VMware Explore Is on the Horizon
VMware Explore Is on the Horizon

Set your sights higher. 4 days. Hundreds of sessions. Endless ideas.

News Releases2 min read

Bit9 is First Security Company to Announce it Stopped Gauss Malware from Executing in its Customer Base

Adds to List of APTs Defeated by Bit9’s Trust-based Security Platform

12.12.12 – WALTHAM, Mass.Bit9, the global leader in Advanced Threat Protection, today announced that its Trust-based Security Platform prevented the Gauss malware from executing in its customer base. This makes Bit9 the first security software company to announce that it has stopped this devastating zero-day threat. It is the most recent example of an advanced persistent threat (APT)—including Flame and the malware responsible for the RSA breach—that Bit9 successfully blocked before it could attack customers’ servers, laptops and PCs.

Gauss is one of a growing line of specialized, highly targeted cyberweapons that traditional antivirus and antimalware products cannot detect. Gauss—which was targeted at financial institutions in the Middle East to steal bank account credentials and other information—was built with much of the same code as Flame, providing strong evidence that the same entity created it, according to Bit9 Chief Technology Officer Harry Sverdlove.

Click to Tweet: @Bit9 announces that its Trust-based Security Platform is first to stop #Gauss malware #appcontrol #allowlisting

“When the Gauss malware was identified publicly in August, we checked our logs and determined that Bit9’s Trust-based Security Platform had done its job perfectly and prevented the unknown files from executing in our customer base,” said Sverdlove. “That’s the beauty of a trust-based approach to security built on policy-driven allowlisting and application control. Bit9 doesn’t need to know the name of the file or that it is inherently malicious. When software appears that we haven’t seen before and has no trust, we automatically stop it from running. Advanced persistent threats require an advanced persistent solution, and that’s exactly what Bit9 delivers to keep our customers’ intellectual property safe.”

Sverdlove said the audit trail showed that Gauss first tried to execute on a customer’s network in January of 2012 and was stopped by Bit9. This scenario replayed itself many times over several months with the same positive result each time, long before details of the malware became publicly known. This is the same way the company prevented Flame and other APTs from inflicting damage on its customers. “Bit9 stopped more than a dozen variants of Gauss that the antivirus community didn’t know about, even after Gauss had been identified. And we’re stopping the next zero-day attack before the world even knows it exists. That’s what we do, every day for every customer,” said Sverdlove.

Jon Oltsik, senior principal analyst, Enterprise Strategy Group, said: “Traditional antivirus and antimalware are effective against malicious files with known signatures, and should be part of a defense-in-depth approach for any organization. But an increasing number of sophisticated and targeted advanced malware attacks that have never been seen before and do not have known signatures cannot be stopped by traditional AV. That’s why a different approach—such as Bit9’s Trust-based Security Platform—is needed against APTs and zero-day attacks. Policy-based application control and allowlisting can be highly effective in protecting organizations against potentially devastating cyberattacks.”

About Bit9
Bit9, the global leader in Advanced Threat Protection, protects the intellectual property (IP) of the world’s leading brands with innovative, trust-based security solutions that detect and prevent sophisticated malware and cyberthreats. Bit9 stops advanced persistent threats (APTs) by combining real-time sensors, cloud-based software reputation services, continuous monitoring and trust-based application control and allowlisting. Bit9 is the only company to stop both Flame and the malware that caused the RSA breach. For more information, visit our website, follow us on Twitter, Facebook and Google+, or call +1 617-393-7400.