Security software adds threat detection, forensics

Bit9 Inc. has extended the capabilities of its whitelist security software by adding the ability to detect risks to enterprises as well as improved analysis of the data collected by its end point agents.

“What we’re adding is complete advanced threat solution,” said Brian Hazzard the company’s vice-president of product management.

The significant enhancements to Bit9’s Security Platform v.7 are free for existing customers and come as a downloadable module.

The platform has always been a trust-based solution that allows administrators to specify software on a so-called whitelist that can be allowed on desktops and laptops. The endpoint agents monitor changes to the environment and sends alerts when other software tries to be installed.

The data gathered by the agents has usually been used by administrators for application control, Hazzard said.

What’s new is the ability to provide advanced threat detection by looking for patterns in the sensor data.

The system now looks for suspicious application behavior, changes in file properties, process injections or alteration of system configuration using what Bit9 calls threat indicators. These leverage Bit9’s existing cloud-based software reputation service, which collects data on who published software and its security risks.

The threat indicators can be customized for each organization’s needs.

In addition, new data analysis capabilities helps security analysts on staff to look at historical as well as real-time data to diagnose what’s going on at end points.

It details what software arrived on an end point, what processes or user created it, if it executed, what it did and other parameters.

This data can also be fed into third-party security information management systems.
RELATED CONTENT

The result of the new capabilities is that Security Platform allows administrators to set three policy levels for application protection, Hazzard said: A low level of enforcement, which detects lets users install software but IT can prevent untrusted apps from executing; a mid level, which prompts a user if the system tries to install untrusted software; and a high level which blocks all unapproved software.

Pricing is unchanged and is based on the number of endpoints covered by the solution. Hazzard said it roughly comes to $30 a device plus $100 a server for the Security Platform suite plus any server needed for the data store. There are volume discounts.

There are two Canadian system integrators listed on the Bit9 Web site: Secure Sense Solutions of Burlington, Ont. and SentryMetrics of Toronto.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now