Triumfant has taken a page from products such as Tripwire that look for changes in files, and expanded that to over 200,000 elements that characterize the entire computer and everything on it. But, as they say on the late night infomercials, there's more. Triumfant can perform remediation on the fly and can create pristine machines by taking a known good machine and using it as a donor for the damaged machine. This is a major improvement over most current anti-malware products.
This product behaves a lot like traditional endpoint protection in that it places a lightweight agent on the endpoint. The agent creates a profile of the properly operating device as a baseline. It then looks for changes against the baseline and takes action. However, in addition to looking at an individual endpoint, Triumfant looks at the entire endpoint population and uses that information to give context to its individual scans.
Several years ago, we saw the earliest attempts at behavior-based virus detection. This earlier technology allowed us to identify virus or virus-like activity even if we did not know what the virus was. As operating systems have become more complicated, this technique has become less reliable, as has heuristic scanning. As the number of malware becomes larger, the efficacy of signature-based scanning has become reduced as well, especially with the increase of malware that can change their signatures. It seems to us that Triumfant's approach suggests a way through those challenges.
The problem it solves: Control of malware at the endpoints.
What we liked: Comprehensive approach that depends on profiling a huge number of variables.
What we didn't like: Nothing.