Inc. has extended the capabilities of its whitelist security software by adding the ability to detect risks to enterprises as well as improved analysis of the data collected by its end point agents.
“What we’re adding is complete advanced threat solution,” said Brian Hazzard the company’s vice-president of product management.
The significant enhancements to Bit9’s Security Platform v.7 are free for existing customers and come as a downloadable module.
The platform has always been a trust-based solution that allows administrators to specify software on a so-called whitelist that can be allowed on desktops and laptops. The endpoint agents monitor changes to the environment and sends alerts when other software tries to be installed.
The data gathered by the agents has usually been used by administrators for application control, Hazzard said.
What’s new is the ability to provide advanced threat detection by looking for patterns in the sensor data.
The system now looks for suspicious application behavior, changes in file properties, process injections or alteration of system configuration using what Bit9 calls threat indicators. These leverage Bit9’s existing cloud-based software reputation service, which collects data on who published software and its security risks.
The threat indicators can be customized for each organization’s needs.
In addition, new data analysis capabilities helps security analysts on staff to look at historical as well as real-time data to diagnose what’s going on at end points.
It details what software arrived on an end point, what processes or user created it, if it executed, what it did and other parameters.
This data can also be fed into third-party security information management systems.
The result of the new capabilities is that Security Platform allows administrators to set three policy levels for application protection, Hazzard said: A low level of enforcement, which detects lets users install software but IT can prevent untrusted apps from executing; a mid level, which prompts a user if the system tries to install untrusted software; and a high level which blocks all unapproved software.