Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Bit9 Launches New Threat Detection and Forensics Services

Bit9 announced three new threat detection and mitigation capabilities to expand its comprehensive trust-based security platform.

Bit9 announced three new threat detection and mitigation capabilities to expand its comprehensive trust-based security platform.

Bit9’s cloud-service offers additional detection, protection, and forensics capabilities to help enterprises detect advanced threats as soon as they arrive on the network and before they execute, Bit9 said Tuesday. The service can also detect threats already present on their systems.

Advanced threat forensics capabilities are based on continuous monitoring and recording of all the endpoints and servers in the network. The real-time sensor and recorder offers businesses with advanced threat detection, protection, and forensics as a single offering.

“To defend themselves against advanced threats and zero-day attacks enterprises need a security solution that monitors and records all activity on their endpoints and servers—in real time,” Brian Hazzard, vice president of product management at Bit9, said in a statement. “Bit9 offers the only single endpoint and server sensor-and-recorder that provides advanced threat detection, protection, and forensics.”

The detection engine is powered by the company’s Advanced Threat Indicators (ATI) to identify advanced threat patterns in real-time and form a recorded history of all activities detected on the endpoint or server. The platform also takes advantage of the data collected by the company’s cloud-based Software Reputation Service to accurate detect threats and prioritize mitigation.

Organizations can install a single agent on an endpoint or server to provide advanced threat detection, protection and forensics all at once, Bit9 said. The platform aggregates and records data in real time from this agent deployed across every endpoint and server in the enterprise, giving administrators detailed insights into the network without polling or scanning. This mechanism also takes less administrative effort and system resources than multi-agent solutions.

Bit9’s new detection capabilities track and alert on suspicious and malicious activities, including application behavior, file properties, process injection, system configuration, memory, and registry issues. Using Bit9’s threat and reputation service, the platform can identify threats in real-time, in the past, and on a sequence of events, the company said. Bit9 can maintain a recorded history of activities so that it can track a series of events and notice when the threat activates after a “sleeping period,” the company said.

New Advanced Threat Indicators detect attacks that signature-based security solutions can’t, Hazzard said, noting the Bit9’s platform has already “detected malicious files and activities that evaded traditional security solutions.”

Advertisement. Scroll to continue reading.

The forensics capabilities are based on continuous monitoring and recording that delivers instant information about every endpoint and server from a single console, Bit9 said. Administrators and forensics teams can have “immediate information” about every endpoint, such as what software arrived on the system and when, what process or user created it, whether it executed and what it did, whether it deleted or modified itself, where else it was found, and what else happened on the network. This information provides the necessary context to rapidly analyze, contain, and remediate security incidents.

 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet