Leading a New Approach in Cybersecurity for Government

Empowering Federal Agencies to Modernize Their Approach to Security

  • Current network cybersecurity involves intrusion detection and prevention that relies upon manual inputs of known tactics, techniques, and procedures
  • While these controls remain both useful and necessary, agencies are missing automated preventative control
  • Trinity Cyber invented a new technology to address this gap

We equip agencies with the means to protect your cybersecurity posture externally, defeating would-be threats before they can interact with your infrastructure. Trinity Cyber examines every Internet session, from protocols to file types and runs countermeasure operations out-of-band with no perceptible latency. We also:

  • Remove conditions adversaries exploit with CVEs to enable protection as patch management cycles catch up
  • Advance Zero Trust security initiatives
  • Complement scanning and endpoint investments made by federal agencies and significantly increase network security

For every federal CISO, this advanced capability modernizes your defensive capabilities, automates response actions, and improves your existing cybersecurity posture. It is built to accommodate every stage of your perimeter evolution, from TIC 3.0 to SASE and beyond, enabling you to:

  • Reduce risk from threats and attacks
  • Save time and money by increasing operational efficiencies
  • Minimize strain on security operations center (SOC) staff

Featured Resource

2021-04-TrinityCyber_UseCase_ICS


Industrial Control System (ICS) Use Case

Learn how Trinity Cyber’s breakthrough technology can insulate critical infrastructure.

 

Read Now

right-chevron-dkblue

Experts Agree We Are Different

Trinity_CoPhoto_Awards_Hex-23
Trinity_Washingtonian_900x600
Trinity_CoPhoto_Awards_Hex-25
Trinity_CoPhoto_Awards_Hex-24

What We Do

Trinity Cyber’s managed service actively detects and neutralizes threats before they reach a client's system. We sanitize corrupted traffic by replacing or altering files, code segments and protocols inline. We are complementary to and enhance your existing security infrastructure. Our experts run the technology for and with you as our client. Our team augments your SOC and customizes response actions based upon your preferences. Our unique capabilities include:

Traffic Inspection Outside the Network

Because the security appliances on corrupted networks also could be compromised, traffic inspection must be performed outside the network, inline (not in a sandbox) and out-of-band, in a manner that can detect and neutralize command and control traffic, remote code execution, exfiltration of data, and embedded malicious code.

Going Beyond NGFWs and IPS

Trinity Cyber’s technology can detect and prevent network threats that Next Generation Firewalls (NGFWs) and Intrusion Prevention Systems (IPS) may miss—including command and control traffic within protocol fields and file content.

Advancing the Zero Trust Paradigm

The Trinity Cyber solution also advances the Zero Trust network security paradigm allowing organizations to manage their network security under the assumption they are already compromised.

How Trinity Cyber Removes the Conditions Adversaries Exploit with Common Vulnerabilities and Exposures (CVEs)

Trinity Cyber removes conditions adversaries exploit in widely known vulnerabilities, regardless of the specific exploit code or delivery infrastructure. For instance, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) recently published an advisory regarding the top five CVEs nation-state actors successfully exploit.

  • Trinity Cyber removes ALL of the conditions associated with these vulnerabilities out of the network traffic

In addition, the NSA also reported on the top 25 vulnerabilities exploited by nation-state threat actors.

  • Trinity Cyber exposes and removes ALL 20 of the network-facing vulnerabilities in the NSA’s report

Hundreds of CVEs, such as Equation Editor and others, employ a multitude of techniques including reconnaissance, exploitation, command and control, and exfiltration. Classified indicators become less relevant when full session inspection and inline active defense enables actions such as remove, replace or modify within the network session. With full session inspection and extremely accurate processing, Trinity Cyber detects nation-state and other threats wherever they may be in the network session.

Proactively Defeat Would-Be Threats

Why a Proactive Approach Matters in Federal Government?

Federal agencies can now fully stage, deeply inspect and take targeted action on all Internet traffic (not just web traffic) before it enters and as it leaves the network. Targeted action allows agencies to modify payloads and techniques to neutralize threats inline, not in a sandbox.

What Agencies Gain When Working with Trinity Cyber:

  • Save time on patch management
  • Save time on notification reviews and false positives
  • More fidelity in identified threats

Benefits for Companies Doing Business with the Government

  • CMMC compliance
  • FISMA compliance
  • Ease of reporting to agency customers

2021_04_TrinityCyber_FederalPage_diagram_V4-01
Speak with a Security Expert
right-chevron-dkblue

For Networks Affected by the SolarWinds Exploitation

SolarWinds Orion Attack Background

The SolarWinds Orion compromise was a sophisticated supply chain attack. The adversary who carried out the attack had access to production source code and the ability to surreptitiously insert malicious logic into that code before it was digitally signed and distributed to customers by SolarWinds as a seemingly legitimate software update. This clever and sophisticated method made it impossible for any SolarWinds customer to have been able to detect the attack.

How Did the Attack Unfold?

The adversary designed this attack such that once a customer installed the SolarWinds Orion software update, a backdoor was created with system administrator, privileged access that allowed the adversary to download and install whatever they wanted. Given that it is widely believed that the adversary is a foreign government’s Intelligence Service, and they have enjoyed full, highly privileged access for more than six months, they own everything–or at least everything they care about. This includes user accounts, PII, servers, IT infrastructure, and security software and appliances.

What Does This Mean for Entities with SolarWinds Orion?

As a result, we recommend any customer of SolarWinds Orion assume that a foreign government has widespread, persistent access to and control of their networks. The hackers abandoned long ago the infrastructure and static indicators associated with the initial backdoor delivered with the attack.

What Remediation Options Exist?

Contrary to popular belief, removing SolarWinds Orion does not fully address what has likely already been installed in customers' networks by the adversary. While long-term remediation tasks are being performed, immediate steps can and should be taken to thoroughly and accurately inspect bi-directional, full session network traffic. Trinity Cyber is the only option on the market to remediate the impact of the breach due to the unique capabilities of our technology.

Transform Your Agency's Cybersecurity Strategy

Learn how you can boost your cybersecurity with the most innovative, active threat prevention solution on the market