©2013 Bit9. All Rights Reserved

Next-Generation Endpoint and Server SecurityReal-time monitoring andprotection for endpoints and servers

Acceleration of Intellectual Property Loss: Significant Breaches of 2012

Jan Feb Mar Apr May Jun July Aug Sept OctJan Feb Mar Apr May Jun July Aug Sept Oct Nov

NY Times article – posted 2/20/2013

Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook)

Palo Alto Networks put out a study recently finding:• Attackers have shifted from email exploits to web-based exploits• Web pages load instantly and can be tweaked on the fly versus waiting for

email attack to work• 94% of undetected malware came from web-browsers or web proxies• 95% of the FTP based exploits were never detected by anti-virus• 97% used non-standard ports to infect systems

Palo Alto recommends the following:• Investigate unknown traffic• Restrict rights to DNS domains• Real-time detection and blocking• More fully deployed antimalware technology

Have Hackers invented something earth shattering?

USA Today on 3/27/13 by Geoff Collins

Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes.But consider this: a vast majority of hacks are stunningly simple to deflect with 4 simple steps

president of product management at 1E

So what ARE the four simple measures?

First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems. Third is very rapid patching of softwareThe fourth is minimizing the number of people on a network who have "administrator" privileges• Can also limit which applications can be installed

Java Problems

Laptops Results

Let’s summarize the threat scape…….

Have the #1 and #2 most vulnerable applications running• Java• Adobe

Access networks and serversLeave the perimeter regularly with no control of usageUse a security tool that looks for known bad and is minimally effective

Threat of stolen IPCredentials takenServers brought off lineWebsites hacked and alteredMalware keeps “coming back”Significant time & money spent on forensicsReimaging of machines due to malwareLoss of productivityBrand tarnishing

IPS/IDS

Off-network

Rogue

employees

USB devices

Hacking

Connected to mobile phone

Fixed-Function

Virtual/Physical Servers

Anti Virus

Anti Virus

Next-Gen Firewall

Network Monitoring

SIEM

Network Analytics

Virtual Detonation

Challenge: Malware Gets on Endpoints and Servers

Phishing

Web drive by

Zero-day

Watering holes

Memory

Malware gets on machines

“…it’s clear that blacklist-based antivirus is fighting a losing battle…”

Forrester ResearchSept 2012

Endpoint and Server Security Network Security

400M+ VariantsDesktops & Laptops

Windows & Mac

Anti Virus

Desktops & Laptops

Fixed-Function

Virtual/Physical Servers

Real-time sensor and recorder Actionable Intelligence for every

endpoint and server Every executable and critical system

resource Results in days or weeks Low user, admin, and system impact

1

2 Real-time enforcement engine Ban software Allow only software you trust to run Highest level of endpoint/server security Implement as quickly as desired

Next-GenerationEndpoint and Server Security Bit9 Solution

Bit9: Next-Generation Endpoint and Server Security

Visibility

Detection

Protection

Forensics

Customer Actions

Customer Benefits

Bit9 Time to Results: Rapid with Low User/Admin Impact

Know what’s running on every computer

right now

Days

Visibility

Deploy Bit9 Sensor/Recorder on Endpoints & Servers

1

Detect advanced threats in real-time without signatures

Detection

“Immediate”

Turn on Bit9 Advanced Threat

Indicators

2

Recorded details about what’s happened on

every endpoint/server

Forensics

“Immediate”

Prioritize and Investigate

Alerts

3

Stop all untrusted software from

executing

As quickly as desired

Protection

Define andApply Trust

Policies

4

Time to Results

Transfer alerts

Submit files automaticallySubmit files on-demand

Incoming files on

network“Detonate” files

for analysis

Next-Generation Network Security

Prioritize network alerts

Investigate scope of the threat

Remediate endpointsand servers

Next-GenerationEndpoint and Server Security

Correlate endpoint/server

and network data

Automatic analysis of all suspicious files

On-demand analysis of suspicious files

Endpoint and server files

How Network Security Enhances Endpoint Security The industry’s first and only network connector

Customer Projects Bit9 Can Help With

Projects Resolution

Advanced threat protection projects Bit9 can stop zero-day attacks and advanced threats

Windows 7/8 roll out Bit9 reduces reimaging costs

Removing admin rights Bit9 increases security without impeding users

Virtualization Bit9 will secure your VDI, virtual servers, or terminal services

FIM for Servers Bit9 ensure no one is tampering with your servers

Compliance Bit9 reduce the operational and cost burden of AV and still be compliant

Incident Response Bit9 can we accelerate your investigation, forensics, and remediation

Real-Time Security

Large Chemical CompanyBit9 on 60,000 endpoints and serversBefore Bit9:• Suspected infections but slow to confirm

After Bit9:• Immediately found Advanced threat on executive’s PC• Executable disguised as PDF• Bit9 confirmed malware was only on one machine• Customer removed malware and remediated threat

CHEMICAL

PROVIDERS

1 of the Top 10

Visibility

Large Oil Manufacturer CompanyBit9 on 10,000 endpoints and serversBefore Bit9:• Unknown existing malware• FireEye Customer

After Bit9:• They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3

machines. • With deeper inspection they saw that that malware had dropped another

executable and that malware was on 15 machines. • FE never saw that malware because it didn’t come through the network. All this

happened very quickly due to the real time visibility.

What Makes Bit9 Unique?Next-Generation Endpoint and Server Security

One agent for visibility, detection, forensics, protection

Real-time monitoring and recording of endpoints and servers

On- and off-network protection

Proven reliability and scalability

Bit9 DB

Cross-platform support

Real-time integration with network security

On- and off-network protection

Lowest impact on systems, admins and users

Actionable Intelligence for every endpoint and server

Remote and disconnected users

• Most deployments (1,000)• Windows certified• Largest scalability

Windows and Mac

Faster incident response and remediation

Controls PCI SOX NERC CIP HIPAA FISMA

Protect Sensitive /Critical Data

Protect CC Data

Protect Log Files

Protect Critical

EndpointsProtect PII Protect

Log Files

Control File Assets FIM FIM FIM FIM FIM

Secure Infrastructure – Utilize Anti-Malware

AV on Endpoints

and ServersAV on Servers

AV on Endpoints

and Servers

AV on Endpoints

and ServersAV on Servers

Asset Analysis – Threat and Trust Measure Compliance Risk

Vulnerability Detection

and Ranking

Malicious intentand Malware

Detection

Risk Reporting

and Assessment

Risk Reporting Vulnerability Assessment

Security Policy Enforcement and Audit

Security Policy and

Awareness

Log and Records

Audit and Review

Critical Control and DR

Plan Review

Security Awareness and Data

Privacy Training

Logging and Authorized

Access Tracking

Bit9 Satisfies Many of Your Compliance Needs