Application White Listing, Black Listing & Baselining
Why Bit9?
Traditional Security Solutions Cannot Protect Against todays advanced threats and malware.
Today’s Cyberthreats Your number-one goal as an IT security professional is to protect your organization from advanced threats and malware. But with today’s evolving threat landscape and the security industry’s 20-year-old signaturebased security tools, this is becoming increasingly harder to do.
How do you Stop Advanced Threats and Malware?
By adopting the approach that thought-leaders recommend: Only allow software you trust to run in your environment and deny everything else by default. That stops all forms of malware— including targeted, customized attacks specifically aimed at your organization that evade signature-based approaches.
What makes Bit9 Unique?
Adopting a Trust-Based Approach has three simple requirements:
Real-time visibility into every server, endpoint and fixed-function machine.
You need to monitor every form of executable (programs, scripts, etc.) and every critical system resource (memory, processes, registries, files, USB devices, etc.) on every machine. This visibility must be real-time and continuous. Most malware does its damage within 15 minutes and then morphs or deletes itself. Scans and snapshots don’t work.
Define your trust policies.
What software do you trust? Which publishers? What update mechanisms? What directories or users? Once you define what you trust, all other software is immediately considered suspicious.
Thought leaders agree on two simple points:
How does Bit9 Work?
Core Technologies
Trust
At the core of the Bit9 solution is a policy-driven trust engine in which you specify the software that you trust to run in your enterprise. You also can use the file trust ratings in the Bit9 Software Reputation Service to set thresholds for users who are allowed to download and install their own software. These trust policies drive the application control and whitelisting engine in Bit9 that detects any untrusted software that enters your environment and protects you by stopping its execution.
Real-time Sensor and Recorder
Once you place Bit9’s real-time sensor and recorder on every endpoint, server and fixed-function device you’ll have immediate visibility from a single console into the files, executions, devices and critical system resources on every machine. Bit9’s always-on sensor watches the arrival and (attempted) execution of files, memory violations, process behavior, registry settings, attached devices, file changes and more. This sensor is the key to Bit9’s real-time visibility, detection, protection and forensics.
Bit9 Cloud Services
The Bit9 Software Reputation Service (SRS) crawls the Internet looking for software and calculates a trust rating for it based on attributes such as its age, prevalence, publisher, source, results of AV scans and more. Bit9 also uses threat intelligence feeds, including one from a leading Internet research company’s malware hash registry, to identify malicious and suspicious files. You’ll have access to all of this information through the Bit9 SRS, the world’s most reliable source of software trust. The Bit9 Threat Indicator Service provides updates and additions to the Advanced Threat Indicators (ATI) that the Bit9 Security Platform uses to detect advanced threats and zero-day attacks. These ATIs monitor and examine many system facets, including files, registry, process and memory execution to identify potential compromise or infection.
Major Capabilities
Visibility
Continuous monitoring and recording for every computer. From a single console, get immediate visibility into the files, executions, and critical system resources on every machine under Bit9 protection. This visibility gives you the confidence of knowing what has arrived and executed on every system in your organization.
Detection
Detect advanced threats and zero-day attacks in real time. Detect advanced threats, zero-day attacks, and malware that evade signature-based detection tools. Combine real-time sensors, Advanced Threat Indicators (ATI), and the Software Reputation Service to pro-actively detect advanced threats and malware. No waiting for signature file updates. No testing and updating .dat files. Just immediate proactive detection.
Forensics
A full audit trail accelerates analysis and response. When you suspect that you have a threat incident, Bit9 provides the information you need to analyze, scope, contain and remediate the problem. You can “go back in time” to see what happened in the past, understand what is happening right now, isolate untrusted software and determine the trust rating for any file.
