Advanced Threat Prevention

Stop Advanced Attacks with Proactive, Customizable Malware Protection

Signature-based security solutions are no longer sufficient to protect your organization against advanced and targeted threats. You need a proactive endpoint prevention solution that provides multiple forms of prevention to stop advanced attacks from infiltrating your organization.


Bit9 + Carbon Black is the only security provider that empowers you to choose from three different forms of prevention to deploy the right level of protection for each stakeholder in your organization.


Bit9 + Carbon Black Advanced Threat Prevention Model

Three Forms of Advanced Threat Prevention:

Default-Deny: The heart of Bit9+Carbon Black’s proactive prevention capabilities, our proven, proprietary, policy-driven approach to whitelisting allows only software you trust to run and treats everything else as suspicious. To minimize end-user impact, Bit9+Carbon Black has developed three levels of “Default-Deny” protection:

  • Low enforcement: Records all device activity but allows all programs to run uninterrupted by default, unless explicitly banned by IT. IT can set up alerts to be notified of suspicious activity.
  • Medium enforcement: End-user approval is required before any unauthorized application can run. User-driven approvals are limited to only that end-user’s machine. All device activity is recorded and logged for IT.
  • High enforcement: Allows only software IT has approved as trusted to run, all other software requires explicit approval. All device activity is recorded and logged for IT.

“Default-Deny” is the industry’s best protection against malware, advanced attacks and zero-day threats and is recommended in high-enforcement mode for servers, point-of-sale and fixed-function devices, as well as high-risk desktop and laptop devices containing sensitive information.

Detonate-and-Deny: This form of proactive prevention enables the Bit9 Security Platform to automatically send files from endpoints to Check Point, FireEye or Palo Alto Networks to be detonated and evaluated for suspicious behaviors and, if necessary, Bit9 administrative approval. Example use cases of this include sending all files from USB or other removable media for testing before execution, or having off-line devices automatically send all new executables for examination upon reconnecting to the network. This ensures that your devices are protected and threats identified, even when operating outside the corporate network, such as while at a conference or using a public network.

To learn more about the Bit9 + Carbon Black integration with next-generation firewalls and threat detonation partners, visit: network security.

Detect-and-Deny: This third form of prevention enables a security administrator to identify malicious files and as desired, individually or globally, ban those files with little to no end-user impact. This is true even if a malicious program has already executed on a device, because administrators can apply retroactive protection

Bit9 + Carbon Black Customizable Endpoint Threat Prevention

Corporate Brochure:
Endpoint threat prevention. Detection and response in seconds.

View Now

Solution Brief:
Customizable Advanced Threat Prevention

View Now

Data Sheet:
Bit9 Security Platform

View Now

Case Study:
Municipal School District

View Now
Bit9 + Carbon Black