What would it mean to your company or home if you could instantly see and block trojans every time? By the time you finish this page, you will know precisely how.
Our company’s founder, Michael Wood, experienced trojans infecting one of his computers. Fortunately, his professional expertise was in network communication, cybersecurity, and software engineering. Combining those three skills, he engineered a custom firewall that instantly displayed the IP addresses of the hackers’ command and control centers, as well as blocking them.
The firewall operated in default-deny mode (meaning it blocked everything until it was specifically told to allow an IP address). Given that all traffic was initially blocked, our founder instructed the firewall to solely allow traffic to each site as he was visiting them. Therefore, the only thing that remained blocked were the IP addresses that the trojans were trying to reach out to. Thus, the IP addresses of the command and control centers were instantly seen the moment the trojans tried to connect. And, most importantly, they were permanently blocked.
Trojans are the biggest problem in cybersecurity today. Therefore he committed to building a firewall that would allow anyone to take the same approach that he did. In other words, he committed to inventing a system where every user acts as a firewall programmer, telling a default-deny firewall the sites they want to visit in real time. All other traffic remains blocked (including trojans).
User-Intended Final Destinations
Surprisingly, this solution doesn’t require any blacklists nor whitelists. The solution also doesn’t require any complicated behavioral heuristics; nor threat intelligence data feeds. Rather, the solution is fully self-contained, solely relying on user-intended final destinations. In other words, the solution to blocking trojans is a default-deny firewall that solely allows traffic to user-intended final destinations.
In order to convert the initial prototype into a working commercial product, two additional features needed to be added:
- A feature to make it quick and easy for users to state their intended final destinations.
- A feature that automatically translates, in real time, the final destination into all the required IP addresses.
To make it easy for users to know they are going to their intended destination, an owner-based identification feature was added . In other words, users see the owner of each site before telling the firewall to allow traffic to it. This quickly (and effectively) ensures that the chosen site matches the user’s original intention.
Once a user has selected a site, another feature reports all the required IP addresses to the firewall (so that the firewall can instantly allow the user to access the site while keeping everything else blocked). Site Enforcer is the name of the IP address determination engine; and it’s perhaps best understood by way of example.
Let’s say that a user’s intended final destination is forbes.com. This webpage pulls content from dozens (if not hundreds) of other sites (and the content sites are constantly changing). Therefore, the firewall first solely allows traffic to forbes.com itself. Then, as the page is being transferred to the user, Site Enforcer parses the page to discover all the sites that the page pulls content from. Site Enforcer tells the firewall, in a real time, all the IP addresses of these content sites (so that the firewall can now allow them).
Terra’s Triad consists of PhishViewer, Site Enforcer, and Trojan Trapper. However, users only interact with PhishViewer. PhishViewer shows users the final destination of each link they click – as well as the identity of the final destination’s owner. If the owner matches the user’s intention then they go straight there. Then Site Enforcer automatically discovers the numerous IP addresses required to allow the user to successfully interact with the site.
Trojan Trapper is the name of our default-deny firewall. So here’s how the Terra Triad of PhishViewer / Site Enforcer / Trojan Trapper works:
- Trojan Trapper begins by blocking everything.
- PhishViewer tells Trojan Trapper each user-intended final destination.
- Site Enforcer tells Trojan Trapper all the sites that the destination uses for content.
Our guarantee: Trojan Trapper solely allows traffic to the pages your users have open, and the sites these pages pull content from. Everything else remains blocked.
And this is precisely what you need to stop trojans from exfiltrating data, and stop them from opening back doors for hacker command and control centers.
Through PhishViewer, every user becomes a real-time programmer of a default-deny firewall. Since each new user contributes to the firewall rules, this approach is auto-scaling. It works just as effectively for a single home user as it does for a worldwide enterprise with over 10,000 employees. The Terra Triad fulfills our founder’s mission to make his effective, trojan-blocking technology available to every home, office, and enterprise.
The following video demonstrates how the parts of the Terra Triad work together to finally solve the biggest problem in cybersecurity.
PhishViewer Enterprise is available now. The full Terra Triad, including Trojan Trapper, will be available the second quarter of 2020. You can sign up for discounted early adopter prices and status updates below.
A secure internet is coming soon. We hope you join us.