Trinity Cyber redefined what's possible at the network edge, with the first ever technology, delivered as a fully-managed service, that can fully open, scan, treat, and rebuild full-session Internet traffic (protocol fields and files) in both directions to expose and mitigate in real time actual threat content before it becomes an incident.

It's an entirely new approach that works better and is not reliant on indicators of compromise like hashes. This breakthrough leads to three fundamentally important outcomes desperately needed in the cybersecurity industry:

1. Profoundly better, more accurate, and more enduring detection (by finding the actual exploitive conditions in the protocol field or file, not looking for indicators or applying algorithms). Our false positive rate is less than 0.1% -- while other market leading network vendors average almost 30%.
2. The ability to do something meaningful about what we find before it enters or leaves a network. It is the first of its kind automated, highly effective preventive control. That means less risk and less work for your enterprise.
3. A fully managed service that puts an elite team with advanced tools to work on your network traffic for a fraction of the cost of doing it in house.

We run a high availability cybersecurity countermeasure operation as a service. You get clean traffic. It radically reduces risk, alert fatigue, and false positives. We are not a secure web gateway, web application firewall, or intrusion prevention system, but we outperform and replace every SWG, WAF, and IPS on the market.

We accommodate all budgets and risk appetites. Trinity Cyber sells in three subscription tiers. The annoying price models have died along with the old technologies that Trinity Cyber replaces. Unlimited seats for your SWG. Unlimited domains for your WAF. Internet gateway security that matches your usage. Pick as many connection options as you need. Only pay for what you use. Pick your tier and pay the price you see plus an additional consumption fee if applicable. (Add link here for some practical examples).

Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup. Need content for this popup.

Award-winning content-based inspection (from layer 3 out to the application layer) and real-time mitigation of every internet session. The only product on the market that can parse full-session bidirectional traffic (not packet level and not byte manipulation, but full session control) and automatically eliminate malicious content in real-time. Trinity Cyber introduces reliable detection and maneuverability into cybersecurity. Its patented capability enables a range of real-time corrective actions beyond block or allow, increasing security and reducing business interruptions, and a manageable work flow that replaces alerts with enriched historic notifications. Each detection formula and countermeasure deployed in the new system has a precise response ideally suited and tailored to the given threat. It can remove, replace, or modify any content, at any level of detail, from traffic moving in either direction, in layers 3-7, in real-time. The results are powerful, enduring, and valuable. The capability maintains a false detection rate of less than 0.01% and an overall accuracy rate greater than 99.99%.

The power is not just the new technology, it's also a fully managed service. Trinity Cyber has a vast library of detective and preventive controls and adds new ones every day based on threat intelligence and advanced hunting activities. It can defeat in-the-wild malware campaigns and the most prolific CVE-based vulnerabilities used on the internet. The service delivers a protective posture against the following threats, for example:

• Thousands of CVEs (that are being remotely exploited), including all actively exploited CVEs on the CISA KEV list
• Hundreds of Malware Families, and growing (multi-stage, from initial access to exfiltration)
• Hundreds of Techniques (file and protocol-based, where attackers hide payloads), each one translating to hundreds of thousands of signatures in old network technologies
• Coverage of 14 MITRE AT&CK Tactics
• Hundreds of MITRE ATT&CK Techniques
• Hundreds of MITRE ATT&CK Sub-Techniques

One of Trinity Cyber's largest customers raves, "Trinity Cyber has become our security benchmark in the context of comparing and validating what other security solutions are identifying. Trinity is successfully identifying and preventing content-based malicious activity that the other principle Tier 1 solutions miss."

While others look at logs, Trinity Cyber threat analysts use Trinity Cyber's new technology to look at fully parsed and deobfuscated content. The company's advanced hunters can quickly identify new tactics, techniques, and procedures. They can use broad discovery capabilities not tied to automated mitigation actions to discover anomalous and malicious content and behavior on customer traffic. In this manner, Trinty hunters can find zero days and embargoed vulnerabilities in the wild and inform customers in time to prevent breach or exploitation. These advanced hunting efforts often serve as the first step in developing a new and reliable countermeasure.

Trinity Cyber analysts continuously sift through aggregated content and network activity to find undiscovered threats, expose false negatives, and maintain sources of passive detection. These analysts are an extension of a customer's team, and each customer gets the benefit of all the others. Trinity Cyber analysts run ET Pro rules against customer traffic, triage all systems events, and continuously share outcomes and knowledge. These are valuable services enhanced further by the new Trinity Cyber technology, all included in every subscription tier.

Trinity Cyber analysts collect and process intelligence from a wide variety of public and private sources for use by internal teams, customers, and partners, and to tune and regularly add powerful new detection and response capabilities to its full content inspection and mitigation technology. The company prioritizes the criticality of new vulnerabilities (CVEs), malware campaigns, and techniques found in the wild, then feeds the process for developing new Formulas. Trinity Cyber is a trusted partner of the US DOD as a protector of the defense industrial base (DIB), a long-time member of the Microsoft Active Protections Program (MAPP), an early-release vulnerability program that allows Trinity Cyber to provide updated protections to customers sooner, a subscriber to Mandiant Advantage, Virus Total Duet, TrendMicro, Grey Noise, and we are a member of the Cyber Threat Alliance, among other sources. The value of this threat intelligence and its curation in developing controls for Trinity Cyber customers is significant. The results are even more significant. Analysts hunt customer network traffic with a new level of context never before available, review threat intelligence, and develop and tune new and existing detection and countermeasure Formulas. This workflow coupled with the Company's new active mitigation technology empowers Trinity Cyber to share operational results (not just information) with its ever-expanding customer base.

Trinity Cyber malware and threat intelligence experts are constantly working for you, analyzing malware, through static and dynamic analysis methods, to create new and creative detection and mitigation methods that are run on Trinity systems to protect your traffic.

The four activities above (continuous content-based threat hunting, emerging threat analysis, threat intelligence research and curation, and malware analysis) empower the team of advanced experts at Trinity Cyber to develop, deploy, and tune a powerful library of enduring detection and active mitigation controls.

Trinity Cyber defines a full Formula to be a combination of 1) complex detection logic enabled by the new technology (which is a powerful new syntax that is a dramatically more complex and content-aware approach than any Zeek, Yara, or Suricata rule) and 2) mitigation syntax that employs tailored and powerful mitigation actions to prevent or modify a threat (often referred to as a countermeasure) within live internet traffic. Trinity Cyber analysts monitor threat intelligence sources, customer traffic, and information from various partners to generate new active countermeasures against emerging threats. It develops new Formulas from content-based threat hunting as well. The Trinity Cyber Threat Hunting team also deeply inspects customer traffic using a variety of tools including full content-based discovery detection (broad scope, low fidelity signals that lead to new threats and new attack discoveries), the Suricata ETPro ruleset, which runs on passive capture equipment, metadata and full content within internal databases and common Threat Intelligence platforms like Virus Total. The Formula Development Team then uses these sources together to produce new detection logic and countermeasures (Formulas).

We develop Formulas in different and powerful categories. Some Formulas are higher fidelity versions of a signature-based concept, taking advantage of the deeper context that our scan engines and parsers produce. Click here for an example. [SEO link to Log4j case study]. Other Formulas are heuristic in nature, in which we look for combinations of content and details and constantly triage and improve the system. Click here for an example. [SEO link to Credential Harvesting case study]. Finally, we have Formulas that look for tactics, techniques, and procedures (TTPs) that give away an attacker's presence. Click here for an example.

Trinity Cyber threat analysts continuously review and triage every new event to ensure accuracy and assess context, severity, and relevance. The team tunes, updates, and maintains Formulas based on new findings as part of its daily workflow. They ensure accuracy stays way above industry averages, and provide significant value in the form of better security and more time.

Through the Trinity Cyber customer portal, customers can drag files into the Trinity Cyber file parser tool to get blindingly fast results. This tool is revolutionary. It empowers analysts to drop a file into the tool and receive (in milliseconds) a fully parsed, graph node breakdown of any file and all its sub-objects along with a maliciousness analysis.

Trinity Cyber analysts can be tasked to develop tailored discovery Formulas in collaboration with customers to identify specific behaviors or conditions on customer networks or network traffic, giving you a powerful new content-rich hunting tool and unparralled visibility into your network. Build the advanced Trinity Cyber team and its new capabilities into your active workflow.

The detection half of all Formulas are deployed for every customer, every time, with no exception. However, the automated mitigation action can be fully customized for a customer. Customers have different risk appetites and operating needs. Custom actions can range from the exquisite to the unconventional or deceptive. Trinity Cyber controls do not tip hackers to the presence of the system, and its Formulas do not represent the risk of exposing the source or method that led to their creation. Learn the power of real-time, customized maneuvers in either direction of traffic with this option. The unique new Trinity Cyber capability can cover any security profile under the sun.

Trinity Cyber actively hunts threats on customer networks with advanced, content-aware tools and threat intelligence, constantly looking for the “unknown unknowns.” This plan feature allows customers to task Trinity Cyber analysts to perform customized threat hunting efforts. The Trinity Cyber system tags all traffic and runs a multi-tenant service that allows targeted, discrete customer-driven operations.

Task Trinity Cyber analysts to develop custom preventative controls. The system tags all traffic and runs a multi-tenant service that allows targeted, discrete customer-driven risk treatment operations. This can be especially useful during incident management. Post-incident, you can rely on the Trinity Cyber team and capabilities for intelligence gathering on your network, custom C2 identification and disruption, and Formula tuning to augment your incident response workflow.

Custom chain additional third party services and let Trinity Cyber manage the interface and connectivity.

Use standard BPF filtering syntax to search and retrieve packet captures for investigative purposes. Results are comprehensive, covering all your traffic, not just events detected by Trinity Cyber.

Directly connect your infrastructure with Trinity Cyber's real-time MDR technology within one of Trinity Cyber's Equinix, Crown Castle, or CDC data center locations in the United States and Australia. This is very popular with customers that have infrastructure in colocation centers, and very convenient.

The customer connects via Layer 2 or Layer 3 (dynamic routing protocol) to the Trinity Cyber stack within a shared data center. This is referred to as a cross-connect. Data center services facilitate the shortest physical run between network stacks, ensuring the lowest possible transport latency. For the connection option, Trinity Cyber terminates the TLS traffic and provides break-and-inspect (B&I) services to scan encrypted traffic for vulnerabilities. These services are sometimes referred to as SSL decryption. After Trinity Cyber processing, traffic is either routed back to the customer network (“hairpin turn”) or out to the Internet (Trinity Cyber serves as an Internet Gateway).

The customer may also prefer to run B&I within its facilities. In that case, Trinity Cyber will receive, scan, and return decrypted traffic, provided the customer uses an edge device that can act as a Decryption Broker, providing “decrypt and forward” functionality in a service chain mode.

The use of the MACSec protocol for transport between the customer edge and Trinity Cyber is optionally available for both connection types.

The customer connects to the Trinity Cyber system via one or more secure IPSec tunnels. Trinity Cyber has a large presence in Dallas, New York, Washington DC, Chicago, and San Jose. This is a very popular and easy-to-provision option for small and medium-sized businesses. Trinity Cyber terminates TLS and acts as your Internet Gateway. Trinity Cyber is the last stop for outgoing requests and the first stop for incoming traffic. View our connection options here.

This connection option places Trinity Cyber’s capabilities and services in front of all requests destined for your web-based applications. And, because it is bidirectional, Trinity Cyber will protect your hosted web applications/infrastructure and your customers. Enablement is based on DNS records, making turn-up fast and easy. You get real-time protection for your websites and web applications hosted in virtual private clouds such as AWS/GCP/Azure, and more.

Add Trinity Cyber into the service chain of your Zero Trust infrastructure. Works with the most popular vendors, including Zscaler and Trellix and greatly improves your security posture and reduces your workload. NOT supported for use with Palo Alto PRISMA.

Whether you use Office 365, host an on-prem Exchange Server, host one in a colocation facility, or use another mail provider, Trinity Cyber can inspect and clean your mail, including your attachments. For Office 365 or Exchange servers, we have easy logical solutions with mail flow rules. For all mail providers we can become a hop in the path and fully parse and examine SMTP and MIME, including messages and attachments.

For Outlook to Exchange MAPI communications, Trinity Cyber has a high performance MAPI parser to add security to your environment. If you are such a customer, we strongly encourage you to chose an IPSec Tunnel, Cross Connect, and/or Web Gateway Enhancer via forward proxy among your connection choices.

If you use Gmail or other popular email platforms, your email traffic is likely transported over web protocol and you will receive the benefit of our service by connecting via cross connect, IPSec tunnel, or Web Gateway Enhancer.

For workforces utilizing AWS Workspaces or Azure Virtual Workstation, be sure to use this option to ensure that all traffic from virtual desktop environments out to the internet receives the same protection as the workstations in your office network. Trinity Cyber can easily protect users who remote into a virtual desktop to perform daily tasks, protecting them from phishing, malware, and all the other attacks targeting your workforce and data. The Trinity Cyber network engineering team will help configure your cloud infrastructure.

This is popular with customers using Equinix. Exchange internet traffic with networks, content providers, and large enterprises across more than 35 markets, all while adding Trinity Cyber as your security solution.

Connect digital infrastructure and services on demand at software speed via secure, software-defined interconnection. A managed direct connection of Trinity Cyber's Stack into a customer's cloud ecosystem securely without any need for Internet or WAN services. Such connections require understandings of the detailed specifications of a customer's cloud environment.

An API-based, blazing-fast file inspection service is offered as a part of your subscription. Threat analyst users submit files to the Trinity Cyber solution, receive a malicious verdict with actionable metadata, and can act on results within existing business applications. It also can be set up for automated bulk submissions via an API call. TC:File is a very powerful and useful analyst tool, threat intelligence source, and invaluable aid during incident response.

Trinity Cyber also sells TC:File to popular productivity platforms and email security vendors, who use it as an OEM to inspect file attachments. For example, Trinity Cyber is a proud OEM partner with Inky, a leading email security service. Call your email security vendor and ask them how they inspect file attachments, and whether they would like a full content examination of every file in milliseconds! If they don't partner already, tell them to call Trinity Cyber.

Average inline processing latency is sub-millsecond. In fact, 90% of all traffic processed through Trinity Cyber's technology is processed in under a millisecond.

Overhead capacity capable of inspecting all U.S. and Australian internet traffic, deployed in a segregated network with a footprint that covers Internet peering points across both continents.

Trinity Cyber’s uptime exceeds 99.999% for network content inspection, malware removal, and customer dashboard. The Trinity Cyber system is built as a fully active clustered rack scale solution accounting for multiple points of failure. Internet connectivity, when provided via Trinity Cyber’s stack, is provisioned through multiple providers. Trinity Cyber monitors all its infrastructure, collecting data points for hundreds of metrics, many of which are also automatically monitored for dozens of abnormal conditions to proactively automatically alert on potential issues.

In addition, Trinity Cyber built bypass features to ensure that your internet service is not disrupted by unscheduled outages. In the highly unlikely event of catastrophic failure, Trinity Cyber services will bypass so that traffic will continue to pass uninspected, allowing Internet continuity.

Stop wasting time chasing down nonexistent events due to poor detection accuracy or lack of context. Strong accuracy in Trinity Cyber Formulas results and continuous triage means less work and noise for your team.

Trinity Cyber network engineers supply and maintain all necessary network equipment. Trinity Cyber staff can also design, facilitate, and support your on-premise deployments for an additional fee.

Trinity Cyber's technologies and security operations are run on a management plane physically separated from the data plane. In other words, Trinity Cyber security operations run on dedicated hardware and software that (1) sit outside the customer network, (2) outside the public cloud, and (3) is not discoverable on the Internet. This placement and operations model ensures you are protected against infrastructure attacks and that your data is not exposed or at risk. If an internal attack compromises your network, or the public cloud is popped, Trinity Cyber's service will continue inspecting and preventing, and disrupting C2 uninterrupted and uncompromised.

Complementing our full-content inspection and mitigation capabilities and patented technologies that fully parse and inspect content at layers 3-7, including transport-layer protocols such as TCP and UDP we also provide standard L3 (source/destination IP) and L4 (stateful port and protocol inspection) firewall functionality as an additional layer of security, allowing you to simplify and offload network management. *Only available for customers using Trinity Cyber as an internet gateway (cross-connect without hairpin and/or IPSec tunnel) with traffic egress through Trinity Cyber.

We have a default posture that blocks known bad URLs and IP ranges as a fully managed augmentation to our core service. We also can apply a custom posture per customer blocking URLs and IP ranges based on customer-provided, custom criteria. *This is only available for customers who use Trinity Cyber as an Internet gateway (cross-connect without hairpin, web gateway enhancer, and/or IPSec tunnel) or to perform TLS termination.

Maintain your current IP space if you connect to Trinity Cyber's groundbreaking service through IPSec tunnel(s). *Only available for customers using Trinity Cyber as an internet gateway (i.e., cross-connect without hairpin, web gateway enhancer, and/or IPSec tunnel) with traffic egress through Trinity Cyber.

Trinity Cyber maintains Points of Presence (PoP) across the continental US and Australia, with massive internet pipes, at the largest Internet peering points, and maintains dedicated IP space to support any customer connection.

The vast majority of all traffic is encrypted and Trinity Cyber has you covered. Trinity Cyber terminates TLS traffic and provides break-and-inspect (B&I) services to enable its groundbreaking service and technologies. Trinity Cyber's stacks are service-chained to F5 SSL Orchestrator appliances. SSL/TLS termination and inspection (B&I) add visibility and performance to the network and enable the full power of the Trinity Cyber solution.

Some customers may instead prefer to run B&I within its facilities. In that case, the Trinity Cyber system receives, scans, and returns decrypted traffic, provided that the customer uses an edge device that can act as a Decryption Broker, providing “decrypt and forward” functionality in a service chain mode.

If you are unable to remove SSL traffic that cannot be inspected (e.g. cert pinning), Trinity Cyber can handle the exemption process with exclusions after traffic passes into Trinity Cyber systems. Trinity Cyber brings a wealth of experience to the common problems associated with TLS termination and offers advice on the wise and unwise exceptions necessary to help you run and maintain your enterprise without disruptions.

Managing a Certificate Authority (CA) is an essential ingredient to our SSL Inspection capabilities. Trinity Cyber takes care of all CA concerns on your behalf.

The Trinity system can make use of your Certificate Authority, allowing Trinity Cyber's SSL Inspection capability to seamlessly integrate with your broader WAN traffic.

Depending on the desired network configuration, Trinity Cyber can negotiate and manage Mutual TLS traffic patterns.

Trinity Cyber's Customer Portal is the primary dashboard for customers to view threat events, threat performance, traffic throughput, and drill down capabilities to view into the actions and events Trinity Cyber is taking to protect the customer's network.

Each customer will receive the number of portal accounts associated with their plan which support time-based one-time password (TOTP) multi-factor authentication with all popular authenticator apps and account self service for administrative users.

Bring your own (BYO) Identity Provider. You can authenticate to your portal accounts through your own identity service via OIDC (preferred) or SAML (supported).

Customers receive access to a real-time customer portal that provides an interactive dashboard of the detected and prevented threats as well as rich incident response data and threat intelligence. The Trinity Cyber portal provides a description of the threat as well as tags to MITRE Attack and the Unified Kill Chain where appropriate. The dashboard allows a customer to view visualizations of files, file objects and on the type and quantity of traffic; reporting on the specific nature of identified threats and the actions taken by the Trinity Cyber service to remedy the threats; Portal data can be exported to common file formats or forwarded to common security logging and event management software.

In addition to exportability, the dashboard offers investigation tools including our file parser, cross referencing to VirusTotal, Greynoise, and more.

Trinity Cyber delivers to the customer the ability to review all active responses for audit purposes and ensure that records are kept for at least 365 days.

All event data is exportable into CyberChef and enriched and cross referenced to VirusTotal, Greynoise, and more.

Trinity Cyber Threat Analysts use ProofPoint's Emerging Threat ruleset (ET Pro) by running them against all customer traffic regularly to supplement Trinity Cyber's unique human-led, technology-enabled content-based threat hunting. All customers benefit from Trinity Cyber's use of this and other investigative tools.

Download the session payload of an event in its original form as the Trinity Cyber system saw it at the detection stage, before the system acted on it, just as the end user would have received it if Trinity Cyber had not applied an automated preventive control. It is delivered in Base64, Hexdump, and raw formats.

Well-documented API's enable control and visibility of what Trinity Cyber is doing to protect your network without touching a web interface.

The Trinity Cyber portal offers powerful tools and insights into your network traffic and the actions Trinity Cyber is taking to protect it. Trinity Cyber event notifications and outputs can also be integrated into a SIEM tool with a simple public API setup. Trinity Cyber offers default integrations with Splunk (at Splunkbase https://splunkbase.splunk.com/app/6465) and Elastic. Trinity Cyber meets the needs of any robust Security Operations Center (SOC).

Trinity Cyber will develop and deploy custom integrations into any tools or services the customer is using.

No information provided.

For Organizations that work with government agencies, utilizing Trinity Cyber supports the "Moderate Impact" level of FISMA requirements.

Trinity Cyber addresses Sections 2, 4, 7 and 8 for the "Executive Order on Improving the Nation's Cybersecurity."

One of the tenants of the memo "Update to the Trusted Internet Connections (TIC) Initiative" requires agencies to perform full packet capture and leverage SaaS solutions. Trinity Cyber and our partners can provide both functions.

Trinity Cyber meeting the requirements for all 3 event logging tiers ouitlined in memo titled "Improving the Federal Government's Investigative and Remediation Capabilities Related to Cybersecurity Incidents"

Trinity Cyber adds Zero Trust to Internet access by allowing organizations to manage their network security under the assumption everything entering and exiting their environment is already compromised.

Trinity Cyber automatically mitigates all vulnerabilities in the KEV catalog for which there is an active exploitation or published proof of concept (POC).

Trinity Cyber protects Internet facing VMware servers from initial attack before they have a chance to compromise VMware platforms. Agencies can patch systems while ensuring that Remote Code Exploits (RCEs) such as the ones called out in this directive, never reach mission-critical devices.

Concierge service with a dedicated Customer Success Executive who will handle the account from stand-up through service delivery, providing life cycle continuity and specialized attention. The Customer Success Executive will provide regular touchpoints, arrange custom reporting if needed, and coordinate all Trinity Cyber assets or needed resources for the fast and seamless provision of high-caliber services.

Elite Customers will gain access to expert technical resources who can provide guidance on security and performance configurations along with network tuning workshops.

Access to Executive Performance Reporting including trend data, Monthly and Quarterly performance summaries, overall health assessment, and security recommendations. Early access to BETA and new feature capabilities, and access to experts to assist with feature opportunities to help meet the customer's growth forecast, business development needs, and corporate goals.

Access to a Knowledge Article Database where teams can research topics and trends in the cybersecurity community, white Papers, Use Cases, and other published documentation will also be accessible for our Premium and Elite Customers.

Chat access to Threat Analysts and Engineering experts M-F 8-5 pm ET. Questions, inquiries, and general conversations about threat findings, security events, or general threat hunting topics can be submitted to Threat Analysts and Engineers. (This channel cannot be used to report issues or request resolution to support inquiries).

Trinity Cyber provides 24/7 monitoring & ensures five nines availability of the service and your network connectivity. Any Service Impacting Maintenance will be scheduled and announced ahead of approved windows (notifications will go out directly to the POC for each Customer).

Access through the Trinity Cyber Portal to open a Case/Ticket. Severity descriptions and response times will be identified for support expectations. All Customers have access to Severity 1-4 Support with Case status updates and tracking.

24x7x365 direct line support number. In the event of an issue (Severity 1-4), this designated hotline provides immediate access to Trinity Cyber personnel who will open a Case on your behalf and engage directly with all technical resources (Threat Analysts, Engineering, Executive Escalations).