GCN LAB REVIEW
Triumfant Resolution Manager
Triumfant earns a Reviewer's Choice for its ease of use, features and capabilities
- By Carlos A. Soto
- Aug 04, 2009
Ease of use: A-
Price: $28.39 for a one year subscription license
Triumfant Resolution Manager is a safety net for detecting, analyzing and fixing changes made to your network at the most granular level. This type of monitoring and network analysis creates unique capabilities for malware detection and facilitates the creation and enforcement of configurations, protocols and security policies.
It’s important to note that Triumfant is not antivirus software or a replacement for antivirus software but a supplement to any antivirus solution that learns, tracks, and safeguards networks. Antivirus software acts like a shield for known bugs. Triumfant defends your network from bugs that have either never been seen before or attacks that have managed to evade signature-based software.
Paraphrasing a Gartner Research article, Triumfant states that traditional antivirus software misses, on average, 2 percent to 10 percent of known attacks and more than 50 percent of unknown attacks. A complementary tool such as Triumfant is necessary to protect the endpoint, the company argues. Triumfant can also detect and counter the attacks directed at antivirus software.
Triumfant works by continuously scanning client machines even when they are disconnected from the host. The agent will then detect changes and cache those changes until it can communicate with the server. This makes Triumfant effective in environments when machines are often disconnected from the network.
It’s important to note that, when remediating, Triumfant does not scan for images of an earlier configuration. The software detects changes and builds a remediation specifically geared toward addressing the changes detected on the machine. That allows administrators to restore the machine to a state before the change, which, in most cases, can be conducted without the need to reboot the machine and without the user knowing anything happened.
Unlike antivirus software, Triumfant Resolution Manager uses analytics to identify and remediate unexpected changes and conditions. It doesn’t require signatures to identify malware, making it more of a reactive piece of software as opposed to preventive.
Triumfant installs as a small agent on all the nodes on your network. It then runs a continuous scan of security-specific attributes, which forces a real-time analysis by the Triumfant server when the agent detects malicious activity.
Next, the Triumfant sever validates whether the activity is malicious by performing a deeper scan of the machine and comparing that machine with information from the broader population to eliminate false positives.
Assuming the result is a malicious piece of software, the Triumfant server gathers the necessary information to build a remedy to the attack. The most impressive part of this software is the remediation phase. Triumfant can build sophisticated fixes for removing programs, such as rootkits, designed to hide or obscure the fact that a system has been compromised. Triumfant also can remove or fix watchdog processes, uncloak hidden processes, or identify randomly named executables.
Perhaps Triumfant's best attribute is how easy it is to use. A simple console lets you see every change that a piece of malware can impose and lets you track and correct issues with the click of a button. Priced at $59.77 for a perpetual license, which includes first-year maintenance, or $28.39 for a one-year subscription license, it’s among the most affordable programs in the roundup.
I would like to see three additions to future versions. First, when you launch the console, an options screen appears instead of a summary screen. It seems to make more sense to see a summary at the start to get a snapshot of your network condition. Second, the graphs in the summaries are informative, but the text in the title of each graph doesn’t stand out and is omitted in some graphs. Lastly, the graphics appear outdated and could be updated to look more modern and 3-D.
Despite these issues, Triumphant earns a Reviewer’s Choice for its ease of use, features and capabilities, such as the ability to scan more than 200,000 attributes on every client, and detect and fix changes in minutes.
Triumphant, 301-917-6280, www.triumfant.com
Carlos A. Soto is a former GCN Lab technology analyst.