Bit9 has announced three enhancements to its trust-based security platform, a real-time endpoint and server sensor and recorder that combines Advanced Threat Detection, protection and forensics in a single solution
Organisations can install a single agent on an endpoint or server to provide advanced threat detection, protection and forensics all at once. The Bit9 platform aggregates and records data in real time from this agent deployed across every endpoint and server in an enterprise, providing instant enterprise-wide information without polling or scanning. This requires lower administrative effort and system resources than multi-agent solutions.
Bit9’s new detection capabilities track and alert on suspicious and malicious activities, including application behaviour, file properties, process injection, system configuration, memory and registry,
This new advanced threat detection capability is powered by Bit9’s new Advanced Threat Indicators (ATI) that:
* Identify advanced threat patterns based on file and process attributes and behaviours
* Find threats—in real time, in the past, and based on a sequence of events—that other security solutions miss
* Are much more efficient than signature-based security solutions
* Make use of the cloud-based Bit9 Software Reputation Service
* Are user-definable and customisable
* Are distributed via a cloud-based service
Typical malware detection solutions rely on scanning technologies or only see malware at a moment in time. Today’s advanced threats are smart enough to act fast to avoid scanning technologies, or they lie in wait to trick moment-in-time solutions. Bit9 offers the only advanced threat detection capabilities that see advanced threats in real-time and maintain a recorded history of activities to detect advanced threats that only activate after a “sleeping” period or through a sequence of actions. This detection capability identifies advanced threats resident on servers and endpoints that other solutions can’t.
Bit9’s Threat Research Team investigates advanced threat patterns and techniques to continuously update Bit9’s cloud-based ATIs so customers have the latest information to detect and stop advanced threats and zero-day attacks. The ATIs, which leverage the cloud-based Bit9 Software Reputation Service and the threat ecosystem, are not signature-based or specific to any single advanced threat. Bit9 customers can tune the ATIs to meet their specific environmental needs.
The first Advanced Threat Forensics based on continuous monitoring and recording that delivers instant information about every endpoint and server from a single console. Now Security Operations and Forensics teams can have immediate information about every endpoint and server as well as a complete history of all activities on those machines. This provides the necessary context to rapidly analyse, contain, and remediate security incidents, including:
* What software arrived on any system and when?
* What process or user created it?
* Did it execute?
* What did it do? (e.g., create files, change registry, manipulate processes)
* Did it delete or change itself?
* Where else is it? (other endpoints or servers in the organisation)
* What else happened around the same time on one or many systems?
* What is the trust rating for each file?
Brian Hazzard, vice president of product management at Bit9 commented, “To defend themselves against advanced threats and zero-day attacks enterprises need a security solution that monitors and records all activity on their endpoints and servers—in real time. However, they want to avoid installing multiple agents that degrade system performance and increase administrative overhead. Bit9 offers the only single endpoint and server sensor-and-recorder that provides advanced threat detection, protection, and forensics. Our new Advanced Threat Indicators detect attacks that signature-based security solutions—especially antivirus and behavioural host intrusion prevention systems (BHIPS)—can’t. This has already produced significant value at our early access customer sites. We’ve detected malicious files and activities that evaded traditional security solutions.
“Bit9 enables enterprises to detect advanced threats as soon as they arrive and execute, as well as threats already present on their systems, which provides a powerful new layer of defense against today’s complex malware.”