News ReleasesCategory3 min read

Bit9 Delivers Three Industry Firsts in Advanced Threat Detection and Forensics

New Advanced Threat Indicators Leverage Bit9’s Real-time Endpoint and Server Sensor and Recorder to Identify Advanced Threats Traditional Tools Can’t

News Summary:
Bit9 announces three industry firsts in advanced detection and forensics:

1. The FIRST real-time endpoint and server sensor and recorder that combines Advanced Threat Detection, Protection and Forensics in a single solution

2. The FIRST Advanced Threat Detection based on continuous endpoint and server monitoring and recording. This new detection capability is powered by Bit9’s new Advanced Threat Indicators (ATI) that:

  • Identify advanced threat patterns in real-time as well as from a recorded history of all activities on an endpoint or server
  • Leverage the cloud-based Bit9 Software Reputation Service for highly accurate detection and prioritization
  • Allow for customization to meet specific organizational needs
  • Are distributed via a cloud-based service

3. The FIRST Advanced Threat Forensics capability based on continuous monitoring and recording of endpoints and servers

WALTHAM, Mass.—March 12, 2013—Bit9, the leader in Trust-based Security, today announced three industry firsts that enhance the industry’s most comprehensive trust-based security platform:

1. The FIRST real-time endpoint and server sensor and recorder that combines Advanced Threat Detection, Protection and Forensics in a single solution

  • Now organizations can install a single agent on an endpoint or server to provide advanced threat detection, protection and forensics all at once.
  • The Bit9 platform aggregates and records data in real time from this agent deployed across every endpoint and server in an enterprise, providing instant enterprise-wide information without polling or scanning.
  • This requires lower administrative effort and system resources than multi-agent solutions.

2. The FIRST Advanced Threat Detection based on real-time, continuous monitoring and recording of all executable files and critical system resources on endpoints and servers. Bit9’s new detection capabilities track and alert on suspicious and malicious activities, including:

  • Application behavior
  • File properties
  • Process injection
  • System configuration
  • Memory
  • Registry
  • And more

This new advanced threat detection capability is powered by Bit9’s new Advanced Threat Indicators (ATI) that:

  • Identify advanced threat patterns based on file and process attributes and behaviors
  • Find threats—in real time, in the past, and based on a sequence of events—that other security solutions miss
  • Are much more efficient than signature-based security solutions
  • Leverage the cloud-based Bit9 Software Reputation Service
  • Are user-definable and customizable
  • Are distributed via a cloud-based service

Typical malware detection solutions rely on scanning technologies or only see malware at a moment in time. Today’s advanced threats are smart enough to act fast to avoid scanning technologies, or they lie in wait to trick moment-in-time solutions. Bit9 offers the only advanced threat detection capabilities that see advanced threats in real-time and maintain a recorded history of activities to detect advanced threats that only activate after a “sleeping” period or through a sequence of actions. This detection capability identifies advanced threats resident on servers and endpoints that other solutions can’t.

Bit9’s Threat Research Team investigates advanced threat patterns and techniques to continuously update Bit9’s cloud-based ATIs so customers have the latest information to detect and stop advanced threats and zero-day attacks. The ATIs, which leverage the cloud-based Bit9 Software Reputation Service and the threat ecosystem, are not signature-based or specific to any single advanced threat. Bit9 customers can tune the ATIs to meet their specific environmental needs.

3. The FIRST Advanced Threat Forensics based on continuous monitoring and recording that delivers instant information about every endpoint and server from a single console. Now Security Operations and Forensics teams can have immediate information about every endpoint and server as well as complete history of all activities on those machines. This provides the necessary context to rapidly analyze, contain, and remediate security incidents, including:

  • What software arrived on any system and when?
  • What process or user created it?
  • Did it execute?
  • What did it do? (e.g., create files, change registry, manipulate processes)
  • Did it delete or change itself?
  • Where else is it? (other endpoints or servers in the organization)
  • What else happened around the same time on one or many systems?
  • What is the trust rating for each file?

Bit9 Executive Quote: Brian Hazzard, vice president of product management

“To defend themselves against advanced threats and zero-day attacks enterprises need a security solution that monitors and records all activity on their endpoints and servers—in real time. However, they want to avoid installing multiple agents that degrade system performance and increase administrative overhead. Bit9 offers the only single endpoint and server sensor-and-recorder that provides advanced threat detection, protection, and forensics. Our new Advanced Threat Indicators detect attacks that signature-based security solutions—especially antivirus and behavioral host intrusion prevention systems (BHIPS)—can’t. This has already produced significant value at our early access customer sites. We’ve detected malicious files and activities that evaded traditional security solutions.

“Bit9 enables enterprises to detect advanced threats as soon as they arrive and execute, as well as threats already present on their systems, which provides a powerful new layer of defense against today’s complex malware.”

About Bit9
The leader in Trust-based Security, Bit9 continuously monitors and records all activity on servers and endpoints to detect and stop cyberthreats that evade traditional security defenses. A cloud-based software reputation service combined with policy-driven application control and allowlisting provide the most reliable form of security in a model that can be rapidly implemented with less maintenance than traditional tools. Bit9 has stopped the most advanced attacks, including Flame, Gauss and the malware responsible for the RSA breach. Almost 1,000 organizations—from Fortune 100 companies to small businesses—use Bit9 to increase security, reduce operational costs, and improve compliance. For more information, visit our website, follow us on Twitter, Facebook and Google+, or call +1 617-393-7400.