Transcript Bit9

Next-Generation
Endpoint and Server Security
Real-time monitoring and
protection for endpoints and servers
©2013 Bit9. All Rights Reserved
Acceleration of Intellectual Property Loss:
Significant Breaches of 2012
Jan
Feb
Feb
Mar
Mar
Apr
Apr
May
May
JunJun
JulyJuly
Aug Aug Sept Sept Oct
Oct
Nov
NY Times article – posted 2/20/2013
Attackers are shifting to delivering UNKNOWN Malware
via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher
Brook)
Palo Alto Networks put out a study recently finding:
• Attackers have shifted from email exploits to web-based exploits
• Web pages load instantly and can be tweaked on the fly versus waiting for
email attack to work
• 94% of undetected malware came from web-browsers or web proxies
• 95% of the FTP based exploits were never detected by anti-virus
• 97% used non-standard ports to infect systems
Palo Alto recommends the following:
•
•
•
•
Investigate unknown traffic
Restrict rights to DNS domains
Real-time detection and blocking
More fully deployed antimalware technology
Have Hackers invented something earth shattering?
USA Today on 3/27/13 by Geoff Collins
Hacking is incredibly easy. Survey data
consistently shows that 80 to 90 percent of
successful breaches of corporate networks
required only the most basic techniques. Hacking
tools are easily acquired from the Internet,
including tools that "crack" passwords in
minutes.
But consider this: a vast majority of hacks are
stunningly simple to deflect with 4 simple steps
So what ARE the four simple measures?
First is "Application white-listing," which allows
only authorized software to run on a computer
or network.
Second is very rapid patching of Operating
Systems.
Third is very rapid patching of software
The fourth is minimizing the number of people
on a network who have "administrator"
privileges
• Can also limit which applications can be installed
Java Problems
Let’s summarize the threat scape…….
Laptops
Results
Have the #1 and #2 most
vulnerable applications running
Threat of stolen IP
Credentials taken
Servers brought off line
Websites hacked and altered
Malware keeps “coming back”
Significant time & money spent
on forensics
Reimaging of machines due to
malware
Loss of productivity
Brand tarnishing
• Java
• Adobe
Access networks and servers
Leave the perimeter regularly
with no control of usage
Use a security tool that looks for
known bad and is minimally
effective
Challenge: Malware Gets on Endpoints and Servers
Endpoint and Server Security
Network Security
Malware gets on machines
400M+
Variants
Desktops & Laptops
Windows & Mac
Next-Gen
Firewall
Anti Virus
Phishing
Virtual/Physical Servers
Anti Virus
Fixed-Function
Anti Virus
“…it’s clear that
blacklist-based
antivirus is fighting
a losing battle…”
Forrester Research
Sept 2012
Virtual
Detonation
Web drive by
Network
Analytics
Zero-day
Network
Monitoring
Watering
holes
SIEM
Memory
IPS/IDS
Bit9: Next-Generation Endpoint and Server Security
Next-Generation
Endpoint and Server Security
Bit9 Solution
Visibility
Desktops & Laptops
1
Detection
Virtual/Physical Servers
Forensics
Real-time sensor and recorder

Actionable Intelligence for every
endpoint and server

Every executable and critical system
resource

Results in days or weeks

Low user, admin, and system impact
Fixed-Function
Protection
2
Real-time enforcement engine

Ban software

Allow only software you trust to run

Highest level of endpoint/server security

Implement as quickly as desired
Bit9 Time to Results: Rapid with Low User/Admin Impact
Customer
Actions
1
2
3
4
Deploy Bit9
Sensor/Recorder on
Endpoints & Servers
Turn on Bit9
Advanced Threat
Indicators
Prioritize
and Investigate
Alerts
Define and
Apply Trust
Policies
Visibility
Detection
Forensics
Protection
Know what’s running
on every computer
right now
Detect advanced
threats in real-time
without signatures
Recorded details about
what’s happened on
every endpoint/server
Stop all untrusted
software from
executing
Days
“Immediate”
“Immediate”
As quickly
as desired
Customer
Benefits
Time to
Results
How Network Security Enhances Endpoint Security
The industry’s first and only network connector
Next-Generation
Network Security
Incoming
files on
network
“Detonate” files
for analysis
Next-Generation
Endpoint and Server Security
Transfer alerts
Correlate
endpoint/server
and network data
Prioritize network alerts
Investigate scope of
the threat
Remediate endpoints
and servers
Submit files automatically
Submit files on-demand
Endpoint
and server files
Automatic analysis of all
suspicious files
On-demand analysis of
suspicious files
Customer Projects Bit9 Can Help With
Projects
Advanced threat protection projects
Resolution
 Bit9 can stop zero-day attacks and advanced
threats
Windows 7/8 roll out
 Bit9 reduces reimaging costs
Removing admin rights
 Bit9 increases security without impeding users
Virtualization
 Bit9 will secure your VDI, virtual servers, or
terminal services
FIM for Servers
 Bit9 ensure no one is tampering with your
servers
Compliance
 Bit9 reduce the operational and cost burden of
AV and still be compliant
Incident Response
 Bit9 can we accelerate your investigation,
forensics, and remediation
Real-Time Security
1 of the Top 10
CHEMICAL
PROVIDERS
Large Chemical Company
Bit9 on 60,000 endpoints and servers
Before Bit9:
• Suspected infections but slow to confirm
After Bit9:
•
•
•
•
Immediately found Advanced threat on executive’s PC
Executable disguised as PDF
Bit9 confirmed malware was only on one machine
Customer removed malware and remediated threat
Visibility
Large Oil Manufacturer Company
Bit9 on 10,000 endpoints and servers
Before Bit9:
• Unknown existing malware
• FireEye Customer
After Bit9:
• They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3
machines.
• With deeper inspection they saw that that malware had dropped another
executable and that malware was on 15 machines.
• FE never saw that malware because it didn’t come through the network. All this
happened very quickly due to the real time visibility.
What Makes Bit9 Unique?
Next-Generation Endpoint and Server Security
Lowest impact on systems, admins
and users
One agent for visibility, detection,
forensics, protection
Real-time monitoring and recording
of endpoints and servers
Bit9 DB
Actionable Intelligence for every
endpoint and server
Real-time integration with
network security
Faster incident response and
remediation
Cross-platform
support
On- and off-network
protection
Windows and Mac
On- and off-network protection
Remote and disconnected users
Proven reliability and scalability
• Most deployments (1,000)
• Windows certified
• Largest scalability
Bit9 Satisfies Many of Your Compliance Needs
Controls
PCI
SOX
NERC CIP
HIPAA
FISMA
Protect
CC Data
Protect
Log Files
Protect
Critical
Endpoints
Protect PII
Protect
Log Files
FIM
FIM
FIM
FIM
FIM
Secure
Infrastructure –
Utilize
Anti-Malware
AV on
Endpoints
and Servers
AV on
Servers
AV on
Endpoints
and Servers
AV on
Endpoints
and Servers
AV on
Servers
Asset Analysis –
Threat and Trust
Measure
Compliance Risk
Vulnerability
Detection
and Ranking
Malicious intent
and Malware
Detection
Risk
Reporting
and
Assessment
Risk Reporting
Vulnerability
Assessment
Security
Policy
and
Awareness
Log and
Records
Audit
and Review
Critical Control
and DR
Plan Review
Security
Awareness
and Data
Privacy Training
Logging and
Authorized
Access Tracking
Protect
Sensitive /Critical
Data
Control
File Assets
Security Policy
Enforcement
and Audit