The Revolutionary Trinity Cyber Engine

Automated Protection and Prevention Against Cyber Threats

The Biggest Innovation in Cybersecurity in Over a Decade

  • Full session, contextual deep content inspection
  • Automated bi-directional preventive controls beyond block and alert
  • Sub-millisecond performance
  • Near zero false positives

Trinity Cyber invented and are the first to create a breakthrough, patented technology called the Trinity Cyber Engine. Trinity Cyber offers customers two service lines that are built upon this revolutionary Trinity Cyber Engine. For our TC:Edge service line, it deeply inspects and modifies Internet traffic at line speed and in both directions to remove hacking techniques, remove exploits and malware or prevent them from functioning. It can overcome obfuscation and defeat the threats and techniques used by attackers with a near zero false positive rate and an average latency of less than one millisecond.

TC:File employs the Trinity Cyber Engine to protect customers from file-based threats by leveraging its rapid threat detection, threat intelligence, context, and forensic parsing capabilities. It is tuned to defeat cybercriminal tactics, techniques and procedures (TTPs) used in file-based attacks, and delivers superior results with incredible speed and advanced accuracy to detect malicious threats deep within files that others miss.

See More, Do More and Stop More

With Trinity Cyber’s Groundbreaking Technology

"A fundamentally new cyber solution was needed, and no other company's technology can do what ours delivers for customers today. While other vendors build Zero Trust into your cloud access, we build real trust into your Internet access."

—Thomas P. Bossert, President of Trinity Cyber (and National Security Analyst for ABC News)

IPS and SWG are No Match For Today's Cyberattacks and Threats

Many organizations rely upon IPS and SWG to protect their users and data from ransomware and other attacks launched by advanced cybercriminals and nation-states. All too often, they discover their ability to detect, mitigate and prevent these threats are inadequate and ineffective because they are:
  • Overly reliant upon static indicators and signatures
  • Unable to deeply and contextually interrogate the contents and directionality of network traffic
  • Markedly restricted in their ability to act as a preventive control because they only block or alert but do not address already corrupted traffic

Modern threats launched by cybercriminals and nation-states outmaneuver and avoid detection, and targeted organizations remain vulnerable and at risk. In addition, current IPS technology announces its presence and actions to the hackers, making their work even easier.

A fundamentally new approach is required to deliver automated, preventive controls to detect, mitigate and prevent modern cyber attacks and threats.

While others fail, Trinity Cyber delivers.

Detect, Defeat and Prevent Attacker Threats and Their Techniques

Existing network security technologies do not achieve the depth, context, and accuracy at the speed needed to prevent threats inline. They produce alerts based on inferences. We invented the patented Trinity Cyber Engine, the first technology that can accurately inspect full session Internet traffic so quickly it can remove exploits and malware or prevent them from functioning inline in both directions.

Full Session, Contextual Deep Inspection

Traditional security technologies have shortcomings exposing and preventing threats where they actually exist - deep within the content of network sessions. They also lack the ability to operationalize rich contextual information about adversary tactics, techniques and procedures (TTPs). Attackers often implement common techniques such as obfuscation, encoding and complexity within files and protocols as part of their attack or they simply swap the IP address or domain they are using. These techniques help them successfully penetrate their target's security infrastructure with alarming success.

With TC:Edge Trinity Cyber's Engine delivers the modern approach to threat identification and detection. Its revolutionary and patented technology does not rely upon pattern matching or indicators of compromise (IOCs) to detect and identify attacks and attacker TTPs. It can overcome attacker obfuscation techniques that often cause other security technologies to miss threats and malicious content hidden deeply within Internet protocols, files, and sub objects.

The Trinity Cybers Engine establishes every session at rest, pairing the request and response. It then fully and contextually inspects all Internet traffic, parsed to the application layer, before it enters or leaves a customer's control. It removes obfuscation that is often challenging for other technologies to overcome and parses protocol fields and files to the sub object level. With this contextually rich view of the session as well as its protocols and payloads, the Trinity Cyber Engine exposes the exploitive conditions employed by attackers. This deep, contextual level of inspection, performed in mere fractions of a millisecond, reveals the attacker TTPs, specific threats, obfuscation, CVEs, and other content critical to not just alerting but neutralizing the attack.

Actions Beyond Block and Alert

To deliver truly automated threat mitigation and prevention on all network traffic, Trinity Cyber has invented new actions that act precisely on cybercriminal TTPs, threats and malware. The powerful actions we employ in TC:Edge are far more sophisticated and enduring than traditional block and alert. Specifically, the Trinity Cyber Engine can automatically modify, remove and replace exploits and malware or prevent them from functioning in both directions in less than a millisecond.

TC:Edge Automated Threat Mitigation and Prevention

Once the exploitive conditions are detected and identified, the Trinity Cyber Engine matches the actual exploitive techniques and conditions with automated actions that neutralize threats inline, in both directions. The automated actions include modifying, removing, or replacing payloads, C2 traffic, entire files, and code strings within files and protocol fields.



Alter Exploits in Flight
  • Alters content of remote code exploits to disable them inline
  • Neutralizes tailored payloads from APT groups


Make It Disappear
  • Drops malware/exploits/command and control out of network sessions
  • Removes web-based exploit delivery mechanisms out of response bodies
  • Removes malicious content hidden deeply within files - or removes the file


Swap Malicious For Benign
  • Replaces files, sub-objects within files and protocol content
  • Nearly anything can be replaced with artifacts findable by defenders

The actions executed are the result of planning performed by Trinity Cyber analysts and reverse engineers with customer input and control. All detection and automated actions are executed with an average latency of < 1ms and with a near zero False Positive Rate accuracy. Once the corrupted traffic has been treated, the cleaned traffic then completes its path to its destination.

Notifications of every threat mitigation are delivered immediately to our web-based portal or to your SIEM through direct integration of an Application Programming Interface (API). Each notification includes information on the threat, the technique used by the adversary, the preventive action executed by the Trinity Cyber Engine on the customer's behalf, and a rich, extensible compilation of session metadata and threat intelligence.

Defeating File-Based Threats

For customers in need of protection from file-based threats that often begin with corrupted files, the Trinity Cyber Engine is also used to detect and reveal file exploits, malware and obfuscation techniques hidden within files. It is a faster and more precise alternative to traditional approaches such as sandboxing, CDR and forensic tools. Using the Trinity Cyber Engine, TC:File defeats many obfuscation techniques used by attackers and parses files to reveal their sub-objects. It exposes the actual exploitive conditions hidden deeply within files by the attacker and does not rely upon indicators as others do. As a result, the Trinity Cyber Engine detects maliciousness within files with impressive accuracy and exposes threats that are often undetected by other technologies. It can also deliver sub-second verdicts on file maliciousness, highly valuable metadata for every parsed sub object, a parsing view of the file for forensics, and rich threat intelligence.

Contracts and Procurement Information

Government and Education Customers

Threat Mitigation and Prevention
Case Studies

  • NEW
Taking Maui Ransomware off the Table
  • NEW
Stopping BlackCat Ransomware Cold
  • NEW
Ending Cryptomining on the Network
  • NEW
Defeating OSX.pirrit Malware
Preventing Redline Infostealer Attack
Stonewalling Obfuscated Javascript
Preventing SIGRed Attacks
Detecting TrickBot
Uncovering EternalBlue Exploits
Blocking CurveBall Attacks
Removing Ryuk Ransomware
Stopping BlueKeep Attacks
Beating TwoFace Attacks
Uncovering Citrix ADC Exploits

Trinity Cyber Engine Is Not Vulnerable to Apache Log4j Exploits


The Trinity Cyber Engine is not vulnerable to Apache Log4j exploits. Our technology does not employ the affected library in any direct systems, so customer data is not vulnerable to Apache Log4j exploitation.

To protect customers, we deployed an update within hours preventing inbound Apache Log4j exploits. We remove Log4j scanning attempts from parsed network traffic, even when it is highly obfuscated. We are actively hunting on customer traffic and discovering new deployment methods and obfuscation techniques of this exploit to continuously improve our detection and threat mitigation capabilities.

Most importantly, Trinity Cyber customers were protected from attempts to exploit this vulnerability swiftly after the vulnerability became known, while others were scrambling to monitor and patch their systems.