By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Using Triumfant for Secure Configuration and Change Management
Share
Notification Show More
Latest News
ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing
become a data scientist
Boosting Your Chances for Landing a Job as a Data Scientist
Jobs
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Using Triumfant for Secure Configuration and Change Management
Security

Using Triumfant for Secure Configuration and Change Management

BryanHalfpap
Last updated: 2011/07/25 at 4:56 PM
BryanHalfpap
9 Min Read
SHARE

Triumfant LogoIt’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend.

Contents
How are anomalies detected?Remediation:Taking it further:Past and Present:

Triumfant LogoIt’s late Monday morning when your computer security department notices that a suspicious message has been emailed to most of the email addresses at your company. It contains a malicious PDF that exploits a new vulnerability that came out over the weekend. The patch hasn’t been applied to the company workstations yet, and it’s too little, too late by the time the email goes out telling everyone not to click on the links.

By the time inboxes are scrubbed and most of the infections have been catalogued it’s clear that this is going to be a security nightmare, since a few dozen machines have been compromised. The attack will take a week or more to fix as desktops are reloaded, servers are checked for more intrusions, and any data losses are reported to the proper authorities.

This is how computer security has been operating at most corporations for a decade. Now enter the world of Secure Configuration and Change Management, or SCCM. SCCM can take the infection turnaround time from days and weeks to minutes or hours, and one of the products leading the charge is Triumfant.

More Read

cloud data security in 2023

Top Tools for Your Cloud Data Security Stack in 2023

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices
A Guide to Using XDR Threat Protection to Stop Data Breaches
Anti-Spoofing is Crucial for Data-Driven Businesses
Fortifying Enterprise Digital Security Against Hackers Weaponizing AI

Triumfant’s Configuration and Change Management Tool is an almost completely self-sufficent heuristic scanning software algorithm that manages to neatly sidestep some of the problems with traditional heuristic detection using a combination of patented intellectual property and a gradually changing baseline scanner that is able to move with an IT environment instead of against it.

In a Triumfant environment, baseline behaviors are scanned in groups weekly. These weekly scans are then compared against nightly aggregations of endpoint scans. The nightly aggregations are in turn made up of changes tracked by the user-agent on the endpoint. By comparing gradual baselines within user-defined groups, Triumfant is better able to understand what is and isn’t anomalous, thereby eliminating false positives and negatives.


How are anomalies detected?

The agent on the endpoint hashes all of the files on the hard disk with a cryptographic algorithm, generating a fingerprint for each file. If a file is changed, then the hash will change, signaling a need to compare the old and new versions. The endpoint agent then performs change detection sweeps, comparing hashes of older scans against the MD5 hashes of the current scan. When something changes, a flag is raised and an entry is made in a local change database. The agent also scans a list of over 3000 metrics (such as registry settings) that determine the behavior of the computer.

Every minute, the client makes a connection request to the Triumfant server. If the server responds with a request for the list of recent changes (which it does by default every night) the list is uploaded. All databases and lists are encrypted and signed.

When a rouge application, malware, or an unauthorized user make changes in the system registry, adds files to the hard drive, or modifies critical files in system directories, the endpoint client detects these changes and adds them to a behavior profile. If the behavior is deemed to be malicious, Triumfant flags it as a rouge application and gathers the related system events and changes up into a single, coherent event and prepares them for reversal in remediation. No white- or black-listing is used in this technique, meaning that the server does not need to be constantly updated with new profiles or lists, other than Microsoft windows update signatures, which are used to help determine the patch status of a machine.


Remediation:

Once an undesirable change or application has been discovered, and cataloged, it is presented to an administrator via the Triumfant web interface. The web interface is a highly customisable AJAX application that allows for the creation of new views, reports with charts and graphics, users with different groups and permissions, and the ability to remediate issues with only a few simple clicks.

Simply click on the problem, then click on the remediation button in the left-hand corner. The remediation will be performed automatically by the tool, then put into the list of remediated issues automatically. If for some reason the remediation cant be performed, then it is placed in the “unsuccessful remediation” category. Unsuccessful remediations are not commonplace. Even if important system files are deleted or corrupted, computers in the same group are able to copy files for other group members to use, provided that the hash values matched before corruption or deletion.


Taking it further:

Triumfant has extrapolated on their heuristic detection and automatic remedition because the scanning technology behind it can do so much more. Triumfant scans over 3000 parameters for use in their tool, and it collects this data inside of a large, highly-opimised database, allowing it to be easily used for other applications, such as compliance testing.

Inside of the Triumfant server tool, administrators can import SCAP files to use as templates in compliance testing. Once Triumfant has scanned it’s member computers and determined that they are outside of compliance, the template will be used to build remediations against whatever parameters are out of alignment with the SCAP specifications.

Triumfant can also take the data from its database and insert it into a variety of third-party applications with which it has integration, including ePO and the Remedy ticketing system for high cohesion with existing software. Triumfant has custom-built integration for custom ticketing and tracking systems as well.


Past and Present:

Due to the problems associated with heuristic detection, most CCM software has not seen deep market penetration. Triumfant’s tool has been around for some time, having been fire tested at the pentagon for almost 4 years now, while the company has been around since 2002.

In the next few months, Triumfant will be debuting an updated version of their tool that is able to perform all of it’s functions on Macs as well as Windows computers. By the end of the year a Unix or Unix-variant (Linux, BSD, Solaris) should be out, followed by smartphone variations.

Tools such as Triumfant may very well become the future of computer security configuration management over the next few years. Tools like those provided by Triumfant offer ease of use without sacrificing security, bringing thousand-system compliance requirements into the reach of even small IT security departments. It’s ability to remediate nasty infections (like rootkits) give it a leg up on many anti-virus vendors which must release signatures, patches, and fixes and which will forever lag behind heuristic detection technology.

BryanHalfpap July 25, 2011
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

You Might also Like

cloud data security in 2023
Cloud Computing

Top Tools for Your Cloud Data Security Stack in 2023

7 Min Read
cybersecurity simulations
Artificial IntelligenceExclusiveITSecurity

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices

7 Min Read
data breach issues
Security

A Guide to Using XDR Threat Protection to Stop Data Breaches

6 Min Read
anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?