Triumfant Expands Partner Connect Program with Addition of Defensative

partnershipWe are pleased to announce that Defensative has joined the Triumfant Partner Connect Program.  As a leading provider of proactive enterprise-level security management services, Defensative is the latest MSSP to join Triumfant’s expanding partner roster.

Offering 24 hours a day, 365 days a year monitoring of client networks, Defensative gives organizations the ability to review real-time security alarms and vulnerabilities and provides tips on how to help better protect their network. By strategically adding companies like Defensative to Partner Connect, Triumfant is able to offer small and mid-size businesses access to advanced malware protection, elevating their network security to a level equivalent to that of Fortune 1,000 enterprises.

Triumfant CEO John Prisco explains: “Triumfant understands that in an evolving marketplace, no single company can deliver all parts of a comprehensive, critical solution.  With the addition of Defensative to our MSSP program, we are able to provide more complete end-to-end IT solutions for our customers.”

Since its launch in October 2014, Triumfant has signed six new resellers to Partner Connect and expects to expand its MSSP program to 15 partners across a global geography by year end. For more information about Triumfant and the Partner Connect program, please visit



Bloomberg TV Appearance: Large Hack Targets Federal Workers. What’s Next?

bloombergTriumfant CEO John Prisco was a featured guest on the Bloomberg television program “Bloomberg Markets” on June 12 to discuss the recent OPM hack.  As more federal personnel records have been hacked than previously reported and U.S and U.S. officials are weighing responses ranging from launching new counterintelligence initiatives to destroying the data in the intruders’ servers, according to people briefed on the investigation.

Host:   Mr. Prisco, why did this happen?

Prisco: Unfortunately, it’s just so darn easy to breach computer systems, whether they’re federal government systems or large enterprises like Sony.  And 90% of the battle is just having good cyber-hygiene.  And by that I mean making sure you do the little things, like patch well your systems.  So many companies, so many agencies have old computers that have come out of support that they’re just not patching them, and it makes it very easy to adversaries.  It’s not like you have to have the A team from China or Russia to do this.  It’s pretty easy.

Host:  Sir, U.S. cyber policy.  Is it sophisticated enough?  Are we behind the curve?

Prisco: I think we’re behind the curve, and it’s primarily because our processes take too long.  When you go through a procurement, it’s going to take 18 months.  There’s going to be a pilot project that will take another year, and by the time it’s implemented, you’re talking about three, three and a half years.  And in cyber terms, that’s a lifetime, so products and systems are being deployed that are obsolete as soon as they are deployed.

Host: Mr. Prisco, am I wrong, but does it seem as if we are always two or three steps behind people who would do us harm in this phase?

Prisco: You’re not wrong.  We are behind, and we’re not playing on a level field.  It’s much harder to play defense.  The adversaries are playing offense and they only have to complete one forward pass and they score.  So we have to defend against everything.  Unfortunately, we haven’t evolved quickly enough, and we’re using twentieth century technology to fight twenty-first century adversaries.

Host: Sir, when you say that I’m shocked, and I’m sure our audience is too, that also begs the question why?  We are in the twenty-first century, and it seems that some of our adversaries in this space, they have better technology than we do.

Prisco:  Well, look at the big companies that are in this space.  They’ve been living off of anti-virus software that we’re all familiar with.  But those products don’t work anymore, because they’re all based on having some form of prior knowledge, what we call signatures.  The bad guys are too smart.  They just say well, I know that this signature exists in this product, so I’m going to write something special just to breach this one individual company or agency.  And in fact, 70 to 90% of all attacks are specifically engineered to go after a company or an agency.

Host: Sir, is then just a question of cost?  What are the economics of beefing up our cyber security defenses?

Prisco: Well I think it’s interesting that budgets are getting cut left and right in the federal government, for cyber security.  And we keep talking about how important this is.  But from where I sit, it’s really not important enough.  Large corporations aren’t doing enough, the government’s not doing enough.  And it’s going to take some major event like knocking the power grid off in the northeast during winter to get people to really pay attention to this.  And that’s a shame.  Every week there’s a breach.  We could have our own show about the breach of the week here.

Host: Is this close to being happen?  Is this something that keeps you awake at night?  The power grid going off, or maybe a nuclear power plant being knocked offline and compromised?

Prisco:  It is worrisome.  Because I believe that all of these systems are still quite vulnerable.  And unless we start using some of the newer technology that’s based on really understanding the DNA or the atomic structure of a computer and looking at anomalous behavior, we’re going to keep failing once we use the prior knowledge techniques of the twentieth century.

Host:  Mr. Prisco, right now the debate seems to be whether cyber security, whether the rules should be voluntary or whether the rules should be mandated by the federal government in terms of or under the auspices of national security.  Where do you fall in this debate?

Prisco:  I don’t think regulation is going to help.  Because if the federal government was going to do something positive about this, they’d do it for themselves.  Now you have over four million federal workers — family of mine, friends of mine, colleagues of mine — that are going to get an 18-month life lock kind of identity prevention policy.  We’re just telling our adversaries, “Be patient.  Wait 19 months.  And then you can steal our personal information.”

Host:  Sir, in about 30 seconds, what’s the answer then?

 Prisco:   The answer is deploying the best technology.  Too often, people are worried about getting fired for buying innovative products.  You know the old saying, “Nobody ever got fired for buying IBM.”  Well there are millions and millions of dollars being spent on marketing products that just don’t work.  So we need to show some nerve and buy the type of products that start-up companies in this country are very good at producing.

Host:  Is that nerve going to have to come from the private sector do you think?

Prisco:  I think it is, and as long as people keep deploying old computers that aren’t being patched, you’re going to see a breach every week.

Triumfant’s John Prisco Talks IRS Breach on Knowledge@Wharton SiriusXM


The data breach at the IRS that left the personal information of 104,000 taxpayers in the hands of thieves was the topic of the May 28 Knowledge@Wharton program broadcast on BusinessRadio Channel 111, SiriusXM.  Triumfant’s President and CEO John Prisco joined host Dan Loney to discuss the breach, how it happened, what it means for the future of government agencies and how this breach impacts the average individual.

The unprecedented surge in online tax scams by increasingly sophisticated criminals, potentially backed by the Russian government, has challenged the IRS to respond quickly to get ahead of the fraudsters, especially during this year’s tax season after hackers targeted TurboTax, the country’s largest online filing service. Tax officials estimate that the government has lost billions of dollars in recent years to fraudulent refunds filed by hackers who steal personal information on tax returns, then use it to claim a refund in a taxpayer’s name before they file.

Loney: How notable or worrisome is the IRS breach?

Prisco: The IRS breach indicates a more difficult and worrisome problem:  companies (and government agencies) don’t practice enough cyber hygiene to prevent these types of breaches.  Had the IRS had two-factor authentication in place, this breach wouldn’t have occurred. Now the public is paying the price.

This breach was really a perfect storm.  Not only do you have the information obtained by very patient adversaries but also the hack on tax preparation software.  TurboTax was too complacent and didn’t have enough security measures built into their software to properly guard against skilled adversaries.

Loney: How difficult is it to put in two-factor authentication?

Prisco:  Not difficult at all.  Many banks do it today, where they send a text message to your phone with a code to complete your transaction, login or filing.  We’re seeing with recent breaches, the IRS and Anthem breaches in particular, that very rich and personal information like Social Security Numbers, medical records, email addresses, credit card numbers, are being targeted. I think we’re going to see this same data being used by perpetrators in years to come.  Adversaries are skilled and patient. But this can be avoided, if prudent steps are taken by the good guys to make it harder for the bad guys to succeed.

Loney: So if companies aren’t fully vested in IT security, they are missing the ball?

Prisco: Very true. We see examples of major breaches occurring on a monthly basis and they will continue to occur. Take a look at the Sony hack for example.  It was almost a ‘man amongst boys’ scenario.  North Korea had very sophisticated capabilities and Sony was running outdated, unsupported, and unpatched Window XP machines.  Once again ignoring basic cyber hygiene and making it very easy for the attackers to not only take huge amounts of data but also cripple systems like payroll.  If companies aren’t invested at the CEO or Board level in taking proper security measures, it can be a disaster for the company.

Loney:  The IRS said it will contact the 104,000 taxpayers whose information was compromised, as well as the 100,000 for whom attempts were unsuccessful. The first group will be offered credit monitoring, while the second will be warned that thieves have their personal information.  Is this enough?

Prisco:  Unfortunately this seems a lot like taking home the home version of the game when you lost on the gameshow. The problem isn’t going away.  We’re tossing 20th century technologies at 21st century adversaries.  The class of security products used today, like anti-virus, relies on prior knowledge or signatures.  This is effective in only 20-25% of attacks.  The future of cybersecurity is dependent on new products entering the market now.  These products can analyze large data sets, leverage machine learning and examine the behaviors taking place on the endpoint to take action based on these behaviors.  As long as we continue to use old technology, it will be easy for adversaries to beat us.

Loney: What recourse is there for the IRS?

Prisco: Besides installing stronger security systems and flagging anything suspicious in a taxpayer’s return, from addresses that didn’t match up with what the government had on file to large deductions for self-employed people, they should also be looking at machine behaviors.  If there’s more frequency than normal with the Get Transcript function on their web site, this is an indicator of possible malicious activity. Something could be amiss requiring further investigation.  I like to say, “never send a human to do a machine’s job.”  Install endpoint security software that continuously monitors machine behavior, investigates anomalous activity and preforms automatic remediation.

Loney: It seems like we’ve only reached the tip of the iceberg and have a far way to go to claim victory, if at all?

Prisco: If you look at BYOD, the Bring Your Own Device to work phenomena, it gets a lot of media attention for being a possible security gap.  But the truth is mobile devices aren’t often targeted yet because it’s so easy to penetrate a regular work computer.  Here again, companies don’t practice basic hygiene like patching their systems.  Take for example Microsoft’s decision to end support for Windows Server 2003.  It’s like ringing the dinner bell for hackers.  If you are running Windows Server 2003, expect it to be hacked.

Loney: Is it understood among large companies that security needs to be their #1 priority?

Prisco:  A small percentage of companies feel and act that way.  Most companies run a skeleton security crew.  They don’t have the sufficient staff or budget to properly prevent targeted attacks from occurring.  Security is really viewed as a cost center vs. a strategic necessity.  Attitudes need to change if we are to be triumphant against hackers.


See-And-Be-Seen: Triumfant’s CEO John Prisco to Present at Upcoming DC-Area Cyber Security Events

It’s a busy Spring season with several industry and regional events on the docket.  As a prominent security professional and head of one of DC’s fastest-growing security vendors, John Prisco has been invited to participate as a featured panelist at several upcoming events to take place in the region and on the national stage. 

First up is the FS-ISAC Annual Summit taking place this week on Amelia Island in Florida. The event is the only security conference created by members for members to present the latest information on cyber security related threats, trends, and technology.  John will demonstrate how to stop memory-based attacks before they become persistent during the event’s Solutions Showcases to the nearly 500 industry executives and practitioners anticipated to be in attendance.

On May 22, the CyberMontgomery event will take place at the Universities of Shady Grove (USG) Conference Center in Rockville, Md.  CyberMontgomery Forum events examine cyber security as a major growth engine for Montgomery County and how to bring together federal government, industry and academic  assets so that they can coalesce and elevate the cyber ecosystem to a level of national prominence.  John will participate in the Innovative Cyber Solutions from Montgomery County portion of the event.

At the invitation-only Breakfast Discussion on Continuous Monitoring on June 4 at the Ronald Reagan Center, John will join executives from IDC, Websense and SMS to discuss the Office of Management and Budget (OMB) security mandate 14-3 requiring compliance by 2017. The panel will address challenges and confusion around the implementation and discuss the technologies, best practices and services that can support a successful deployment.

During The Wall Street Journal’s DC Metro Security Summit, June 5 at the Sheraton in Tyson’s Corner, John will lend his experience and expert commentary to the panel on cyber policy.  Establishing a cohesive national cyber-security initiative has become one of the major emerging security challenges of the new century.  This panel will analyze the ongoing debate surrounding the implementation and enforcement of strategies, policies and emerging areas of enterprise security architecture that will govern people and information in the years ahead.

We hope to see you there!


The Verizon 2014 Data Breach Investigations Report is Out

This week Verizon issued the findings of its annual Data Breach Investigations Report (DBIR).  To no surprise, after analyzing 10 years of data researchers shared: “we realize most organizations cannot keep up with cybercrime — and the bad guys are winning. But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”  We at Triumfant couldn’t agree more.

Triumfant’s big data and patented analytics approach to breach detection is rooted in its ability to continuously scan more than 500,000 granular state attributes on every machine. This scan is truly continuous – not weekly, monthly or quarterly. Triumfant collects and maintains the most comprehensive repository of state data available, providing organizations a clear, complete, and current view of the endpoint population. Triumfant can then detect and evaluate alterations to the machine to identify changes that are anomalous in the context of the population. The raw state data is translated into real, actionable information about the configuration and health of every machine.  As a result, organizations can identify machines that are open to exploit because of newly identified vulnerabilities or machines that are non-compliant to configuration and regulatory policies.  Triumfant can also pinpoint missing patches on a given machine where infiltration can occur. 

The 2014 Verizon DBIR identified nine basic threat patterns that make up 92% of security incidents.  Out of the 1,367 confirmed data breaches analyzed, the cyber espionage pattern accounted for 22% of the attackers recorded by Verizon and its partners, while point-of-sale (POS) intrusions made up 14% of the breaches in this year’s report.Still, Web app attacks were far and away the most common threat type, with 35% of all confirmed breaches linked to Web application security issues.

As the report suggests, no one is immune from a data breach and its taking longer to identify compromises within an organization — often weeks or months, while penetrating the organization can take only minutes or hours.  Triumfant emphatically closes the breach detection gap with its rapid detection and response capabilities. Triumfant detects breaches in real-time at the point of infiltration, generates a comprehensive and actionable analysis within minutes of the attack, and builds a situational remediation that stops the breach and repairs all of the primary and collateral damage to the machine within five minutes.

The 2014 Verizon DBIR once again underscores the importance of deploying a more focused and effective way to fight cyber threats.  You will be breached, you are not prepared, and the adversary is taking advantage. A new approach is needed — the endpoint is your last line of defense.

Triumfant Detects Heartbleed Bug on the Endpoint — Underscores Need for Endpoint Breach Prevention and Complete Defense-in-Depth Strategy

The recently discovered Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library that allows cybercriminals to steal information that would normally be protected by the SSL/TLS encryption used to secure the Internet.  While the industry is scrambling to fix the problem and patch the hole, which was revealed just this week but has been around for more than two years, Heartbleed represents a much bigger security issue — it demonstrates that traditional perimeter security is not enough and that security breaches are inevitable.  A new approach is needed, one that combines network security measures (firewall, IPS/IDS, sandbox) with the endpoint. 


Heartbleed is a defect in the OpenSSL implementation that allows the attacker to obtain random chunks of memory data by simply asking.  While the industry collectively works to remediate the Heartbleed bug and shore-up systems, Triumfant’s memory process scanner, the first ever Advanced Volatile Threat (AVT) module to detect and stop in-memory malware attacks, can be used by organizations to detect if the version of OpenSSL being used on any computer has the exploit.  In the mad dash to upgrade to the latest version of OpenSSL free from Heartbleed (Open SSL 1.0.1g or later) Triumfant can help organizations guarantee that the version of OpenSSL used on computers throughout the enterprise is not the one susceptible to this exploit. 

Rapid detection is the new prevention.  Organizations must allocate resources to finding and containing threats once adversaries have gained access.  With Triumfant organizations can create a multi-faceted defense against today’s most advanced cyber threats in RAM and on the hard drive. Attacks happen, but compromises don’t have to become a full breach.  Endpoint security is the final frontier of defense, with solutions like Triumfant picking up where network-based tools fall short. 

John Prisco, CEO of Triumfant 

Don’t Miss the RSA Panel: Lessons and Unintended Consequences of the APT1 Report

This week plays host to the annual RSA Conference in San Francisco.  One week where the world  comes together to talk security.  Attracting the best and brightest in the field, the RSA conference has built a stellar reputation for creating opportunities for  attendees to learn about IT security’s most important issues and to set the security agenda for the year ahead. Triumfant is pleased to have our CEO John Prisco as a featured panelist during the conference session, “One Year Later: Lessons and Unintended Consequences of the APT1 Report” on Feb. 25 at 2:40 p.m. The panel discussion moderated by Securosis analyst Gal Shpantzer will examine China’s espionage efforts and the lessons learned from the APT1 report.  Mr. Prisco and other industry thought leaders will offer their expertise and insights on how enterprises can use these lessons to improve their defenses.

“Adversaries are skillfully constructing targeted attacks that purposefully evade traditional endpoint detection solutions such as Advanced Persistent Threat (APT), zero-day attacks, targeted attacks and rootkits,” said John Prisco, CEO of Triumfant. “At Triumfant, we’re helping enterprises stop a breach before it become a full-fledged attack. I’m pleased to share with attendees at these prestigious events how to close the breach detection gap with rapid detection and response at the endpoint.”

If you are at the conference, and interested in speaking to John Prisco further, please contact Triumfant’s PR representative April H. Burghardt at for assistance.