As the world continues to go online, it is forecast that the number of active internet users will reach 6 billion people by 2022 (up from 2B in 2015). Damages from cybercrime are predicted to cost the world economy $6 trillion annually by 2021, up from $3 trillion in 2015. Cybercrime is growing at approximately the same rate at which the people and devices are getting added to the internet today. So, security needs to be every business’s top priority. In this increasingly complex digital world, defending our corporate assets has become overwhelming. And the need to prevent, detect, and fix the harm with fewer skilled resources became the real challenge. TriagingX recognized that need and provides solutions that are simple, real-time and automated: designed to augment the expertise of security teams, providing them protection, agility and better attack insights.
There are many solutions in the market today that defend against known attacks or variants of known attacks. These solutions tend to rely on signatures, reputation lists or detection of known Indicators of Compromise (IOC). This Silicon Valley-based company develops unique solutions that learn and adapt to the security threat based on the behaviors of the actual attack. Founded in 2016, TriagingX’s solution portfolio includes the malware detonation solution TXSandbox, advanced endpoint protection solution TXEcosystem, and endpoint threat hunting solution TXHunter.
The Driving Force behind TriagingX’s Success
Mr. Weafer, the COO and CTO of TriagingX, shared his experience troubleshooting a suspected cyber breach at a US based private wealth management company. The Incident Response team had deployed an EDR solution but was worried that one of the Windows servers was still infected and not correctly identified. The TXHunter solution was immediately deployed and helped establish the extent and severity of the incident for risk analysis and remediation.
“The philosophy for our solutions is to detect the attack from earliest indications (not relying on known IOC’s): we learn the attack methods used and then proactively adapt the defenses by finding similar weakness in other connected systems,” says Mr. Weafer.
The Solutions Folder: TXSandbox, TXEcosystem, and TXHunter
TXSandbox renders behavior analysis on unknown files and URL objects to help detect new attacks. This solution—with a dual dynamic engine for URL analysis and threat detection—is brilliantly designed for an easy integration with existing apps such as an email or a web gateway and can be deployed in both on-premise as well as cloud business environments.
TXHunter enables Incident Response teams and SOC threat hunters to detect hidden APTs (Advanced Persistent Threats) in corporate endpoint systems. TXHunter can automate real-time breach investigations and eliminates the need to physically assess systems. TXHunter uses the IP address of the suspect system to remotely conduct an in-depth analysis using a disposable agent to uncover the evidence of the attack and provide a detailed report of the analysis conducted.
TXEcosystem endpoint protection is TriagingX’s flagship solution that leverages real-time automation to provide comprehensive protection for endpoint systems and data center servers to defend against zero-day attacks, including file-less threats, without requiring security patches. The catch here is its ability to decode the new attack methods and conduct real-time penetration tests across the network to find all similar weaknesses to block a real attack (if launched). This solution, which provides early insights into new attack methods, also helps reduce the number of false or irrelevant security alerts.
The 2017 WannaCry and Petya attacks both used exploits of the Windows’ Server Message Block (SMB) protocol to propagate from system to system. These attacks exposed the weaknesses of old protection solutions and patching practices that frankly were unable to adapt fast enough to an attack that had been well signaled. TXEcosystem, according to Mr. Weafer, is ideally suited to fight such attacks because of its ability to decode new attacks and block more of them without waiting for any patches.
The Security Instigators – Lixin Lu and Vincent Weafer
Lixin Lu, the Founder, and CEO of TriagingX is a veteran entrepreneur and cybersecurity expert with 19 years of experience in this industry. He is the creator of four security startups including ValidEDGE which was acquired by McAfee/Intel Security in 2012. At Intel Security, he worked as Chief Scientist in Network Security and led the Advanced Threat Detection product development.
The COO and CTO of TriagingX, Vincent Weafer is a veteran research and technology leader with over 20 years of experience leading the Security Research teams at McAfee/Intel Security and Symantec.
Mr. Weafer who represents the organization in major cybersecurity events held across the globe has been invited by multiple U.S. Government Committees, to testify on cybercrime.
“We at TriagingX strive to provide tools that learn, adapt and implement fixes before the breach can occur, and by doing so eliminate the overhead involved with cybersecurity.”