Why Detection Complements Protection in the Fight Against Advanced Threats

DetectionWhen Bit9 announced several innovations in advanced threat detection and forensics this week, you may have wondered why a company known for protecting customers against advanced threats is now offering detection. The answer is simple: Advanced threat detection complements our protection capabilities.

The Bit9 Platform prevents untrusted software from executing on your endpoints and servers. Our new detection capabilities add insight and another layer of defense to the equation, providing IT teams with instant information about what’s happening in the ecosystem—without polling or scanning.

Adding detection to our platform delivers four key capabilities:

  1. Detects advanced threats that were present on endpoints and servers before installing Bit9
  2. Alerts on advanced threats when the Bit9 platform is being used in low and medium enforcement modes
  3. Adds context for IT admins when Bit9 stops untrusted software in medium and high enforcement modes
  4. Adds another layer of defense to your security posture

We see detection as a natural extension of the capabilities of our real-time sensor and recorder capabilities. Our platform sees and captures everything that happens on your endpoints and servers, in real time and historically. Now we’ve made it possible to take advantage of this data to detect advanced threat techniques, including:

  • Creation/execution of untrusted software
  • Suspicious registry changes
  • Unauthorized USB devices
  • Unauthorized process and memory access
  • File integrity changes
  • OS/application tampering
  • User session changes

This advanced threat detection capability is enabled by our new Advanced Threat Indicators (ATI), which:

  • Identify advanced threat patterns based on file and process attributes and behaviors
  • Find threats—in real time, in the past and based on a sequence of events—that other security solutions miss
  • Are more efficient than signature-based security solutions
  • Leverage the cloud-based Bit9 Software Reputation Service
  • Are user-definable and customizable
  • Are distributed via a cloud-based service

The creators and distributors of advanced malware and targeted attacks are increasingly persistent in their efforts, which means you need the most comprehensive and powerful tools to defend your endpoints and servers—and the vital information on them. Bit9 is watching and recording what’s happening on your systems—24/7/365.

Try It Now – 5-Day Free Trial

via Why Detection Complements Protection in the Fight Against Advanced Threats | Bit9 Blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: