Empowering Federal Agencies to Modernize Their Approach to Security
- Current network cybersecurity involves intrusion detection and prevention that relies upon manual inputs of known tactics, techniques, and procedures
- While these controls remain both useful and necessary, agencies are missing automated preventative control
- Trinity Cyber invented a new technology to address this gap
- Remove conditions adversaries exploit with CVEs to enable protection as patch management cycles catch up
- Advance Zero Trust security initiatives
- Complement scanning and endpoint investments made by federal agencies and significantly increase network security
For every federal CISO, this advanced capability modernizes your defensive capabilities, automates response actions, and improves your existing cybersecurity posture. It is built to accommodate every stage of your perimeter evolution, from TIC 3.0 to SASE and beyond, enabling you to:
- Reduce risk from threats and attacks
- Save time and money by increasing operational efficiencies
- Minimize strain on security operations center (SOC) staff
Industrial Control System
(ICS) Use Case
Learn how Trinity Cyber’s breakthrough technology can insulate critical infrastructure.
Experts Agree We Are Different
- Gartner named Trinity Cyber "Cool Vendor " for Network and Endpoint Security for 2020
- Tech titans including malware expert Michael Sikorski and cybersecurity industry pioneers Ron and Cyndi Gula recognize Trinity Cyber’s technology as “a dream come true for the good guys”
- Trinity Cyber VP of Threat Analysis was named the Security Innovator of the Year by SC Media
- Trinity Cyber is led by recognized and respected leaders in cybersecurity and our technology is built by experts with decades of experience defending our nation’s most sensitive communications and information systems
What We Do
Trinity Cyber’s managed service actively detects and neutralizes threats before they reach a client's system. We sanitize corrupted traffic by replacing or altering files, code segments and protocols inline. We are complementary to and enhance your existing security infrastructure. Our experts run the technology for and with you as our client. Our team augments your SOC and customizes response actions based upon your preferences. Our unique capabilities include:
Traffic Inspection Outside the Network
Because the security appliances on corrupted networks also could be compromised, traffic inspection must be performed outside the network, inline (not in a sandbox) and out-of-band, in a manner that can detect and neutralize command and control traffic, remote code execution, exfiltration of data, and embedded malicious code.
Going Beyond NGFWs and IPS
Trinity Cyber’s technology can detect and prevent network threats that Next Generation Firewalls (NGFWs) and Intrusion Prevention Systems (IPS) may miss—including command and control traffic within protocol fields and file content.
Advancing the Zero Trust Paradigm
The Trinity Cyber solution also advances the Zero Trust network security paradigm allowing organizations to manage their network security under the assumption they are already compromised.
How Trinity Cyber Removes the Conditions Adversaries Exploit with
Common Vulnerabilities and Exposures (CVEs)
Trinity Cyber removes conditions adversaries exploit in widely known vulnerabilities, regardless of the specific exploit code or delivery infrastructure. For instance, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) recently published an advisory regarding the top five CVEs nation-state actors successfully exploit.
- Trinity Cyber removes ALL of the conditions associated with these vulnerabilities out of the network traffic
- Trinity Cyber exposes and removes ALL 20 of the network-facing vulnerabilities in the NSA’s report
Hundreds of CVEs, such as Equation Editor and others, employ a multitude of techniques including reconnaissance, exploitation, command and control, and exfiltration. Classified indicators become less relevant when full session inspection and inline active defense enables actions such as remove, replace or modify within the network session. With full session inspection and extremely accurate processing, Trinity Cyber detects nation-state and other threats wherever they may be in the network session.
Proactively Defeat Would-Be Threats
- Network detection with endpoint fidelity
- Better than 99.9% detection accuracy
- Full context (context and metadata) detection of files and protocols
- Detects traffic inline, bi-directionally, at line speed
- Full session visibility elevates threat hunting efficiency
Actions Far Beyond Block/Alert
- Neutralizes threats before they infiltrate the network
- Removes vulnerabilities and violations inline
- Removes bad or malicious content
- Replaces bad files with benign data
- Wrestles command and control away from the attacker
Why a Proactive Approach Matters in Federal Government?
Federal agencies can now fully stage, deeply inspect and take targeted action on all Internet traffic (not just web traffic) before it enters and as it leaves the network. Targeted action allows agencies to modify payloads and techniques to neutralize threats inline, not in a sandbox.
What Agencies Gain When Working with Trinity Cyber:
- Save time on patch management
- Save time on notification reviews and false positives
- More fidelity in identified threats
Benefits for Companies Doing Business with the Government
- CMMC compliance
- FISMA compliance
- Ease of reporting to agency customers
For Networks Affected by the SolarWinds Exploitation
SolarWinds Orion Attack Background
The SolarWinds Orion compromise was a sophisticated supply chain attack. The adversary who carried out the attack had access to production source code and the ability to surreptitiously insert malicious logic into that code before it was digitally signed and distributed to customers by SolarWinds as a seemingly legitimate software update. This clever and sophisticated method made it impossible for any SolarWinds customer to have been able to detect the attack.
How Did the Attack Unfold?
The adversary designed this attack such that once a customer installed the SolarWinds Orion software update, a backdoor was created with system administrator, privileged access that allowed the adversary to download and install whatever they wanted. Given that it is widely believed that the adversary is a foreign government’s Intelligence Service, and they have enjoyed full, highly privileged access for more than six months, they own everything–or at least everything they care about. This includes user accounts, PII, servers, IT infrastructure, and security software and appliances.
What Does This Mean for Entities with SolarWinds Orion?
As a result, we recommend any customer of SolarWinds Orion assume that a foreign government has widespread, persistent access to and control of their networks. The hackers abandoned long ago the infrastructure and static indicators associated with the initial backdoor delivered with the attack.
What Remediation Options Exist?
Contrary to popular belief, removing SolarWinds Orion does not fully address what has likely already been installed in customers' networks by the adversary. While long-term remediation tasks are being performed, immediate steps can and should be taken to thoroughly and accurately inspect bi-directional, full session network traffic. Trinity Cyber is the only option on the market to remediate the impact of the breach due to the unique capabilities of our technology.
Federal Cybersecurity Headlines
- Bloomberg: Biden to Tap Former NSA Officials to Top Cybersecurity Roles
- Associated Press: Russian hack of US agencies exposed supply chain weaknesses
- The Cybersecurity 202: DHS head seeks to quickly solve some major cybersecurity problems
- CyberScoop: Mayorkas pledges to modernize US cyber-defenses after their failure to detect alleged Russian spies