Address CISA BOD 22-01 Overnight
How Our Cutting-Edge New Capability Makes You More Secure and Compliant With CISA BOD 22–01.
CISA BOD 22-01 — Reducing the Significant Risk of Known Exploited Vulnerabilities
- New Tech. The powerful Trinity Cyber service decrypts, stages, and deeply inspects the content of network traffic to look for the actual presence of KEV exploit attempts—not for hashes and IOCs—and the technology can modify the traffic to prevent the attempt from working, without disruption business continuity.
- New Capability. The industry is no longer confined to the binary option of block or allow—it can now see the problem and DO SOMETHING ABOUT IT.
- Immediate Results. The accuracy and fidelity of this approach allows Trinity Cyber to deploy enduring, high fidelity, automated controls that detect and mitigate all the actively exploited CVEs that contain known network artifacts on the KEV list, which equates to overnight mitigation.
- Affordable. The team at Trinity Cyber manages this technology as a service for the cost, depending on the size of the customer network, of two or three FTEs.
Learn More About Each Mandate
CISA BOD 22-01 Compliance
- CISA keeps a catalog of more than 800 known exploited vulnerabilities (KEV)
- All federal civilian executive branch (FCEB) agencies are required to remediate vulnerabilities in the KEV catalog
- Trinity Cyber automatically mitigates all vulnerabilities in the KEV catalog for which there is an active exploitation or published proof of concept (POC) – Regardless of IOC, the Trinity Cyber difference is its enduring nature and automated mitigation
Example
Recently, the cybersecurity community discovered a “packer” technique used by foreign hackers and shared as much information with US companies as possible about the technique and the known hashes that could be used to try and stop future attempts. All other network security vendors take a whack-a-mole approach, including the hash in its block or allow engine as part of its hash matching logic. If the specific malicious file traverses such a dumb system, it is often blocked and sometimes allowed into your network with an alert that requires you to chase it down.
However, with Trinity Cyber, it is now possible to knock campaigns like this out altogether with one Formula, and not only rely on blacklist hashes that are often evaded the same day they are created. The day the community shared the details of this packing loader campaign, Trinity Cyber was programmed to cover this threat with a formula-based solution for any variants of the loader found in this campaign, no matter how many new hashes are generated. It took 3 hours to develop this holistic Formula (all appropriate intelligence gathering and testing accounted for).
To go a bit deeper, our detection focuses on Portable Executable (PE) files that have a specific LZMA and XOR encoding sequence within sections of the binary. The technique found in these loaders is agnostic to the payload (one example or which was mentioned in the sharing report) and the Trinity Cyber team will continue to evolve the formula as necessary as we do more research. All included in our service.
Example
The Log4j vulnerability, discovered in December 2021 remains a serious flaw that put millions of devices at risk and continues to be widely exploited by threat actors. In late 2021, CISA required all federal civilian departments and agencies to assess and immediately patch systems or implement mitigation measures. While many scrambled to monitor and patch systems within the first hours of disclosure, Trinity Cyber rapidly deployed formulas to keep customers protected from attempts to exploit the Log4j vulnerability. Trinity Cyber’s core technology is not vulnerable to Log4J exploits and does not employ the affected library in any of its direct systems. Our customer data is not vulnerable to Apache Log4j exploitation. Trinity Cyber customers were and still are protected from this vulnerability.