"A fundamentally new cyber solution was needed. The premise of Trinity Cyber's groundbreaking technology is simple, and no other company in the market can do it. While other vendors build Zero Trust into your cloud access, we build real trust into your Internet access."

Trinity Cyber

Core Premise

The premise of Trinity Cyber’s technology is simple and unique.

Every Internet session can and should be fully staged, parsed and deeply inspected inline (not in a sandbox) in context, and with endpoint and application layer fidelity before it enters or leaves a customer’s control. At the same time, automated processes must be run to remove or alter malicious content from files and protocol fields at speed and scale to affect the outcome in favor of the customer. This must be done without introducing latency or degrading the customer’s Internet experience.

Running Business Confidently and Securely

Detecting & Neutralizing Threats Before They Interact with Your Infrastructure

  • Current cybersecurity practices for intrusion detection and prevention that rely upon manual inputs of known tactics, techniques and procedures must evolve
  • While these controls remain useful, automated preventive control is missing
  • Trinity Cyber invented a breakthrough new technology to address this gap

Trinity Cyber is on the forefront of the cybersecurity industry to help enterprises and governments run their business more confidently and securely. We combine unparalleled detection accuracy (with the perspective of an endpoint solution) with automated responses at the network level—responses not achievable by any other network solution on the market.  Our technology is designed to sanitize Internet traffic and files without disrupting business operations.

Leading commercial enterprises as well as federal/state government agencies turn to Trinity Cyber to help them dramatically advance their network security by:

  • Removing conditions adversaries exploit with CVEs to enable protection as patch management cycles catch up
  • Advancing Zero Trust security initiatives
  • Complementing scanning and endpoint investments to significantly increase security

Experts Agree We Are Different

  • Gartner awarded and recognized Trinity Cyber with the 2020 Cool Vendor for Network and Endpoint Security Award
  • Trinity Cyber VP of Threat Analysis, Jeremy Brown won Security Innovator of the Year honors in the 2021 SC Media Awards
  • Dark Reading selected Trinity Cyber to its list of 11 Cybersecurity Vendors to Watch
  • Tech titans including malware expert Michael Sikorski and cybersecurity industry pioneers Ron and Cyndi Gula recognize Trinity Cyber’s technology as "a dream come true for the good guys"
  • Trinity Cyber is led by recognized and respected leaders in cybersecurity, and our technology is built by experts with decades of experience defending the nation’s most sensitive communications and information systems

A Closer Look at Trinity Cyber Technology


Uncovering Threats

  • Network detection with endpoint fidelity
  • Better than near zero false positive rate
  • Full context (context and metadata) detection of files and protocols
  • Detects traffic inline, bi-directionally, at line speed

Actions Beyond Block and Alert

  • Remove and alter malware and exploits from network sessions
  • Modify command and control traffic from various malware campaign stages
  • Alter content in files and protocols to disarm and prevent unknown attacks
  • Place specific content (e.g., a "canary") in a file so customers and endpoint solutions can track network actions thoroughly to or from the endpoint

Managed Service Delivery

  • Delivered through a service edge architecture and managed out-of-band
  • Managed service to minimize operational disruption
  • Complements existing cybersecurity infrastructure
  • Supports your SOC operations with cybersecurity experts monitoring 24/7/365

Treating the Techniques That Hackers Use Is Game-Changing

Trinity Cyber not only detects and neutralizes individual attacks but also uncovers and defeats the strategies and methods used by the attackers. Exposing and neutralizing adversary techniques has a profound effect at speed and scale. The capabilities developed by our team of reverse engineers, malware analysts and threat hunters address and defeat entire categories and families of threats at their root cause. Because many individual attacks share similar techniques for delivery, Trinity Cyber can prevent known and unknown payloads.

Our creation and use of “formulas” are an example of the innovative, tangential approach we apply to cybersecurity. A formula is a piece of code, written in JavaScript Object Notation (JSON), that enables us to identify and take specific actions that alter/interfere/transform the outcome of attacks from adversaries. Our formulas can address entire categories and/or families of threats since many individual attacks often utilize similar strategies and/or methodologies. By taking this approach, we very efficiently expose and neutralize threats with a near-zero false positive rate and with less than one millisecond average latency.

Threat Briefs

  • EternalBlue
    Server Message Block (SMB) protocol exploit used in many ransomware attacks
  • TrickBot
    Trojan bot often spread through spear phishing
  • SIGRed
    Wormable DNS vulnerability Microsoft® servers
  • TwoFace
    ASPX web shell granting attackers access to web servers
Subscribe to Future Briefs

A Unique and Powerful Technology

Trinity Cyber combines the best attributes of network security with the application layer fidelity of endpoint security. Before traffic interacts with your network, every session is fully staged, parsed and deeply inspected. Our automated response actions neutralize command and control traffic, remote code execution, exfiltration of data, and embedded malicious code. Our unique capabilities include:

tc_diagram_stopping-the-attack-1_v2 (1)-1

Traffic Inspection from Outside Your Network

Because the security appliances on corrupted networks also could be compromised, traffic inspection must be performed outside the network, inline (not in a sandbox) and out-of-band, in a manner that can detect and neutralize command and control traffic, remote code execution, exfiltration of data, and embedded malicious code.

Defeating the Techniques Stops Ransomware

Trinity Cyber detects and defeats ransomware threats and techniques, protecting your network and critical assets before ransomware can attack. For instance, the Darkside ransomware group has successfully used Cobalt Strike and CertUtil in attack campaigns. We outfox these techniques and keep customers safe.

Advancing the Zero Trust Paradigm

The Trinity Cyber solution also advances the Zero Trust network security paradigm allowing organizations to manage their network security under the assumption they are already compromised.

Going Beyond NGFWs and IPS

Trinity Cyber’s technology can detect and prevent network threats that Next Generation Firewalls (NGFWs) and Intrusion Prevention Systems (IPS) may miss—including command & control traffic within protocol fields and file content.

Actions Beyond Block and Alert

By expanding beyond traditional static indicators and packet-based technologies, Trinity Cyber created and refined a repertoire of methods to undermine the malicious tactics, techniques and procedures used by some of the most sophisticated adversaries in cyberspace.  Our technology examines the full session, bi-directionally across multiple protocols, with application layer fidelity to act on the traffic with extreme precision and automated preventive controls. It prevents the use of malicious techniques inside of network sessions and provides value consistent with the customer’s risk profile while sustaining business continuity, maintaining a responsible and appropriately narrow scope, and informing the customer of every action taken on their network traffic.

Trinity Cyber’s technology establishes every session at rest, pairing the request and response. The patented technology then removes obfuscation and parses protocol fields and files, down to their sub-objects. With this contextually rich view of the session and its payloads, the Trinity Cyber engine then exposes the exploitive conditions employed by the adversary (not indicators, but actual conditions). The solution then matches actual exploitive techniques and conditions with automated responses that neutralize threats inline, in either direction. The automated responses include altering, removing, or replacing payloads, command and control (C2) traffic, entire files, and code strings within files and protocol fields. The appropriate action is the result of effects-based planning performed by Trinity Cyber analysts and malware reverse engineers with customer input and control.

Our advanced technology empowers automated response actions on files and protocols. We provide superior threat action capabilities beyond block/alert, including modify, remove and replace to:



Alter Exploits in Flight
  • Alters content of remote code exploits to disable them inline
  • Neutralizes tailored payloads from APT groups


Make It Disappear
  • Drops malware/exploits/command and control out of network sessions
  • Removes web-based exploit delivery mechanisms out of response bodies
  • Removes malicious content hidden within files


Swap Malicious For Benign
  • Replaces files, sub-objects within files and protocol content
  • Nearly anything can be replaced with artifacts findable by defenders

As a result, you can now fully stage, deeply inspect and take targeted actions on all Internet traffic (not just web traffic) before it enters and as it leaves your network. Our targeted actions allow you to modify payloads and techniques to neutralize threats inline, not in a sandbox. Perhaps most impressively, this occurs automatically with an average processing latency of less than one millisecond.

Making Existing Security Infrastructure Better

Trinity Cyber improves performance of security infrastructure:

Copy of ideas for more colorful Trinity web panel

Firewall/Next Generation Firewall

Trinity Cyber improves the performance of your firewall and protects it and all of your security boundary devices from attack by logically sitting outside the customer network and out-of-band

Intrusion Prevention Systems

Trinity Cyber performs a level of inspection that today’s IPS cannot perform, catching threats without pattern matching or static indicators, often tripling the performance of these security assets

Network Detection and Response

The service integrates into security operations, and its countermeasures can wrestle C2 from hackers and insert customizable tracking beacons for NDR teams and tools

Trinity Cyber’s managed service actively detects and neutralizes threats before they reach your systems and users. We are very complementary to and work cooperatively with your existing security infrastructure to speed adoption, minimize operational disruption and deliver business value. In short, the Trinity Cyber team augments your SOC and customizes response actions based upon your preferences.


Removing the Conditions Adversaries Exploit with CVEs

Trinity Cyber removes conditions adversaries exploit in widely known vulnerabilities, regardless of the specific exploit code or delivery infrastructure. For instance, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently published an advisory regarding the top five Common Vulnerabilities & Exposure (CVEs) nation-state actors successfully exploit:

  • Trinity Cyber removes ALL of the conditions associated with these vulnerabilities out of the network traffic

In addition, the NSA also reported on the top 25 vulnerabilities exploited by nation-state threat actors:

  • Trinity Cyber exposes and removes ALL 20 of the network-facing vulnerabilities in the NSA’s report

Hundreds of CVEs, such as Equation Editor and others, employ a multitude of techniques including reconnaissance, exploitation, command and control, and exfiltration. Classified indicators become less relevant when full session inspection and inline active defense enable actions such as remove, replace or modify within the network session. With full session inspection and extremely accurate processing, Trinity Cyber detects nation-state and other threats wherever they may be in the network session.

Delivered as a Service

We deliver our highly advanced active intrusion prevention as a fully managed service to speed adoption, minimize operational complications and deliver value as quickly as possible. Trinity Cyber operates the advanced technology, and our customers benefit from clean traffic and safe connections to the Internet.

Our service is delivered through a service edge architecture and managed out-of-band. It operates outside your traditional security perimeter, protecting that perimeter and sitting invisibly between your network and the Internet. In situations where intelligence comes out after the fact, Trinity Cyber customers have the capability to quickly prevent attacks with minimal effort on their security teams and operations.

Comprehensive Threat Prevention Is Within Reach

There are many examples of how our advanced technology delivers value from initial deployment. For instance, Trinity Cyber bolsters defenses by thwarting and remote code execution (RCEs) from exploiting an existing security perimeter while the patch management cycles are still a work in process. In addition, we enable you to:

  • Remove malicious content like malware and exploits from network sessions
  • Replace malicious content within files and protocols with customizable rules
  • Alter and neutralize malicious attacks such as RCE
  • Protect networks and the internal and boundary security tools protecting them
  • Take operational control of malware campaigns throughout multiple stages

Learn More About Our Leading-Edge Technology 

The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.