Empowering Federal Agencies to Modernize Their Approach to Security

  • Current network cybersecurity involves intrusion detection and prevention that relies upon manual inputs of known tactics, techniques, and procedures
  • While these controls remain both useful and necessary, agencies are missing automated preventative control
  • Trinity Cyber invented a new technology to address this gap
We equip agencies with the means to project your cybersecurity posture externally, defeating would-be threats before they can interact with your infrastructure. Trinity Cyber examines every Internet session, from protocols to file types and runs countermeasure operations out-of-band with no perceptible latency. We also:
  • Remove conditions adversaries exploit with CVEs to enable protection as patch management cycles catch up
  • Advance Zero Trust security initiatives
  • Complement scanning and endpoint investments made by federal agencies and significantly increase network security

For every federal CISO, this advanced capability modernizes your defensive capabilities, automates response actions, and improves your existing cybersecurity posture. It is built to accommodate every stage of your perimeter evolution, from TIC 3.0 to SASE and beyond, enabling you to:

  • Reduce risk from threats and attacks
  • Save time and money by increasing operational efficiencies
  • Minimize strain on security operations center (SOC) staff

Featured Resource

2021-04-TrinityCyber_UseCase_ICS

Industrial Control System
(ICS) Use Case

Learn how Trinity Cyber’s breakthrough technology can insulate critical infrastructure.

Experts Agree We Are Different

  • Gartner named Trinity Cyber "Cool Vendor " for Network and Endpoint Security for 2020
  • Tech titans including malware expert Michael Sikorski and cybersecurity industry pioneers Ron and Cyndi Gula recognize Trinity Cyber’s technology as “a dream come true for the good guys”
  • Trinity Cyber VP of Threat Analysis was named the Security Innovator of the Year by SC Media
  • Trinity Cyber is led by recognized and respected leaders in cybersecurity and our technology is built by experts with decades of experience defending our nation’s most sensitive communications and information systems

What We Do

 

Trinity Cyber’s managed service actively detects and neutralizes threats before they reach a client's system. We sanitize corrupted traffic by replacing or altering files, code segments and protocols inline. We are complementary to and enhance your existing security infrastructure. Our experts run the technology for and with you as our client. Our team augments your SOC and customizes response actions based upon your preferences. Our unique capabilities include:

Traffic Inspection Outside the Network

Because the security appliances on corrupted networks also could be compromised, traffic inspection must be performed outside the network, inline (not in a sandbox) and out-of-band, in a manner that can detect and neutralize command and control traffic, remote code execution, exfiltration of data, and embedded malicious code.

Going Beyond NGFWs and IPS

Trinity Cyber’s technology can detect and prevent network threats that Next Generation Firewalls (NGFWs) and Intrusion Prevention Systems (IPS) may miss—including command and control traffic within protocol fields and file content.

 

 

Advancing the Zero Trust Paradigm

The Trinity Cyber solution also advances the Zero Trust network security paradigm allowing organizations to manage their network security under the assumption they are already compromised.

 

 

 

How Trinity Cyber Removes the Conditions Adversaries Exploit with

Common Vulnerabilities and Exposures (CVEs)

Trinity Cyber removes conditions adversaries exploit in widely known vulnerabilities, regardless of the specific exploit code or delivery infrastructure. For instance, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) recently published an advisory regarding the top five CVEs nation-state actors successfully exploit.

  • Trinity Cyber removes ALL of the conditions associated with these vulnerabilities out of the network traffic
In addition, the NSA also reported on the top 25 vulnerabilities exploited by nation-state threat actors.
  • Trinity Cyber exposes and removes ALL 20 of the network-facing vulnerabilities in the NSA’s report

Hundreds of CVEs, such as Equation Editor and others, employ a multitude of techniques including reconnaissance, exploitation, command and control, and exfiltration. Classified indicators become less relevant when full session inspection and inline active defense enables actions such as remove, replace or modify within the network session. With full session inspection and extremely accurate processing, Trinity Cyber detects nation-state and other threats wherever they may be in the network session.

Proactively Defeat Would-Be Threats  

TrinityCyber_icons_V5_advanceddetection

Advanced Detection

  • Network detection with endpoint fidelity
  • Better than 99.9% detection accuracy
  • Full context (context and metadata) detection of files and protocols
  • Detects traffic inline, bi-directionally, at line speed
  • Full session visibility elevates threat hunting efficiency

 

TrinityCyber_icons_V5_actionsfarbeyond

Actions Far Beyond Block/Alert

  • Neutralizes threats before they infiltrate the network
  • Removes vulnerabilities and violations inline
  • Removes bad or malicious content
  • Replaces bad files with benign data
  • Wrestles command and control away from the attacker


Why a Proactive Approach Matters in Federal Government?


Federal agencies can now fully stage, deeply inspect and take targeted action on all Internet traffic (not just web traffic) before it enters and as it leaves the network. Targeted action allows agencies to modify payloads and techniques to neutralize threats inline, not in a sandbox.

What Agencies Gain When Working with Trinity Cyber:

  • Save time on patch management
  • Save time on notification reviews and false positives
  • More fidelity in identified threats

Benefits for Companies Doing Business with the Government

  • CMMC compliance
  • FISMA compliance
  • Ease of reporting to agency customers
2021_04_TrinityCyber_FederalPage_diagram_V4-01

For Networks Affected by the SolarWinds Exploitation

SolarWinds Orion Attack Background

The SolarWinds Orion compromise was a sophisticated supply chain attack. The adversary who carried out the attack had access to production source code and the ability to surreptitiously insert malicious logic into that code before it was digitally signed and distributed to customers by SolarWinds as a seemingly legitimate software update. This clever and sophisticated method made it impossible for any SolarWinds customer to have been able to detect the attack.

How Did the Attack Unfold?

The adversary designed this attack such that once a customer installed the SolarWinds Orion software update, a backdoor was created with system administrator, privileged access that allowed the adversary to download and install whatever they wanted. Given that it is widely believed that the adversary is a foreign government’s Intelligence Service, and they have enjoyed full, highly privileged access for more than six months, they own everything–or at least everything they care about. This includes user accounts, PII, servers, IT infrastructure, and security software and appliances.

What Does This Mean for Entities with SolarWinds Orion?

As a result, we recommend any customer of SolarWinds Orion assume that a foreign government has widespread, persistent access to and control of their networks. The hackers abandoned long ago the infrastructure and static indicators associated with the initial backdoor delivered with the attack.

What Remediation Options Exist? 

Contrary to popular belief, removing SolarWinds Orion does not fully address what has likely already been installed in customers' networks by the adversary. While long-term remediation tasks are being performed, immediate steps can and should be taken to thoroughly and accurately inspect bi-directional, full session network traffic. Trinity Cyber is the only option on the market to remediate the impact of the breach due to the unique capabilities of our technology.

Transform Your Agency's Cybersecurity Strategy

Learn how you can boost your cybersecurity with the most innovative, active threat prevention solution on the market