Overview – Triaton
ONE unified platform for complete protection; Your Strategic Security Asset
Our Cloud Tech Stack + Our Pro SecOps Analysts = Your protection against Known and Emerging threats
We plug into your existing technology, including cloud, SaaS Apps, On-Prem Infra to collect logs and Alerts with a platform built to integrate quickly with new technologies
Triaton delivers robust security monitoring and protection for your IT assets using its Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) capabilities. Triaton use cases are designed to safeguard your digital assets and enhance your organization’s cybersecurity posture.
These use cases encompass File Integrity Monitoring (FIM) ensuring the integrity of your critical files, Security Configuration Assessment (SCA) fortifying your system configurations against potential threats, Vulnerability Detection pinpointing potential weaknesses before they are exploited, and others.
Explore our use cases and capabilities below.
Configuration Management
Triaton monitors system and application configuration settings to ensure they are compliant with your security policies, standards, and/or hardening guides. The Triaton agents perform periodic scans to detect misconfigurations or security gaps in endpoints that can be exploited by threat actors. Additionally, you can customize these configuration checks, thereby tailoring them to properly align with your organization’s needs. Security alerts include recommendations for better configuration, references, and mapping with regulatory compliance.
Malware Detection
Triaton detects malicious activities and indicators of compromise that occur on endpoints as a result of malware infection or cyberattack. Triaton out-of-the-box ruleset and capabilities like Security Configuration Assessment (SCA), Rootcheck, and File Integrity Monitoring (FIM) help to detect malicious activities and anomalies. You can configure and customize these Triaton capabilities to suit your organization’s requirements.
File Integrity Monitoring
Triaton monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep track of. In addition, it natively identifies users and applications used to create or modify files. You can use the Triaton File Integrity Monitoring capability in combination with threat intelligence to identify threats or compromised endpoints. In addition, FIM helps to meet several regulatory compliance standards, such as PCI DSS, NIST, and others.
Threat Hunting
Triaton offers comprehensive visibility into monitored endpoints and infrastructure. It provides log retention, indexing, and querying capabilities that help you investigate threats that may have bypassed initial security controls. Threat detection rules are mapped against the MITRE ATTACK framework to aid in the investigation and referencing of tactics, techniques, and procedures commonly used by attackers. Triaton also integrates with third-party threat intelligence feeds and platforms for enhanced threat hunting.
Log Data Analysis
Triaton agents collect operating system and application logs, and securely forward them to the Triaton server for rule-based analysis and storage. The Triaton rules detect application or system errors, misconfigurations, malicious activities, policy violations, and various other security and operational issues.
Vulnerability Detection
Triaton agents pull software inventory data and send this information to the Triaton server. The collected inventory data is then correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, to identify known vulnerable software. Automated vulnerability detection helps you find the flaws in your critical assets and take corrective action before attackers exploit them for malicious purposes.
Incident Response
Triaton provides out-of-the-box active responses to perform various countermeasures against ongoing threats. These responses are triggered when certain criteria are met, they include actions like blocking network access to an endpoint from the threat source and others. In addition, Triaton can be used to remotely run commands or system queries, identify indicators of compromise (IOCs), and help perform incident response tasks.
Regulatory Compliance
Triaton provides some of the necessary security controls to become compliant with industry standards and regulations. Some of these security controls include File Integrity Monitoring (FIM), Security Configuration Assessment (SCA), vulnerability detection, system inventory, and more. These capabilities, combined with its scalability and multi-platform support help organizations meet technical compliance requirements. Triaton provides reports and dashboards for regulations such as GDPR, NIST, TSC, and HIPAA.
IT Hygiene
Triaton builds an up-to-date system inventory of all monitored endpoints. This system inventory contains data like installed applications, running processes, open ports, hardware and operating system information, and others. Collecting this information helps organizations optimize asset visibility and maintain good IT hygiene. Several other Triaton capabilities like vulnerability detection, Security Configuration Assessment, and malware detection help to protect monitored endpoints and improve IT hygiene.
Container Security
Triaton provides security visibility into Docker hosts and containers, monitoring their behaviour and detecting threats, vulnerabilities, and anomalies. The Triaton agent has native integration with the Docker engine allowing users to monitor images, volumes, network settings, and running containers. Triaton continuously collects and analyzes detailed runtime information. For example, alerting for containers running in privileged mode, vulnerable applications, a shell running in a container, changes to persistent volumes or images, and other possible threats
Posture Management
Triaton integrates with cloud platforms, collecting and aggregating security data. It alerts on discovered security risks and vulnerabilities to ensure security and compliance with regulatory standards.
Workload Protection
Triaton monitors and protects workloads in cloud environments as well as on-premises workloads. You can integrate Triaton with cloud platforms like AWS, Microsoft Azure, GCP, Microsoft 365, and GitHub to monitor services, virtual machines, and the activities occurring on these platforms. The centralized log management of Triaton helps organizations that use these cloud platforms to adhere to regulatory requirements