Triumfant Malware Detection Challenge at RSA – You Bring It; We Find It

Today we are announcing that Triumfant will be holding a malware detection challenge in our booth (756) at RSA 2010.  The challenge is amazingly simple: you bring us malware on a USB stick or CD, and we will put it onto a Windows XP machine running our software and detect it.  No smoke, mirrors, celebrity look-alikes, flashing lights, or slickly animated and over-produced presentation.  Just your malware against our ability to detect what evades other traditional malware detection tools.  Straight up, and we will show you the results.

We are doing the challenge because sometimes when a product breaks down constraints that have been generally accepted as unbeatable that product can be perceived as too good to be true, raising doubt and suspicion even people see the product work in person.  Such was the case at last year’s RSA when we did our three minute malware challenge – people were really impressed, but some looked to discount what they observed firsthand as a set-up given that the malware used was selected by us.

So this year we will remove all doubt by using malware that anyone is willing to bring to the booth.  The information and rules about the challenge can be found here and here.

“But wait, there are restrictions!”, you say.  Yes there are and unashamedly so because we at Triumfant have always been very clear as to what we can and cannot do.  That is because we enjoy the luxury of having software so unique and so differentiated that we do not have to stretch the truth.  We have always said that Triumfant sees attacks with at least some form of persistence, and is not effective for attacks that are completely memory based or bios based.  We also know that there will be some (we think 5%-10%) rootkits that can get lower in the stack than we will see, but we will still gladly take rootkits in the challenge.  And even with the restrictions, we are still addressing a very significant and sizable problem.

“What if you fail?”, you may ask. Let me start with the easy answer – we are quite sure we will have a far higher detection rate than any of the traditional tools.  Of course the bar is pretty low (ok, that was a cheap shot).  The better answer is that we are very confident that we will succeed convincingly, if not perfectly.  Our success rate will certainly be high enough to effectively show the power and value of our product.

The bigger question may be how the market reacts to our success.  Detecting the attacks that evade other tools under live conditions pretty much removes reasonable objections.

But wait, there is more (I am in marketing, after all).  We have not mentioned the automated remediation capabilities of Triumfant.  For persistent attacks and rootkits, we will be able to take the detailed information generated during the detection process and generate a situational and contextual remediation for the attack, returning the victim machine to its pre-attack condition.  The only attacks that we will not be able to remediate will be those that exist partially in memory – we will identify the persistent artifacts but not all of the memory based elements.

So come by the booth and see for yourself.  If you can’t find a snarling nasty bit of malware to bring along, we will have plenty to demonstrate the product to you.  Or you can watch while someone brings their sample to the booth.  Either way, I am absolutely sure you will be impressed.