Advanced Threat Detection

Detect advanced threats, zero-day attacks and malware that evade blacklisting and signature-based detection tools.

The Bit9 Security Platform combines real-time sensors, Advanced Threat Indicators (ATI) and the cloud-based Bit9 Software Reputation Service to immediately detect advanced persistent threats and malware. You won’t wait for signature file updates. No testing or updating .dat files.

Advanced Threat Indicators (ATI). Bit9’s threat research team constantly analyzes advanced threats to identify the common techniques threat actors use and build them into Advanced Threat Indicators in the Bit9 platform. Bit9’s ATIs monitor and examine many system facets, including files, registry, process and memory execution, to identify potential compromise or infection. Because the Bit9 platform maintains a recorded history of every endpoint and server, it is uniquely able to apply time-based indicators that can ‘reach back in time’ to effectively identify more advanced threats and malware than any other detection tools. In addition, you also can create custom ATIs specifically for your environment.

Bit9 Advanced Threat Detection CapabilitiesDetection of suspicious behavior. Bit9 detects when advanced attacks are occurring by looking for indications of advanced threats, such as memory violations, suspicious process behavior, registry changes, operating system tampering, and more. For example:

  • If Adobe Acrobat or Microsoft Excel spawns an unknown executable on your computer, it’s probably malicious.
  • Processes shouldn’t run out of your recycle bin.
  • Executables shouldn’t have JPEG or PDF extensions.
  • And so on.

Bit9’s cloud-delivered Advanced Threat Indicators detect the presence of advanced threats by using Bit9’s real-time sensor to detect the techniques commonly used by advanced threat actors.

Bit9 Real Time Detection CapabilitiesDetection of untrusted file execution. Bit9’s real-time endpoint sensor and recorder continuously monitor all new software that arrives and attempts to execute on a machine. If that software is not covered in your set of trust policies, or if it has a malicious trust rating, Bit9 will inform you. This approach detects advanced threats without relying on signatures or blacklists. And Bit9’s detection is immediate, not a scan-and-snapshot approach that will miss most advanced threats that often morph, spread laterally and cover their tracks to hide the fact they were ever there.

If you detect an event that could be an invasion or infection, Bit9 provides the forensics information you need to rapidly respond to the incident.

video
Video: Bit9's Real-time Signature-less Malware Detection for Endpoints and Servers
video
Video: Bit9 Advanced Persistent Threat Detection

Unlock the Power of Bit9′s Advanced Threat Protection for Endpoints and Servers

Request 5-Day Free Trial

Solution Brief: Defeating the Hydra: Detecting Advanced Attacks

View Now

ebook: Detecting and Stopping Advanced Attacks

View Now

Bit9 Corporate Brochure

View Now