Triumfant Launches Memory Process Scanner Module to Detect and Stop In-Memory Attacks

November 27, 2013
No Comment


Editor’s note: In-memory computing has been a fast growing trend in enterprise IT. It is a great way to modernize old apps and build incredible new systems that can quickly accomplish what has been impossible to date. But In-memory computing comes with new kinds of security challenges. I am proud to be an advisor to Triumfant and proud to share the press release below that highlights their capability in this space. – bg

Triumfant Launches Memory Process Scanner Module to Detect and Stop In-Memory Attacks 

Solution provides real-time detection, identification, and mitigation of advanced malware that operates in endpoint volatile memory 

Rockville, MD – November 4, 2013 – Triumfant, creator of patented software that automatically discovers, analyzes and remediates advanced malware attacks on computers, today launched its first ever Advanced Volatile Threat (AVT) module to detect and stop “in-memory” malware attacks. The new solution, which is bundled free with Triumfant’s newly-available 5.0 product suite, combines Triumfant’s unique, patented malware detection software with new tools that can accurately track malware functionality operating in the volatile memory of the endpoint machine. Offered to existing customers at no additional charge, Triumfant’s Memory Process Scanner module enables real time detection of a variety of threats that operate by manipulating objects in memory.

Advanced Volatile Threats are malware attacks that take place in a computer’s random access memory (RAM) or other volatile memory, and are difficult to detect because they are never stored to the hard disk. Unlike Advanced Persistent Threats (APTs) that create a pathway into the system and then automatically execute every time a machine is rebooted, an Advanced Volatile Threat enters a machine in volatile, real-time memory, exfiltrates the data, then immediately wipes its fingerprints clean – leaving no trace behind as the computer is shut down.

A key aspect of the Memory Process Scanner is its ability to detect volatile exploits. In the case of an exploit, the malware injects itself into a normal process. Once the malware is running, it may migrate to a different process and download other tools to be used by the attacker. Catching the initial exploit allows the earliest possible detection and identifies the vulnerable process that is being compromised.

“Triumfant’s unique ability to recognize ‘in-memory’ attacks — without relying on prior knowledge or signatures – means that we can provide unmatched defense against today’s most sophisticated cyber attacks from experienced criminals and state-sponsored threat actors,” said John Prisco, President and CEO of Triumfant. “As malicious threats against the endpoint continue to grow in volume, many organizations are focusing on sophisticated threats such as APTs, often neglecting an extremely vulnerable part of the machine: the memory. We believe our new Memory Process Scanner offering is a great way for our customers to complement existing security technologies in their organization and create a multi-faceted defense against today’s most advanced cyber threats.”

Other features of Triumfant’s Memory Scanner module include:

  • Anomalous Application Verification: Automatically links related anomalous behaviors and generates supporting evidence for anomalous applications on the endpoint.
  • Irregular Process Notifications: An attacker will often hide a backdoor process inside another process that doesn’t normally communicate over the network. The Memory Scanner can detect processes as a behavioral anomaly if it tries to communicate over the network.
  • Bandwidth & Authentication: Triumfant’s 5.0 update is more bandwidth efficient than current messaging systems, includes bidirectional authentication to prevent spoofing, and contains message sequence numbers to prevent replay attacks.
  • Second Generation Messaging System: Triumfant 5.0’s new messaging system is based on JSON-RPC over HTTP implemented in JavaScript and can be used to communicate with agents designed for Windows and non-Windows platforms.
  • Management: Installation, verification, operation, and maintenance of the Triumfant malware detection solution is provided with each 5.0 upgrade.

“The security industry has tried many approaches to preventing malware over the years, and some have worked better than others. By now, thanks to numerous studies, everyone should realize that the signature-based approaches of old have limited value,” said Adrian Sanabria, Senior Security Analyst, 451 Research. “Innovations like Triumfant’s memory scanning approach are an important and significant step forward in fighting the battle where it occurs – on the endpoint. Many current technologies address threats directly, taking a single step to prevent an attack. These are easily leapfrogged by the attacker, and have limited long-term value. The industry desperately needs more approaches that address problems at the root, and will force attackers to spend significantly more time and effort to achieve their goals.”

For more information, please visit:

About Triumfant

Triumfant leverages patented analytics to detect, analyze and remediate the malicious attacks that evade traditional endpoint protection solutions such as the Advanced Persistent ThreatZero Day Attacks, targeted attacks, and rootkits. Triumfant automates the process of building a contextual and surgical remediation that addresses the malware and all of the associated collateral damage. Endpoints go from infection to remediation in five minutes without the need to reboot or re-image.

Triumfant uses these same analytics to continually enforce security configurations and policies, ensuring that organizations start every day with their endpoints secure and audit ready.

Please visit us at:

Follow Triumfant on Twitter and YouTube.