Bit9 Connect Alliance Partners

The Bit9 Connect Partner Program supports vendor interoperability to help customers build next-generation security infrastructures. Bit9 has partnered with industry leaders to create integrated solutions that provide end-to-end protection against advanced threats.

As a member of the Bit9 Connect program, partners can submit their products to Bit9 for certification and promote interoperability across security solutions.

To learn more about the Bit9 Connect program please read our data sheet. If you are interested in becoming a Bit9 Connect partners, please contact us at

Bit9 has partnered with vendors in the network security ecosystem to enable customers to correlate network alerts with endpoint and server data. As network security solutions detect malware on the network, Bit9 consumes those alerts and automatically determines where the malware landed, if it executed, and how many machines were affected. This real-time visibility enables security analysts to filter out non-actionable events, prioritize high-impact alerts, and rapidly respond to potential intrusions.

Bit9 is also able to submit new files that arrive on endpoints – while off the network or via third party storage devices – to network threat analysis solutions. Based on the risk results, Bit9 can automatically ban malicious files from executing while permitting safe files to run.

Network Security Alliance Partners


Check Point Next Generation Firewall

The Check Point Next Generation Firewall extends the power of the firewall beyond stopping unauthorized access by adding IPS and Application Control protections. With detailed visibility into the users, groups, applications, machines and connection types, the Check Point Firewall Software Blade enables network administrators to provide superior protection across the entire security gateway.

Check Point Threat Cloud Emulation Service

Check Point ThreatCloud Emulation Service prevents infections from undiscovered exploits, zero-day and targeted attacks. This innovative solution quickly inspects files and runs them in a virtual sandbox to discover malicious behavior. Discovered malware is prevented from entering the network.

FireEye NX

The FireEye NX series is a group of threat prevention platforms that stop Web-based attacks that traditional and next-generation firewalls (NGFW), IPS, AV, and Web gateways miss. The NX protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe.

FireEye EX 

The FireEye EX series is a group of threat prevention platforms that protects against spear- phishing email attacks that bypass anti-spam and reputation-based technologies. To quarantine the spear-phishing emails used in advanced targeted attacks, the EX analyzes every attachment using a signature-less, Multi-Vector Virtual Execution (MVX) engine that can safely and accurately identify zero-day attacks. Administrators can quarantine emails with malicious content for further analysis or deletion.

FireEye AX

The FireEye® AX series is a group of forensic analysis platforms that give security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day, and advanced persistent threat (APT) attacks embedded in Web pages, email attachments, and files.

Palo Alto Networks Next Generation Firewall

The Palo Alto Networks Next Generation Firewall acts as the basis of an enterprise security platform that is designed from the ground up to address the most sophisticated threats. The Palo Alto Next Generation Firewall offers traffic classification that natively inspects all applications, threats and content, then ties that traffic to the user, regardless of location or device type. The application, content, and user—the elements that run your business—then become integral components of your enterprise security policy. The result is the ability to align security with key business initiatives.

Palo Alto Networks WildFire

WildFire identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) by directly executing them in a scalable cloud-based, virtual sandbox environment. WildFire automatically creates and disseminates protections in near real-time to help security teams meet the challenge of advanced cyber attacks.

Bit9 has partnered with vendors in the data analytics and security information and event management (SIEM) space to enable customers to use one centralized data repository to view all their security information. Bit9 offers standards-based and proprietary integrations with leaders in this space so that security analysts can view endpoint and server events alongside other security information.

Analytics & SIEM Alliance Partners


HP ArcSight

The HP ArcSight Security Intelligence platform helps safeguard your business by giving you complete visibility into activity across the IT infrastructure-including external threats such as malware and hackers, internal threats such as data breaches and fraud, risks from application flaws and configuration changes, and compliance pressures from failed audits. This solution enables you to collect, analyze, and assess IT security, enterprise security and non-security events for rapid identification, prioritization and response.

IBM Security QRadar

IBM Security QRadar® SIEM consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. It performs immediate normalization and correlation activities on raw data to distinguish real threats from false positives. IBM Security QRadar SIEM can also correlate system vulnerabilities with event and network data, helping to prioritize security incidents.


LogRhythm is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring and Machine Analytics, with Host and Network Forensics, in a unified Security Intelligence Platform. It is designed to address an ever-changing landscape of threats and challenges, with a full suite of high-performance tools for security, compliance, and operations. LogRhythm delivers comprehensive, useful and actionable insight into what is really going on in and around an enterprise IT environment.


RSA NetWitness NextGen offers an enterprise software framework that captures all network traffic and reconstructs the network sessions to the application layer for automated alerting and monitoring, and interactive analysis and review. By having all this information immediately accessible, customers have the agility to respond to emerging threats and forensics investigations, identify broken business processes, mitigate intentional data exfiltration and confront tomorrow’s challenges.

Bit9 has partnered with vendors in the threat intelligence space to bolster the power of the Bit9 Software Reputation Service (SRS). The Bit9 SRS is a cloud-based intelligence database that provides insight into known-good, known-bad and unproven software, giving IT and security teams actionable intelligence about the software installed within their enterprise. The Bit9 SRS aggregates software and threat-intelligence information from Bit9′s threat research team, the Internet, and our threat intelligence partners to provide customers with the most accurate and up to date software reputation data.

Threat Intelligence Alliance Partners


OPSWAT Metscan

Metascan is a server application with a local and network programming interface that allows customers to use multiple antivirus engine scanning technologies in their security architecture. By using many antivirus engines from several leading vendors, Metascan technology increases zero hour detection rates for all types of malware without the hassle of licensing, modifying, and maintaining multiple antivirus engines.

Bit9 has partnered with incident response (IR) consultancy firms to help clients gain immediate access to the Bit9 Security Platform to aid in remediation efforts. As IR teams identify the malicious files used to execute an attack, Bit9 can identify each endpoint and server on which the malware has landed. This immediate visibility enables IR teams to rapidly contain attacks and accelerate remediation efforts.

Incident Response Provider Partners

Accuvant Malware and Incident Response

Accuvant’s Malware and Incident Response services use a unique and comprehensive approach. Accuvant consultants perform the necessary monitoring, identification, response, attribution and remediation, and work with clients to add safeguards against future attacks. Malware and Incident Response services are delivered by expert malware researchers, specialized reverse engineers and forensic investigators, and include threat assessments, managed malware mitigation services, malware emergency response, incident response, incident handling, communication processes and procedures, and forensic investigation.

FishNet Security Incident Management

An effective Incident Management plan requires strategic proactive and reactive policies that enable an organization to reduce risk, achieve compliance, improve operational efficiencies and protect its corporate image. FishNet Security’s Incident Management team includes industry-leading experts in every component of a highly effective plan to ensure a complete end-to-end Incident Management solution for lients.

Sylint Cyber Incident Response

Sylint Cyber Incident Response offers 24/7 rapid response to limit damage, terminate access points and identify assailants. Sylint’s response services involve system analysis, malware collection and review, log analysis, traffic inspection and many other critical components. Cyber Incident Response consultants have extensive knowledge of leading edge threats and incident/breach reporting requirements, and they work discretely with clients, law enforcement agencies and numerous government agencies.

Delivering Endpoint Threat Detection, Response and Protection as a Service

The Bit9 Managed Security Service Provider (MSSP) Partner Program enables security consulting and solution firms the opportunity to deliver Bit9’s leading endpoint threat detection, response and protection platform as a managed advanced threat protection service.

With Bit9’s technology at the core of a managed security service offering, MSSPs are able to offer their customers a complete advanced threat protection service that:

  • Monitors every endpoint in real-time (Windows servers, laptops, desktops) for threat indicators
  • Investigates events to determine severity, accuracy and context
  • Quickly escalates critical events for containment and remediation

If you are interested in becoming an MSSP partner, please contact us at

Managed Security Service Provider Partners

Dell Secure Works

Employing proprietary CTU Endpoint Intelligence technology, the Dell SecureWorks Advanced Endpoint Threat Detection service gives you the earliest possible warning that your endpoints may be hosting an advanced adversary. The fully managed service heightens your security situational awareness by warning you when endpoints may have been compromised and, by accessing extensive intelligence on threat actors and actor tradecraft, accelerates incident response by pinpointing exactly which systems are compromised, how they were compromised, and how you can repair them.

The Advanced Endpoint Threat Detection service works by utilizing lightweight sensors across your servers, laptop and desktop devices. The sensors continuously monitor registry, file system, process tables, memory and other areas of operation for signs of compromise. The “always-on” nature of the solution gives you the earliest possible warning when threat indicators are detected.

To learn more about Dell SecureWorks Advanced Endpoint Threat Detection service, visit:

DataSheet: Bit9 Connect Partner Alliance Program

View Now

Analyst Brief: Bit9 Connect Program Supports Enterprise SOC Objectives

Download Now