TrustPipe, a startup that made bold claims last year about stopping 100% of network-borne attacks on endpoints, has retooled its software and distribution system in order to better fit into enterprise security schemes.
The changes it plotted out last fall were so extensive that the company held off delivering its platform to customers, says co-founder and CEO Ridgely Evers. The revised version is available now.
What started out as a cloud-supported service model is now of a stand-alone software agent on endpoints that detects and shuts down malware, and it also detects zero-day attacks and stops them. It independently creates markers to identify those never-before-seen attacks earlier the next time they show up and adds the markers for them to its onboard library, Evers says.
The company has come up with a way to distribute the agents to endpoints that employs DNS to simplify the process. Users create a DNS subzone and virtual machine that endpoints are diverted to and the virtual machine distributes, updates and configures the TrustPipe software to each endpoint, he says.
This replaces the initial set up that called for endpoints to connect to TrustPipe’s cloud for the download. For security reasons, government customers wanted to be able to distribute it without leaving their domains, he says.
The company is seeking a patent on the distribution system. “We believe this is the way software will be distributed in the enterprise in the future,” Evers says.
TrustPipe’s approach to stopping malware is to use mathematical markers to identify and categorize all the malware they could find. By doing this time-consuming analysis, they created a library of markers to identify slightly fewer than 11,000 species of malware. A subsequent re-categorizing of the malware samples done exclusively by the math and without human judgment helping to define the categories cut the number of species to fewer than 6,000. That reduces the size of the marker library each TrustPipe endpoint agent carries with it, he says.
Each marker can identify an entire species of malware, rather than relying on signatures that can vary within a family and are readily altered by attackers to hide from signature-based malware-detection such as anti-virus.
TrustPipe catches zero days by looking for what it calls death rattles. These are activities taking place on the host machine that definitely represent some form of attack unfolding even though it’s not in the marker library. TrustPipe blocks the activity before it hits the network interface card and analyzes the process that initiated it to create a new marker. None of this is apparent to the user, Evers says.
With the updates, TrustPipe has lowered its price from $48 per endpoint per year to $36 per endpoint per year. Resellers will offer monthly subscriptions at $3 per endpoint, making it relatively inexpensive to give the system a try on a sampling of machines, he says.