Bit9 Security Platform

Bit9’s Security Platform provides the visibility, detection, response, and protection capabilities you need to defend your endpoints and servers against advanced threats and malware.

Bit9 contains three core technologies that enable five major capabilities

2014-Bit9-Platform-Graphic

Core Technologies

WhyBit9-Icons-VerticalReal-time sensor and recorder

Once you place Bit9’s lightweight, real-time sensor and recorder on every endpoint, server and fixed-function device you’ll have immediate visibility from a single console into the files, executions and critical system resources on every machine. Bit9’s always-on sensor watches the arrival and (attempted) execution of any file with executable code, memory violations, process behavior, registry settings, attached USB devices, file changes and more. This sensor is the key to Bit9’s real-time visibility, detection, response and protection.

unique-2Real-time enforcement engine

With Bit9, you can choose from different forms of advanced endpoint protection to match your business and systems. Bit9’s unique “detonate-and-deny” approach automatically sends every new file that arrives on any endpoint or server to FireEye or Palo Alto Networks WildFire; if they find malicious files, Bit9 will automatically stop them from running. You also can use Bit9’s proactive “default-deny” approach to ensure only software that you trust can run on your machines. That stops advanced threats and other forms of malware—including targeted, customized attacks that are unique to your organization.

Bit9-Cloud-ServicesBit9 Cloud Services

Bit9′s cloud-based Software Reputation Service constantly crawls the Internet looking for software and calculates a trust rating for it based on attributes such as its age, prevalence, publisher, source, results of AV scans, and more. Bit9 also uses threat intelligence feeds from third parties to identify malicious and suspicious files. You’ll have access to all of this information through the cloud-based Bit9 Software Reputation Service, the world’s most reliable source of software reputation.

Bit9’s Threat Indicator Service provides updates and additions to the Advanced Threat Indicators (ATI) that the Bit9 Security Platform uses to detect advanced threats and zero-day attacks on your endpoints and servers. These ATIs detect advanced threats using a completely different approach than signature-based technology that is inadequate in today’s environment.

Key Capabilities

2014-why-visibilityVisibility

Know what’s running on every computer—right now.

From a single console, Bit9 gives you immediate visibility—without sweeps, scans or polls—into the files, executions and critical system resources on every machine. This visibility tells you if malware is on any of your machines, if it is spreading, what it is doing, etc.

2014-why-detectionDetection

Real-time detection of advanced threats, zero-day attacks and malware.

Bit9 detects advanced threats, zero-day attacks and other malware that evades signature-based detection tools. Bit9 combines real-time sensors, Advanced Threat Indicators and the Bit9 Software Reputation Service to detect advanced threats and malware on your endpoints and servers in real time. No waiting for signature file updates. No testing and updating .dat files. No sweeps, scans or polls. You get immediate proactive signature-less detection.

2014-why-responseResponse

Recorded history for every endpoint and server accelerates analysis and response.

When you need to respond to a threat, Bit9 provides the information you need to analyze, scope, contain and remediate the problem. With Bit9’s recorded details about every machine, you can “go back in time” to see what happened on any of your machines to decode the evolution and spread of an advanced threat. With Bit9, you can also instantly retrieve any file from any computer so you analyze it yourself, submit it to a third party, etc. And you can globally block the execution of any file with a single click.

2014-why-PreventionPrevention

Stop all untrusted software from executing.

With Bit9, you can choose from different forms of advanced endpoint prevention to match your business and systems. Bit9’s unique “detonate-and-deny” approach automatically sends every new file that arrives on any endpoint or server to FireEye or Palo Alto Networks Wildfire; if they find malicious files, Bit9 will automatically stop them from running. You also can use Bit9’s proactive “default-deny” approach to ensure only software that you trust can run on your machines. That stops advanced threats and other forms of malware—including targeted, customized attacks that are unique to your organization.

2014-why-integrationNetwork Security Integration

Correlate network and endpoint data to accelerate response and remediation

Bit9 integrates with FireEye and Palo Alto Networks to give you a holistic defense against advanced attacks. When FireEye or Palo Alto Networks fires an alert that malware has entered your network, Bit9 immediately tells you if the malware has reached any of your computers, if it executed, what it did when it ran, if it spread or deleted itself, etc. This enables you to rapidly prioritize alerts, investigate events and remediate incidents.

Visibility: Know what’s running on every endpoint and server—right now.

  • Real-time intelligence: A single console provides a live inventory of everything that executes on any of your endpoints and servers.
  • Active monitoring: Track—in real time—where files are first seen, if they propagated to other machines, if they executed, etc.
  • Reputation ratings: Immediately see the Bit9 trust rating for files on your system. Have they been seen before? Are they malicious? Can you trust them?

Detection: Get real-time, signature-less detection of advanced threats and zero-day attacks.

  • Advanced Threat Indicators (ATI): Monitor and examine files, registry, processes and memory execution to identify potential compromise or infection.
  • See untrusted files: Spot suspicious files without relying on signatures or blacklists.
  • Detect suspicious behavior: Recognize when advanced attacks are occurring, such as memory violations, suspicious process behavior, configuration changes, operating system tampering and more. There’s no need to test and update .dat files.

Protection: Stop untrusted software from executing.

  • Banning: Block—with a single click—the execution of any executable on any or all endpoints and servers.
  • Default-deny: Define the software you trust and treat everything else as suspicious.
    • Low enforcement—Inform the IT security team about the suspect software but allow it to run uninterrupted.
    • Medium enforcement—Ask the user of the machine on which the suspicious software is trying to run if the execution should be allowed. The user’s decision affects only their machine.
    • High enforcement—Block the execution of any untrusted software until the IT security team formally reviews and approves it.
  • Detonate-deny: Automatically send files that land on endpoints during off-network sessions (home, public, etc.) as well as from USB or mass-media storage devices to FireEye MAS or Palo Alto Networks Wildfire for analysis and Bit9 administrator approval.

Response: A full audit trail for immediate incident analysis, response and compliance.

  • “Go back in time”: From a central console, see what software arrived on any computer, what created it, if it executed, what it did, if it deleted itself, etc.
  • Analyze history: Quickly determine exactly when a malicious file executed as well as the number of times it executed and on what systems.
  • Isolate untrusted software: Instantly filter out “trusted” software to isolate the “untrusted” software without sifting through all your software to find bad files.
  • Determine a file’s trust rating: The Bit9 Cloud-based Software Reputation Service enables you to obtain Bit9’s detailed information about a file’s trust rating, which is based on attributes such as age, prevalence, source, etc.

Integration: A first-of-its-kind integration with network security solutions such as FireEye and Palo Alto Networks for accelerated incident response and remediation.

  • Alert prioritization: Automatically correlate network security alerts with Bit9’s real-time endpoint sensor and recorder data to determine which alerts are actionable.
  • Real-time threat detection: Locate every instance of a suspicious file across your endpoints and servers to accelerate incident response.
  • On-demand analysis & remediation: Automatically submit all new files arriving on your endpoints and servers to network security appliances to immediately stop malicious software from spreading.

Cross-platform support: In this era of cross-platform malware, it’s critical to protect all of your endpoints and servers with a single security solution.

  • Integrated management: A single console that supports both Mac and Windows assets.
  • Virtualized: Optimized for the major virtualization platforms from Citrix, Microsoft and VMware.

Real-time monitoring, recording, and detection

Bit9-Continuously-Monitors-and-Records

 

Once you place Bit9’s lightweight sensor on a computer, Bit9 will scan it once to take a complete inventory of every file with executable code on the machine. This information is sent to the Bit9 database (resident in your environment), where it is recorded and aggregated with the information from your other machines. From that point forward, every Bit9 sensor reports what it sees to the Bit9 database in real time. For example, the instant it sees the arrival of a new file with executable code, it reports the data to your Bit9 database. When you need to know information about your machines–what’s running? What executable code just arrived? What did it do? What arrived and ran yesterday? How many versions of Java do I have?—the information is already in your Bit9 database. You get instant visibility and forensics details without dragging your endpoints down with sweeps, scans or polls.

Bit9’s sensor also watches for indicators of advanced threats in real time, using a signature-less approach to detect advanced threats.

Real-time Protection

Bit9-Multiple-Ways-to-Protect-Endpoints-and-Servers

With Bit9, you can choose from different forms of advanced endpoint protection to match your business and systems. Bit9’s unique “detonate-and-deny” approach automatically sends every new file that arrives on any endpoint or server to FireEye or Palo Alto Networks Wildfire; if they find malicious files, Bit9 will automatically stop them from running. You also can use Bit9’s proactive “default-deny” approach to ensure only software that you trust can run on your machines. That stops advanced threats and other forms of malware—including targeted, customized attacks that are unique to your organization.

video
Bit9+CB Explained in 2 MInutes
video
Video: Renowned Security Expert Richard Clarke on Advanced Threat Protection for Endpoints and Servers

Unlock the Power of Bit9’s Advanced Threat Protection for Endpoints and Servers

Request 5-Day Free Trial

eBook: Why the Endpoint Must be the New Security Focus

View Now

eBook: New Generation Security For Advanced Threats

View Now