Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
    pexels pavel danilyuk 8112119
    Data Analytics Is Revolutionizing Medical Credentialing
    8 Min Read
    data and seo
    Maximize SEO Success with Powerful Data Analytics Insights
    8 Min Read
    data analytics for trademark registration
    Optimizing Trademark Registration with Data Analytics
    6 Min Read
    data analytics for finding zip codes
    Unlocking Zip Code Insights with Data Analytics
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Using Triumfant for Secure Configuration and Change Management
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Using Triumfant for Secure Configuration and Change Management
Security

Using Triumfant for Secure Configuration and Change Management

BryanHalfpap
BryanHalfpap
9 Min Read
SHARE

Triumfant LogoIt’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend.

Contents
How are anomalies detected?Remediation:Taking it further:Past and Present:

Triumfant LogoIt’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend. The patch hasn’t been applied to the company workstations yet, and it’s too little, too late by the time the email goes out telling everyone not to click on the links.

By the time inboxes are scrubbed and most of the infections have been catalogued it’s clear that this is going to be a security nightmare, since a few dozen machines have been compromised. The attack will take a week or more to fix as desktops are reloaded, servers are checked for more intrusions, and any data losses are reported to the proper authorities.

This is how computer security has been operating at most corporations for a decade. Now enter the world of Secure Configuration and Change Management, or SCCM. SCCM can take the infection turnaround time from days and weeks to minutes or hours, and one of the products leading the charge is Triumfant.

More Read

FedCyber Webinar: The Security Development Lifecycle
How to Steal Data by Enabling a Remote Desktop [VIDEO]
Top 10 Social Engineering Tactics
Heres’s Why Network Discovery Tools Are So Important In 2019
Privacy Threats You Need to Know About

Triumfant’s Configuration and Change Management Tool is an almost completely self-sufficent heuristic scanning software algorithm that manages to neatly sidestep some of the problems with traditional heuristic detection using a combination of patented intellectual property and a gradually changing baseline scanner that is able to move with an IT environment instead of against it.

In a Triumfant environment, baseline behaviors are scanned in groups weekly. These weekly scans are then compared against nightly aggregations of endpoint scans. The nightly aggregations are in turn made up of changes tracked by the user-agent on the endpoint. By comparing gradual baselines within user-defined groups, Triumfant is better able to understand what is and isn’t anomalous, thereby eliminating false positives and negatives.


How are anomalies detected?

The agent on the endpoint hashes all of the files on the hard disk with a cryptographic algorithm, generating a fingerprint for each file. If a file is changed, then the hash will change, signaling a need to compare the old and new versions. The endpoint agent then performs change detection sweeps, comparing hashes of older scans against the MD5 hashes of the current scan. When something changes, a flag is raised and an entry is made in a local change database. The agent also scans a list of over 3000 metrics (such as registry settings) that determine the behavior of the computer.

Every minute, the client makes a connection request to the Triumfant server. If the server responds with a request for the list of recent changes (which it does by default every night) the list is uploaded. All databases and lists are encrypted and signed.

When a rouge application, malware, or an unauthorized user make changes in the system registry, adds files to the hard drive, or modifies critical files in system directories, the endpoint client detects these changes and adds them to a behavior profile. If the behavior is deemed to be malicious, Triumfant flags it as a rouge application and gathers the related system events and changes up into a single, coherent event and prepares them for reversal in remediation. No white- or black-listing is used in this technique, meaning that the server does not need to be constantly updated with new profiles or lists, other than Microsoft windows update signatures, which are used to help determine the patch status of a machine.


Remediation:

Once an undesirable change or application has been discovered, and cataloged, it is presented to an administrator via the Triumfant web interface. The web interface is a highly customisable AJAX application that allows for the creation of new views, reports with charts and graphics, users with different groups and permissions, and the ability to remediate issues with only a few simple clicks.

Simply click on the problem, then click on the remediation button in the left-hand corner. The remediation will be performed automatically by the tool, then put into the list of remediated issues automatically. If for some reason the remediation cant be performed, then it is placed in the “unsuccessful remediation” category. Unsuccessful remediations are not commonplace. Even if important system files are deleted or corrupted, computers in the same group are able to copy files for other group members to use, provided that the hash values matched before corruption or deletion.


Taking it further:

Triumfant has extrapolated on their heuristic detection and automatic remedition because the scanning technology behind it can do so much more. Triumfant scans over 3000 parameters for use in their tool, and it collects this data inside of a large, highly-opimised database, allowing it to be easily used for other applications, such as compliance testing.

Inside of the Triumfant server tool, administrators can import SCAP files to use as templates in compliance testing. Once Triumfant has scanned it’s member computers and determined that they are outside of compliance, the template will be used to build remediations against whatever parameters are out of alignment with the SCAP specifications.

Triumfant can also take the data from its database and insert it into a variety of third-party applications with which it has integration, including ePO and the Remedy ticketing system for high cohesion with existing software. Triumfant has custom-built integration for custom ticketing and tracking systems as well.


Past and Present:

Due to the problems associated with heuristic detection, most CCM software has not seen deep market penetration. Triumfant’s tool has been around for some time, having been fire tested at the pentagon for almost 4 years now, while the company has been around since 2002.

In the next few months, Triumfant will be debuting an updated version of their tool that is able to perform all of it’s functions on Macs as well as Windows computers. By the end of the year a Unix or Unix-variant (Linux, BSD, Solaris) should be out, followed by smartphone variations.

Tools such as Triumfant may very well become the future of computer security configuration management over the next few years. Tools like those provided by Triumfant offer ease of use without sacrificing security, bringing thousand-system compliance requirements into the reach of even small IT security departments. It’s ability to remediate nasty infections (like rootkits) give it a leg up on many anti-virus vendors which must release signatures, patches, and fixes and which will forever lag behind heuristic detection technology.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ESG reporting software
Data Shows How ESG Reporting Software Helps Companies Achieve Sustainability Goals
Big Data Infographic
ai in marketing
AI Helps Businesses Develop Better Marketing Strategies
Artificial Intelligence Exclusive
agenic ai
How Businesses Are Using AI to Make Smarter, Faster Decisions
Artificial Intelligence Exclusive
accountant using ai
AI Improves Integrity in Corporate Accounting
Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Top Financial Risks of Doing Business in the Cloud

5 Min Read
anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read
digital transformation trends big data AI
Business IntelligenceData ManagementExclusiveKnowledge ManagementNewsPolicy and GovernanceSecurity

These 3 Digital Transformation Trends Will Rock AI and Big Data in 2018

7 Min Read

Only 18% of Software Apps Pass Security Tests

0 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?