Triumfant’s CEO Shares 4 Smart Ways to Boost Your Computer Security on a Tight Budget with Inc. Magazine

40_Inc_MagazineJohn Prisco, CEO of Triumfant, recently sat down with Inc. Magazine columnist Minda Zetlin to discuss the computer security landscape.  With companies like Target and Premera unable to protect themselves against hackers, what hope does a small company have?  As John explains, anti-virus software catches only 20 percent of the bad stuff.

“Business users are so accustomed to anti-virus software popping up and saying, ‘We just removed XYZ virus, have a nice day.’ On a good day, anti-virus software might be able to detect 20 percent of the attacks that are occurring.”

Prisco goes on to offer sound advice to small businesses on how best to safeguard their technology without a big financial outlay.  His top four recommendations include:

  1. Stop paying for anti-virus software
  2. Consider a managed services provider
  3. Insist on two-factor authentication
  4. Keep pace with updates and patches

To read the full article and supporting commentary for each of the four recommendations, visit:



When the World Talks Security: Triumfant at RSA 2015

RSA2015It’s fast approaching.  That time of year when IT security professionals, vendors and thought leaders take over San Francisco for four days to discuss, debate, network and commiserate about the global security landscape.  Triumfant has a number of see-and-be-seen events on its schedule.  Below is a recap of where and when Triumfant’s CEO John Prisco will be during the 2015 conference.  We hope to see you there!

Monday, April 20 — America Growth Capital’s 11th Annual West Coast InfoSec & Tech Growth Conference. 

John Prisco will once again participate as a guest speaker and panelist at this invitation-only event taking place at the nearby Park Central Hotel.

AGC’s West Coast Technology Conference is one of the largest and most influential technology conferences in the U.S. drawing in more than 1,200 technology entrepreneurs, investors and buyers over this two-day event. The 11th Annual West Coast conference will feature roughly 250 presentations by CEOs from the hottest public and private technology companies and 15 panel discussions on timely tech and investing trends moderated by industry leaders. John Prisco is scheduled to present at 3:00 p.m. during the April 20th afternoon session. For more details visit:

Tuesday, April 21 — The Security Shark Tank.  

Triumfant will participate in the inaugural Security Shark Tank event produced by Security Current. Similar to the popular television show, this event brings together security firms with potential investors and prospects (i.e., sharks) to pitch their business and ultimately secure an evaluation, proof of concept or sale.  The Security Sharks are seasoned security executives committed to protecting enterprises and government organizations in the United States and around the world.  To learn more about the event visit:

Wednesday, April 22 — RSA Conference Exhibition Hall 

Members of the Triumfant sales and executive team will be available throughout the conference to meet with prospects, customers and other industry pundits.  If you are interested in scheduling one-on-one time while at RSA, please contact us directly by visiting:

See you in San Francisco!




Triumfant on Fox Business Opening Bell: Can We Stop Cyberattacks?

Fox_Business.svgTriumfant CEO John Prisco was featured on today’s Opening Bell on Fox Business.  The segment discusses the recent attacks on major healthcare payers and providers and how companies, and individuals, can better protect their sensitive health information from malicious exploits.

See the video here:

Why PCI Compliance Isn’t Good Enough Security: Verizon’s 2015 PCI Compliance Report

200x150Executive_SummaryThe Verizon 2015 PCI Compliance Report was published this week.  This annual report has become a barometer for payment security compliance and indicator for how organizations are prioritizing customer card data protection.

This year’s findings show that PCI DSS compliance overall is improving, and companies are making data protection more of a priority by investing in their cybersecurity budgets.  The bad news is that ongoing attention is low, and data security overall is still inadequate.  The report highlights a PriceWaterhouse Coopers survey of 9,700 companies detecting nearly 43 million security incidents in 2014, a compound annual growth rate of 66 percent since 2009.  With the attacks coming fast and furious, the stakes involved in protecting payment data have never been higher.  According to Verizon, 45 percent of Americans say they or a household member had been notified that their credit card data had possibly been stolen in a data breach and 69 percent of consumers said they would be less inclined to do business with a breached organization.

The most startling statistic from the Verizon report was the fact that of all the payment card breaches forensics team had investigated over the last 10 years, not a single organization was found to have been PCI DSS compliant at the time of the breach. 

Ongoing security of cardholder data and POS terminals should be the driving objective behind all PCI DSS compliance activities, as opposed to achieving a passing compliance report and then subsequently letting security practices go adrift – PCI compliance is not “good enough” security.  Data security cannot just be an annoying “box you check” once or twice a year.  It has to be a pro-active, all-day, everyday priority.  As the Verizon report puts it, “security is something you do, not something you have.”

Meeting the 12 requirements set by the Payment Card Industry (PCI) Data Security Standard (DSS) is not enough to protect your organization from a major breach. Being compliant doesn’t mean that systems or customer data is protected.  Too many companies fail to make payment security an all-day, every day priority.  Retailers must take a stronger security posture to properly guard against the malicious intent of cybercriminals.  This means ensuring endpoints are monitored and audit ready every day – not once a month or once a quarter.  Too much can happen in the 30-90 days between PCI compliance checkpoints and the risks are too great for retailers not to have instant detection and rapid response capabilities in place.

Join Triumfant and 451 Research on Wednesday, March 25 as we examine how retailers can stay ahead of threats to POS systems and why PCI compliance isn’t a sound defense or “good enough” security. The webinar will address:

  • How to keep your POS terminals safe and running optimally every day – even in between monthly PCI audit intervals and testing
  • Understand the shortcomings of a compliance-based standard like the PCI DSS and how to overcome them; make compliance activities benefit security posture – not just check a box
  • Learn how to respond quickly to sophisticated attacks that bypass traditional defense tools
  • Discover how to monitor the memory of each computer in your network, where most advanced attacks happen and go undetected
  • Better understand the importance of proper incident detection and response strategies

Register today at:

2015 Cyberthreat Defense Report: Attacks on the Rise and Confidence Sinks

The second annual Cyberthreat Defense Report from our friends at CyberEdge Group is out today.   The survey of more than 800 security decision makers and practitioners found that more than 70 percent of respondent’s networks had been breached in 2014 — up from 62% in 2013.  Consistent with the findings of last year’s report, IT security spending is increasing, but confidence is falling, with the majority of respondents expecting to be  breached in the next 12 months despite all of their efforts.

Other key findings include:

  • 52% of respondents believe a successful attack is likely in 2015
  • 61% of IT security budgets are rising in 2015, up from 48%
  • Phishing, malware, and zero-days concern respondents most
  • 59% saw a rise in mobile device threats in 2014
  • Low security awareness among employees is greatest inhibitor
  • 67% intend to evaluate new endpoint security solutions

CyberEdge 2015 CDR Infographic

This complimentary report, for which Triumfant is a sponsor,  provides a 360 degree view of organizations’ security threats, response plans, processes, and investments. Security decision makers and practitioners were surveyed in December 2014 across North America and Europe.  To access the full report click here.

Triumfant Launches AtomicEye — Ends the Global Malware Endpoint Epidemic

atomic-eye logo finalWe are excited to announce the launch of AtomicEye today — the latest version of our endpoint security agent for Windows-based and Mac OS X environments.

Cyber criminals are more persistent and creative than ever, corrupting government and corporate IT systems – resulting in great economic damage to corporations, government agencies, and the global economy.  An alarming 95 percent of all U.S. enterprises claim that they are being successfully attacked today. Those same organizations report an average 200 day latency period between when an attack has occurred and when the breach is discovered – allowing ample time for attackers to extract huge amounts of data as seen with the targeted attacks at Sony, Home Depot and Target.

An epidemic is at hand and the magnitude of these security failings requires a completely new approach: one with a greater dependency on immediate detection and automatic remediation based on deep analytics and an atomic view into machine assets and change behaviors.  AtomicEye’s central purpose is to ensure that once inside a company’s or government agency’s systems, no attacker can leave with proprietary information, damage to enterprise systems is minimized, and critical assets are secured. Check out coverage of AtomicEye appearing in eWEEK.

When high-value assets are at risk, instant detection and rapid response is critical.  AtomicEye achieves this by continuously scanning more machine assets than any other endpoint security product – more than 700,000 assets per protected machine. This atomic view allows Triumfant to see an almost infinite set of machine behaviors and trend anomalies that indicate the presence of advanced malware. AtomicEye’s continuous monitoring permits an unprecedented capacity to detect with certainty, in real-time, and at the point of infiltration, persistent or volatile malware.  No signatures or any other form of prior knowledge is needed. As soon as a change occurs a remediation plan is set in motion, making it impossible for damage to be done and/or assets to be compromised,  Within minutes of an attack, Triumfant AtomicEye goes to work, automatically repairing any damage caused and restoring the compromised machine(s) back to its original, clean state. With AtomicEye there are no interruptions or downtime to the business and no human action or interpretation is required.

John Prisco, CEO of Triumfant recently sat down with Forbes magazine to discuss the sad state of cyber security and Triumfant’s revolutionary approach.  He shares: “There is too much of ‘good enough’ security occurring industry-wide. And ‘good enough’ is not good enough, because you see what’s been happening, Many breaches continue for over 200 days before they are discovered. If you don’t find something quickly, what’s the use of finding it at all?” Check out the complete interview here.

To learn more about AtomicEye,visit

Anthem Fails its Security Health Check-Up: 80 Million Affected by Breach

Anthem Inc., the country’s second-biggest health insurer reports hackers broke into a database containing personal information for roughly 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a healthcare company. “Tens of millions” of records have been stolen exposing names, birthdays, addresses and Social Security numbers.  On a positive note, the breach doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers. Most likely the hackers could have easily taken that information also, but were content to leave with what they could carry.

Anthem is just another example of the magnitude, sophistication and volume of breaches that occur on a daily basis, though most go undetected.  Security is no longer about protecting the perimeter and keeping adversaries out, it needs to be about detecting and minimizing the damage once they get inside — stopping a breach before it becomes a full-scale attack.

data breaches

The security industry is coming from a mindset of “fire and forget” where companies think they are safe because they have a well-known, well marketed, antivirus solution in play.  This attitude and faulty thinking needs to change or companies will continue to fall victim to hackers, criminals and nation-state actors at a cost of $3.5 million per intrusion.

Why Do These Attacks Keep Happening?

AV vendors are developing products in a vacuum — they simply don’t address the sophistication of today’s adversary, but they continue to sell huge amounts of product. Organizations then fall prey to the marketing hype and market share of antivirus solutions that don’t work. Traditional security products are easy for hackers to circumvent because they aren’t rigorous.  To be rigorous you must collect enormous amounts of data on each protected machine to find where malware hides.  You must be able to scrupulously monitor the memory of each computer in your network (most advanced attacks happen in-memory and go undetected). And lastly, you need a solution in place that can rapidly detect suspicious activity and create a machine-generated response vs. alerting a team of people that get to the fire too late (as in the case of Target, Sony and probably Anthem).

Triumfant is rigorous.  It continuously scans more than 700,000 assets per protected machine.  Triumfant’s memory process scanner is capable of detecting malware in memory or on the hard drive.  Triumfant detects the presence of malware and automatically builds a remediation plan and repairs the machine, and any collateral damage, within minutes of an attack – not hours, days or weeks.  And, no human intervention is required.  As we see time and again, security teams can’t detect or react fast enough to advanced attacks with alert-driven tools.  Triumfant emphatically closes the breach detection gap, enabling organizations to thoroughly detect and respond quickly to sophisticated attacks that bypass traditional tools.  Anthem and others – take note.