TrustPipe fine tunes its security software to target enterprise

Endpoint software blocks zero days, creates new ID markers to catch them faster the next time.

TrustPipe, a startup that made bold claims last year about stopping 100% of network-borne attacks on endpoints, has retooled its software and distribution system in order to better fit into enterprise security schemes.

ridgley evers

Ridgely Evers

The changes it plotted out last fall were so extensive that the company held off delivering its platform to customers, says co-founder and CEO Ridgely Evers. The revised version is available now.

What started out as a cloud-supported service model is now of a stand-alone software agent on endpoints that detects and shuts down malware, and it also detects zero-day attacks and stops them. It independently creates markers to identify those never-before-seen attacks earlier the next time they show up and adds the markers for them to its onboard library, Evers says.

The company has come up with a way to distribute the agents to endpoints that employs DNS to simplify the process. Users create a DNS subzone and virtual machine that endpoints are diverted to and the virtual machine distributes, updates and configures the TrustPipe software to each endpoint, he says.

This replaces the initial set up that called for endpoints to connect to TrustPipe’s cloud for the download. For security reasons, government customers wanted to be able to distribute it without leaving their domains, he says.

The company is seeking a patent on the distribution system. “We believe this is the way software will be distributed in the enterprise in the future,” Evers says.

TrustPipe’s approach to stopping malware is to use mathematical markers to identify and categorize all the malware they could find. By doing this time-consuming analysis, they created a library of markers to identify slightly fewer than 11,000 species of malware. A subsequent re-categorizing of the malware samples done exclusively by the math and without human judgment helping to define the categories cut the number of species to fewer than 6,000. That reduces the size of the marker library each TrustPoint endpoint agent carries with it, he says.

Each marker can identify an entire species of malware, rather than relying on signatures that can vary within a family and are readily altered by attackers to hide from signature-based malware-detection such as anti-virus.

TrustPipe catches zero days by looking for what it calls death rattles. These are activities taking place on the host machine that definitely represent some form of attack unfolding even though it’s not in the marker library. TrustPipe blocks the activity before it hits the network interface card and analyzes the process that initiated it to create a new marker. None of this is apparent to the user, Evers says.

With the updates, TrustPipe has lowered its price from $48 per endpoint per year to $36 per endpoint per year. Resellers will offer monthly subscriptions at $3 per endpoint, making it relatively inexpensive to give the system a try on a sampling of machines, he says.

Join the CSO newsletter!

Error: Please check your email address.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place