Triumfant Launches Memory Process Scanner Module to Detect and Stop In-Memory Attacks

bigdatagreen
Editor’s note: In-memory computing has been a fast growing trend in enterprise IT. It is a great way to modernize old apps and build incredible new systems that can quickly accomplish what has been impossible to date. But In-memory computing comes with new kinds of security challenges. I am proud to be an advisor to Triumfant and proud to share the press release below that highlights their capability in this space. – bg

Triumfant Launches Memory Process Scanner Module to Detect and Stop In-Memory Attacks 

Solution provides real-time detection, identification, and mitigation of advanced malware that operates in endpoint volatile memory 

Rockville, MD – November 4, 2013 – Triumfant, creator of patented software that automatically discovers, analyzes and remediates advanced malware attacks on computers, today launched its first ever Advanced Volatile Threat (AVT) module to detect and stop “in-memory” malware attacks. The new solution, which is bundled free with Triumfant’s newly-available 5.0 product suite, combines Triumfant’s unique, patented malware detection software with new tools that can accurately track malware functionality operating in the volatile memory of the endpoint machine. Offered to existing customers at no additional charge, Triumfant’s Memory Process Scanner module enables real time detection of a variety of threats that operate by manipulating objects in memory.

Advanced Volatile Threats are malware attacks that take place in a computer’s random access memory (RAM) or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike Advanced Persistent Threats (APTs) that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean – leaving no trace behind as the computer is shut down.

A key aspect of the Memory Process Scanner is its ability to detect volatile exploits. In the case of an exploit, the malware injects itself into a normal process. Once the malware is running, it may migrate to a different process and download other tools to be used by the attacker. Catching the initial exploit allows the earliest possible detection and identifies the vulnerable process that is being compromised.

“Triumfant’s unique ability to recognize ‘in-memory’ attacks — without relying on prior knowledge or signatures – means that we can provide unmatched defense against today’s most sophisticated cyber attacks from experienced criminals and state-sponsored threat actors,” said John Prisco, President and CEO of Triumfant. “As malicious threats against the endpoint continue to grow in volume, many organizations are focusing on sophisticated threats such as APTs, often neglecting an extremely vulnerable part of the machine: the memory. We believe our new Memory Process Scanner offering is a great way for our customers to complement existing security technologies in their organization and create a multi-faceted defense against today’s most advanced cyber threats.”

Other features of Triumfant’s Memory Scanner module include:

  • Anomalous Application Verification: Automatically links related anomalous behaviors and generates supporting evidence for anomalous applications on the endpoint.
  • Irregular Process Notifications: An attacker will often hide a backdoor process inside another process that doesn’t normally communicate over the network. The Memory Scanner can detect processes as a behavioral anomaly if it tries to communicate over the network.
  • Bandwidth & Authentication: Triumfant’s 5.0 update is more bandwidth efficient than current messaging systems, includes bidirectional authentication to prevent spoofing, and contains message sequence numbers to prevent replay attacks.
  • Second Generation Messaging System: Triumfant 5.0’s new messaging system is based on JSON-RPC over HTTP implemented in JavaScript and can be used to communicate with agents designed for Windows and non-Windows platforms.
  • Management: Installation, verification, operation, and maintenance of the Triumfant malware detection solution is provided with each 5.0 upgrade.

“The security industry has tried many approaches to preventing malware over the years, and some have worked better than others. By now, thanks to numerous studies, everyone should realize that the signature-based approaches of old have limited value,” said Adrian Sanabria, Senior Security Analyst, 451 Research. “Innovations like Triumfant’s memory scanning approach are an important and significant step forward in fighting the battle where it occurs – on the endpoint. Many current technologies address threats directly, taking a single step to prevent an attack. These are easily leapfrogged by the attacker, and have limited long-term value. The industry desperately needs more approaches that address problems at the root, and will force attackers to spend significantly more time and effort to achieve their goals.”

For more information, please visit: www.triumfant.com.

About Triumfant

Triumfant leverages patented analytics to detect, analyze and remediate the malicious attacks that evade traditional endpoint protection solutions such as the Advanced Persistent ThreatZero Day Attacks, targeted attacks, and rootkits. Triumfant automates the process of building a contextual and surgical remediation that addresses the malware and all of the associated collateral damage. Endpoints go from infection to remediation in five minutes without the need to reboot or re-image.

Triumfant uses these same analytics to continually enforce security configurations and policies, ensuring that organizations start every day with their endpoints secure and audit ready.

Please visit us at: http://www.triumfant.com/default.asp.

Follow Triumfant on Twitter and YouTube.

Sign up for your free CTOvision Pro trial today for unique insights, exclusive content and special reporting.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

USN Quarterly Industry Day at Charleston: What you need to know to compete

Request Your Invite to the 20 May 2014 Andreessen Horowitz Fed Forum in DC

Amazon Hopeful that Fire TV will Spread

What The Enterprise IT Professional Needs To Know About Git and GitHub

3D Printing… At Home?

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

solid
About Bob Gourley

Bob Gourley is the publisher of CTOvision.com and DelphiBrief.com and the new analysis focused Analyst One Bob's background is as an all source intelligence analyst and an enterprise CTO. Find him on Twitter at @BobGourley