Trinity Cyber Expands Global Operations to Meet Growing International Demand >>
Request Demo

Address CISA BOD 22-01 Overnight.
Be Compliant and Reduce the Significant Risk of Known Exploited Vulnerabilities.

grey-arrow

Trinity Cyber Defeats Most Actively Exploited CVEs

Attackers use only a fraction of the CVEs on the KEV list to exploit devices and networks from the Internet. Trinity Cyber finds and removes exploits out of network sessions for the most exploited CVEs on the KEV list. See how we stack up against the GreyNoise Intelligence list of the top trending vulnerabilities.

Learn more >>

right-chevron-dkblue

How Our Cutting-Edge New Capability Makes You More Secure and Compliant With CISA BOD 22–01.

CISA BOD 22-01 — Reducing the Significant Risk of Known Exploited Vulnerabilities 

  • New Tech. The powerful TC:Edge service decrypts, stages, and deeply inspects the content of network traffic to look for the actual presence of KEV exploit attempts—not for hashes and IOCs—and the technology can modify the traffic to prevent the attempt from working, without disruption business continuity.
  • New Capability. The industry is no longer confined to the binary option of block or allow—it can now see the problem and DO SOMETHING ABOUT IT.
  • Immediate Results. The accuracy and fidelity of this approach allows TC:Edge to deploy enduring, high fidelity, automated controls that detect and mitigate all the actively exploited CVEs that contain known network artifacts on the KEV list, which equates to overnight mitigation.
  • Affordable. The team at Trinity Cyber manages this technology as a service for the cost, depending on the size of the customer network, of two or three FTEs.

Learn More About Each Mandate

cisa bod-22-01-v3c

TC:Edge CISA BOD 22-01 Compliance

  • CISA keeps a catalog of more than 800 known exploited vulnerabilities (KEV)
  • All federal civilian executive branch (FCEB) agencies are required to remediate vulnerabilities in the KEV catalog
  • TC:Edge automatically mitigates all vulnerabilities in the KEV catalog for which there is an active exploitation or published proof of concept (POC) – Regardless of IOC, the TC:Edge difference is its enduring nature and automated mitigation

Example

Recently, the cybersecurity community discovered a “packer” technique used by foreign hackers and shared as much information with US companies as possible about the technique and the known hashes that could be used to try and stop future attempts. All other network security vendors take a whack-a-mole approach, including the hash in its block or allow engine as part of its hash matching logic. If the specific malicious file traverses such a dumb system, it is often blocked and sometimes allowed into your network with an alert that requires you to chase it down.

However, with TC:Edge, it is now possible to knock campaigns like this out altogether with one Formula, and not only rely on blacklist hashes that are often evaded the same day they are created. The day the community shared the details of this packing loader campaign, TC:Edge was programed to cover this threat with a formula-based solution for any variants of the loader found in this campaign, no matter how many new hashes are generated. It took 3 hours to develop this holistic Formula (all appropriate intelligence gathering and testing accounted for).

To go a bit deeper, our detection focuses on Portable Executable (PE) files that have a specific LZMA and XOR encoding sequence within sections of the binary. The technique found in these loaders is agnostic to the payload (one example or which was mentioned in the sharing report) and the Trinity Cyber team will continue to evolve the formula as necessary as we do more research. All included in our service.

Example

The Log4j vulnerability, discovered in December 2021 remains a serious flaw that put millions of devices at risk and continues to be widely exploited by threat actors. In late 2021, CISA required all federal civilian departments and agencies to assess and immediately patch systems or implement mitigation measures. While many scrambled to monitor and patch systems within the first hours of disclosure, Trinity Cyber rapidly deployed formulas to keep customers protected from attempts to exploit the Log4j vulnerability. Trinity Cyber’s core technology is not vulnerable to Log4J exploits and does not employ the affected library in any of its direct systems. Our customer data is not vulnerable to Apache Log4j exploitation. Trinity Cyber customers were and still are protected from this vulnerability.

"Trinity Cyber’s profound technical breakthrough is designed expressly to ‘shift the advantage to the defenders.' I and the Trinity Cyber team are delighted that the Biden Administration’s National Cybersecurity Strategy recognizes that as the core goal for our country.”

Thomas P. Bossert, President at Trinity Cyber, Inc.

Worried about these mandates? We have you covered. Learn more below.

headshot-johnfraser"Major institutions, including federal agencies, universities, and large enterprises in a dozen verticals are deploying Trinity Cyber at massive scale and with great effect," says recently appointed Director of Federal Business, John Fraser. "These organizations are achieving dramatically better security results with Trinity Cyber, including neutralizing and preventing entire classes of threats, virtually patching hundreds of CVEs, catching threats missed by other security products, reducing false positives to a rate that is better than 0.03%, and decreasing incident response workloads."

Talk to a security expert today to see a live demo or learn more about options to buy through our strategic partners or contract holders.