks for which there is no prior knowledge. But we also continuously maintain the endpoints in a state of persistent security readiness, thereby reducing the attacks surface for those machines and ensuring that all of the protections, not just Triumfant, are in place, properly configured and fully operational.
Needless to say I am excited about the opportunity to tell our story to such a group focused on automating security processes. It is an exciting topic, and I have had the opportunity to speak to the really smart people at NIST and NSA that are driving some very progressive thinking on the subject. Best of all, it is exciting to know that many of the capabilities thought to be critical by these smart people in regards to securing the endpoint already exist in our product today.
If you are at the show, please stop by our booth (312) and we will be happy to show you a demonstration of how all of this works and talk about how we can put these capabilities to work for your organization.
Click here to subscribe
