A New Approach to Endpoint Security
Triumfant Resolution Manager is a completely new approach to endpoint security, using granular change detection and analysis to continuously enforce security configurations and identify malicious attacks. The depth of Triumfant’s scan scope and unique ability to detect problems is only surpassed by its equally unique ability to synthesize a situational, contextual remediation to immediate and automatically fix what it finds. Resolution Manager stands alone in its ability to proactively analyze complex computing environments, enforce configurations and policies, and automatically synthesize situational remediations to ensure the security and continuity of information services.
A Quantum Leap in Diagnostic Range and Accuracy
Triumfant starts by performing a deep scan of every computer every day by gathering and analyzing over 200,000 attributes that are the absolute elemental components of each machine. These attributes include registry settings, port settings, performance statistics and a MD5 hash of every file. By continually scanning each machine, Resolution Manager is able to identify every change to these attributes and perform the analysis required to detect malicious activity and monitor compliance with configurations and policies.
| Configuration Errors |
Noncompliance |
Malware |
Missing or corrupted files
Missing or corrupted registry keys
Missing patches
Incorrect option settings
Missing drivers
Incorrect software versions |
Security violations
Policy violations
Undesirable applications
|
Trojans
Viruses
Rootkits
Peer-to-peer programs
Spyware
Adware
|
Click on the graphic to see the details captured by Resolution Manager for one endpoint machine
Triumfant Brings Context to Analysis
The real analytical power of Triumfant comes from the unique ability of Resolution Manager to analyze detected changes in the broader context of the organization’s endpoint population. While all other endpoint security tools only view incidents in the context of the affected machine, Triumfant uniquely learns about the distinct profile of each organization and adapts its analytical process to that profile as the organization evolves over time. Resolution Manager takes the wealth of collected data and leverages patented analytics to build a highly detailed, multi-dimensional correlation model of the attributes of the endpoint population, called the Adaptive Reference Model. This model provides a normative baseline of the population (or defined groups within that population) to identify unexpected changes and conditions. Resolution Manager continually refreshes the Adaptive Reference Model in order to assimilate the evolutionary changes that are normal to every endpoint environment.
Once the Adaptive Reference Model is built, Resolution Manager uses the unique context contained in the model to analyze the changes detected from subsequent scans to determine the effect of those changes on each machine. Customers can also build policy templates through an intuitive, wizard driven interface to enforce organization specific policies and controls, or apply policy templates provided by Triumfant for specific initiatives such as power management or mandates such as the Federal Desktop Core Compliance initiative. When a change or a non-compliant condition is detected, patent pending analytics use the Adaptive Reference Model to determine is the change is anomalous or part of normal operational changes to the population, effectively eliminating false positives.
Seeing the Attacks that Others Cannot or Do Not See
Triumfant Resolution Manager is uniquely able to detect the malicious attacks on endpoint machines and servers that evade today’s endpoint security. That is because Triumfant is the only endpoint protection product using change detection at the granular level as the basis for identifying those attacks. The logic is quite simple: unless an attack can perform its malicious activity without changing the machine, Triumfant will be able to detect it. Because Resolution Manager requires no prior knowledge of an attack to detect that attack, Triumfant fills the significant gap left by endpoint protection software that rely on traditional methods like signatures, heuristic analysis or behavioral analysis.
The patented analytics at the heart of Resolution Manager see all of the changes to the affected machine, not just the offending executable. Sophisticated algorithms utilize dependency analysis and other techniques to identify and group all of the changes - registry settings, files, processes, services, ports - that compose the broader attack. This unique capability means that Triumfant sees all of the collateral damage done to the machine and will identify secondary payloads and other components of dynamic targeted exploits.
Click on the graphic to see the detailed analysis of a detected rootkit
Real-time Remediation
The story does not stop at detection, as Triumfant leverages its detailed, complete knowledge of the changes on the affected machine to build a comprehensive remediation for the detected problem. While other tools may only kill the malicious executable, they may leave a potential host of changes that can compromise the machine and make it vulnerable to further attack such as altered registry settings, missing or corrupted files, corrupted system calls, opened ports, improper firewall settings and more. That is why the ability to see all of the collateral damage of the attack sets Triumfant apart – you have to be aware of the changes in order to fix them. Only Resolution Manager builds a comprehensive remediation capable of addressing each and every change, restoring the machine to its pre-attack condition and eliminating the need for re-imaging. Resolution Manager can detect, analyze and remediate an attack in less than five minutes without human intervention, drastically reducing the time from detection to remediation and stopping attacks before they can spread and affect the entire organization.
Persistent Security Readiness
Triumfant Resolution Manager excels at enforcing security configurations and policies on every machine, every day. These can be either the configurations learned in the model from scanning the endpoint population, or explicit configurations, such as those for a golden master, expressed as user defined policies. When non-compliance is detected, Resolution Manager builds a remediation and returns the machine to the desired configuration. With Resolution Manager, the organization starts every day with an audit-ready endpoint population. Triumfant also ensures that traditional endpoint security tools are properly deployed, properly configured, and fully operational to effectively perform their roles. This continuous enforcement of configurations and policies raises the security readiness of every machine and effectively lowers risk.
Whitelisting to Control Unauthorized Applications
Resolution Manager also excels at managing unauthorized applications. The analytics of Resolution Manager build a normative whitelist of the applications running in the endpoint population which can be tuned by adding explicit whitelist/blacklist policies. When an application is loaded onto a machine Resolution Manager will detect the new application and check it against the whitelist/blacklist rules. If the new application is determined to be anomalous, Resolution Manager can be configured to respond in a variety options ranging from creating an alert to automatically removing the software from the machine. Explicit policies can be created to eliminate known problems such as peer-to-peer software from machines. In short, the automatic detection and removal of unauthorized software effectively keeps the endpoint population free from applications known to create risk. And unlike other whitelisting tools that require a lockdown environment or require the user to make appropriate judgments, Triumfant can maintain a flexible environment and automatically remediate incidents in real-time.
Unmatched Visibility
Resolution Manager provides an extensive repertoire of reports covering Security, Compliance and Configuration management and Incident and Problem management. The result is an actionable view into the endpoint population that is unprecedented in the industry.
- Wide range of standard reports
- Specific reports for specific solutions such as FDCC Compliance or IT Power Management
- An executive dashboard that provide executive level summaries and specific reports for ROI.
- A user interface to create custom reports
- The ability to distribute reports to executives and stakeholders
- The power to export reports to integrate the information into business documents.
User profiles allow the viewing scope and functionality available to each user to be controlled by the system administrator. This is particularly valuable in situations where multiple organizations share the same Resolution Manager infrastructure but want independent management views.
