Advanced Threat Indicators (ATI). Bit9’s threat research team constantly analyzes advanced threats to identify the common techniques threat actors use and build them into Advanced Threat Indicators in the Bit9 platform. Bit9’s ATIs monitor and examine many system facets, including files, registry, process and memory execution, to identify potential compromise or infection. Because the Bit9 platform maintains a recorded history of every endpoint and server, it is uniquely able to apply time-based indicators that can ‘reach back in time’ to effectively identify more advanced threats and malware than any other detection tools. In addition, you also can create custom ATIs specifically for your environment.
Detection of suspicious behavior. Bit9 detects when advanced attacks are occurring by looking for indications of advanced threats, such as memory violations, suspicious process behavior, registry changes, operating system tampering, and more. For example:
If Adobe Acrobat or Microsoft Excel spawns an unknown executable on your computer, it’s probably malicious.
Processes shouldn’t run out of your recycle bin.
Executables shouldn’t have JPEG or PDF extensions.
And so on.
Bit9’s cloud-delivered Advanced Threat Indicators detect the presence of advanced threats by using Bit9’s real-time sensor to detect the techniques commonly used by advanced threat actors.
Detection of untrusted file execution. Bit9’s real-time endpoint sensor and recorder continuously monitor all new software that arrives and attempts to execute on a machine. If that software is not covered in your set of trust policies, or if it has a malicious trust rating, Bit9 will inform you. This approach detects advanced threats without relying on signatures or blacklists. And Bit9’s detection is immediate, not a scan-and-snapshot approach that will miss most advanced threats that often morph, spread laterally and cover their tracks to hide the fact they were ever there.