Tuesday, October 02, 2012

#SECURITY: "Turning cyber security on its head"

As malware becomes more sophisticated, its safer to only install and run known-trusted software apps instead of just scanning apps for viruses and assuming they are otherwise safe. By controlling the application environment, and only allowing certified trusted apps to run, even next-generation malware can the thwarted: R. Colin Johnson

Bit9's dashboard for information technology (IT) department tracks files, softrware, and "drift" from standard configurations plus provides a panic button (lower left) that locks down all connected systems to High Enforcement Level.

Here is what EETimes says about Bit9: As cyber security threats diversify, the most advanced solutions are upending the detection paradigm—from removing malicious software to installing only trusted software in the first place. Once considered too cumbersome for everyday use by IT departments, trust-based security—called application control—is now ready for mainstream IT departments, cloud deployments and virtualized environments, according to security software provider Bit9 Inc...

Bit9's database of known good apps can be access with its Parity Knowledge Service which evaluates whether software is trustworthy, here rejecting a file of unknown origin.

Here is what Bit9 says: Bit9, the global leader in Advanced Threat Protection, today introduced three industry-first breakthroughs to protect organizations against advanced threats and malware. Version 7.0 of the Bit9 security suite—which is available worldwide—delivers trust-based security that goes far beyond traditional whitelisting (a list of trusted software) and application control (stopping untrusted software). The industry firsts and enhancements in v7.0 include:

The first security solution to deliver IT- and cloud-driven trust: Bit9’s latest release enables IT organizations to create trust policies that leverage the trust ratings in Bit9’s cloud-based reputation service, the Global Software Registry™ (GSR), the largest database of trust ratings in the world, with 6 billion records indexed. This capability enables end users to install software without involvement from IT as long as the software has a sufficiently high trust rating from Bit9. This cuts administrative overhead and user impact by up to 40 percent, reducing both cost and effort. When combined with the ability to create specific IT-driven trust policies, Bit9 customers enjoy the lowest administrative overhead and user impact of any application control/whitelisting solution.

The first trust-based application control solution optimized for virtualized environments: Many organizations believe virtual environments are inherently secure because they can be reimaged each day. That fallacy creates a major security gap because 85 percent of advanced threat attacks do their damage within minutes, according to the Verizon 2012 Data Breach investigations Report. Bit9’s new features eliminate repeated disk scans, multiple initializations of cloned virtual machines, problematic gold image updates, and other issues that plague traditional application control products in virtualized environments. This new release delivers the highest security, performance and reliability for all virtualized environments including virtual desktop infrastructure (VDI), server virtualization and terminal services/session virtualization.

The first application control solution with the features, scalability and integration to protect the largest enterprises: With support for up to 250,000 endpoints per Bit9 server, v7.0 is the first application control solution that scales to meet the needs of organizations of any size. It now includes roles-based access control to make it easy and effective to administer within existing team structures and groups. Through open APIs and prebuilt integrations, Bit9’s solution also interoperates with existing security solutions, including SEIMS, log management systems, software delivery tools, patch management products, and ticketing systems.

Enhanced server security: Servers are the target of advanced threats because that's where an organization's intellectual property resides. Bit9 delivers enhanced memory protection, file integrity monitoring and device control to provide a single trust-based application control solution across all enterprise systems—servers, desktops and laptops.

Organizations of all types and sizes use the Bit9’s trust-based security approach as a key element in dealing with all aspects of advanced threats and malware, including incident response, forensics, detection and protection. Bit9 today also announced the new Bit9 Managed Administrative Service (see news release [link to title]), which enables organizations to outsource the day-to-day operations of administering trusted software to Bit9, while retaining overall control of their corporate security policies...
Further Reading