Bit9 Launches New Threat Detection and Forensics Services

Bit9 announced three new threat detection and mitigation capabilities to expand its comprehensive trust-based security platform.

Bit9’s cloud-service offers additional detection, protection, and forensics capabilities to help enterprises detect advanced threats as soon as they arrive on the network and before they execute, Bit9 said Tuesday. The service can also detect threats already present on their systems.

Advanced threat forensics capabilities are based on continuous monitoring and recording of all the endpoints and servers in the network. The real-time sensor and recorder offers businesses with advanced threat detection, protection, and forensics as a single offering.

“To defend themselves against advanced threats and zero-day attacks enterprises need a security solution that monitors and records all activity on their endpoints and servers—in real time,” Brian Hazzard, vice president of product management at Bit9, said in a statement. “Bit9 offers the only single endpoint and server sensor-and-recorder that provides advanced threat detection, protection, and forensics.”

The detection engine is powered by the company’s Advanced Threat Indicators (ATI) to identify advanced threat patterns in real-time and form a recorded history of all activities detected on the endpoint or server. The platform also takes advantage of the data collected by the company’s cloud-based Software Reputation Service to accurate detect threats and prioritize mitigation.

Organizations can install a single agent on an endpoint or server to provide advanced threat detection, protection and forensics all at once, Bit9 said. The platform aggregates and records data in real time from this agent deployed across every endpoint and server in the enterprise, giving administrators detailed insights into the network without polling or scanning. This mechanism also takes less administrative effort and system resources than multi-agent solutions.

Bit9’s new detection capabilities track and alert on suspicious and malicious activities, including application behavior, file properties, process injection, system configuration, memory, and registry issues. Using Bit9’s threat and reputation service, the platform can identify threats in real-time, in the past, and on a sequence of events, the company said. Bit9 can maintain a recorded history of activities so that it can track a series of events and notice when the threat activates after a “sleeping period,” the company said.

New Advanced Threat Indicators detect attacks that signature-based security solutions can’t, Hazzard said, noting the Bit9’s platform has already “detected malicious files and activities that evaded traditional security solutions.”

The forensics capabilities are based on continuous monitoring and recording that delivers instant information about every endpoint and server from a single console, Bit9 said. Administrators and forensics teams can have “immediate information” about every endpoint, such as what software arrived on the system and when, what process or user created it, whether it executed and what it did, whether it deleted or modified itself, where else it was found, and what else happened on the network. This information provides the necessary context to rapidly analyze, contain, and remediate security incidents.