Professional Documents
Culture Documents
Looking Ahead
Information Email
Everyone’s a Target
Endpoint Exposure
Domain Controller
Vulnerabilities
Governments are
Getting Involved
Building a Trust-based
Security Framework
Bit9: Trust-based
and Proactive
About Bit9
Information Email
Contents
Letter from the CEO................................................................................................................3
Everyone’s a Target.................................................................................................................6
Learn More by clicking Cautionary Tales: .....................................................................................................................7
on these “live” symbol Where’s Your Weak Spot?
when you see them.
Endpoint Exposure.................................................................................................................8
WhitePaper/
White Paper/
DataSheet
Data Sheet Server Security Challenges..................................................................................................9
Workbook
Workbook Older Security Models:....................................................................................................... 14
Too Little, Too Late
Blog
Blog
Building a Trust-based ....................................................................................................... 15
Security Framework
Information
Information
Better Security, Less ............................................................................................................ 16
Administrative Effort
About Bit9............................................................................................................................... 18
Information Email
Hacking used
to be more of
a game. Now Letter from
it’s a business. the CEO 3
Examples 1998: CIH 2001: Code Red 2006: Nyxem 2010: Stuxnet
1999: Melissa 2003: SQL Slammer, Blaster, Sobig.F 2007: Zeus 2011: Morto Worm
2000: ILOVEYOU 2004: Bagle, MyDoom, Sasser 2011: SpyEye
2012: Gauss
2012: Flame
Information Email
Hacking used
to be more of
a game. Now Attacks: Proliferating
it’s a business. and Diversifying 5
Table of Contents
Table of Contents Think You’re not Big Enough or Strategic Enough to Target?
A 2012 Bit9 survey found that while Healthcare
government was the sector that most expected As the adoption and exchange of the Electronic
to be attacked in the next six months, right Medical Record (EMR) escalates, so too have the
behind them came the healthcare, technology regulations and challenges related to securing
and retail sectors. electronic Protected Health Information (ePHI).
LEARN MORE Half the smaller companies (with 100-500 The potential access to ePHI has given rise to
Survey
White Paper employees) surveyed felt they would be more advanced attacks by financially motivated
Advanced
2012 Bit9
Threat
Cyber
Landscape:
Security targeted by a cyber attack within the next cybercriminals. In fact, between September 2009
What Organizations
ResearchNeed
Report
to six months. and February 2012, nearly 20 million Americans
Know –Frost & Sullivan
Threat Advisor had the privacy of their ePHI breached.
A Better and Easier
Webinar
Way to Retail and Consumer
Defendand
Detecting POSStopping
Systems According to Verizon’s 2012 Data Breach Control Systems
Advanced Attacks
Threat Advisor Investigations Report, retail and consumer Critical industrial and infrastructure
Law Firms are eBook
Facing (R&C) businesses are breached more often than control systems are facing increasingly
Duis autem Advanced Attacks
vel eum iriure do-
any other industry. sophisticated cyber attacks. Industry sectors,
lor in he ndrerit in vulputate
Threat Advisor such as energy, utilities, transportation,
velit esse mol es ti. If you’re like most R&C businesses, you don’t
Securing Protected Health
have an abundance of IT resources to protect water supply, communications, chemicals
Advanced Threat
Information
Duis autem vel eum iriure do- your information assets against advanced and manufacturing, are all vulnerable to
Threat Advisor
lor in he ndrerit in vulputate threats. At the same time, you need to meet complicated “digital weapons.”
Control Systems are Under
velit esse mol es ti consequat,
Advanced Attack consumer expectations for 24/7 business The consequences of compromised and
vel illum dolore eu feu.
availability that cut into network service sabotaged Industrial Control Systems
windows, putting yet more pressure on IT. (ICS), including supervisory control and
data acquisition (SCADA) systems and the
Law Firms programmable logic controllers (PLC) they
Law firms work with and manage highly command, can lead to explosions, spills and
sensitive corporate data that is increasingly property damage, as well as the potential loss
valued by sophisticated cybercriminals. of life.
According to the American Bar Association
(ABA), when seeking to obtain critical, protected
information about corporations, attackers
are frequently looking at that organization’s
network of partners and suppliers—including
their law firm—rather than attacking the
corporation head on.
Information Email
Hacking used
to be more of
a game. Now Cautionary Tales:
it’s a business. Where’s Your Weak Spot? 7
Table of Contents Opportunities Abound Luckily, while the malware was unsuccessful at
Across all industries and sectors, all infrastructures a data breach, PCs were unavailable to clinical
have four key areas that are typical points of users for six hours while IT investigated.
entry for attackers: domain controllers, servers, The cleanup process was expensive – and the
endpoints and virtual systems. hospital’s reputation was put at risk. Read more »
On this page, you’ll find examples of challenges
faced by companies in defending each type Challenge: Server Security
LEARN MORE of asset. Follow the link to learn how you, like A large financial technology provider suffered a
they, successfully meet them. breach in one of its customer-facing data centers.
Case Study
Fortune 1000 Company Almost a thousand servers were under attack.
Protects Servers with Bit9 Challenge: Endpoint Security All were running McAfee® antivirus software,
Case Study The IT team in a large healthcare facility but that was not enough to detect or prevent
International Communications manages thousands of desktops and laptops the spread of harmful malware.
Company Locks Down that employ antivirus software.
Domain Controller With critical company and customer data at
But antivirus protection alone was no match for risk, the IT department had to take action fast.
the three computer viruses that attacked the Read more »
network within a six-month span.
Challenge: Domain Controller Security
An international communications company
was running 225 domain controllers storing
Internet credential and authentication information
company-wide.
There was growing concern that attackers
could exploit perimeter machines, appropriate
permissions and passwords, and gain access to
valuable data.
The company was in the process of evaluating
solutions when a breach occurred. Read more »
Physical Servers
Challenge: Virtual Systems Security
Virtual Servers
An attack on an ISP leveraged an orphaned and
forgotten virtual machine (VM), a virtual server
created in haste but then abandoned. Because
the VM fell off the asset list, patching was
overlooked, and it became the perfect place for
an attacker to sit unnoticed. Read more »
Fixed-Function End-User
Customer Endpoints, Desktops and Laptops
POS Systems, ATMs
Information Email
Hacking used
to be more of
a game. Now
it’s a business. Endpoint Exposure 8
85 calendar/scheduling.
% allow personal devices for 68% of IT
decision makers ranked
security as the most
important concern
Table of Contents Domain Controllers Once access to domain controllers has been
Domain controllers are prime targets for established, cybercriminals can exfiltrate an
advanced persistent attacks, designed to entire organization’s user logins and passwords
infiltrate and allow cybercriminals to maintain a in less than 15 minutes.
presence without detection.
Recovery is Costly
Domain controllers store credential and If your domain controller is compromised, it’s not
authentication information for every user at an just users whose passwords need to be changed.
LEARN MORE organization (as well as machines and processes).
Every business application and server has
Threat
WhiteAdvisor
Paper In contrast to single-purpose “smash-and-grab” machine-to-machine or application-to-
Advanced
Protecting
Threat
Your
Landscape:
Domain attacks that might target credit card numbers on application credentials that they use to
What Organizations
Controllers
Need to a specific server, advanced persistent attacks are
Know –Frost & Sullivan access resources.
Video designed to steal these “keys to the kingdom.”
Domain Webinar
Controllers In many cases, these credentials are hard-
Detecting and Stopping
Webinar Stealth and Speed coded into the application or configuration of
Advanced Attacks Armed with an organization’s user credentials, the system.
Gone in 15 minutes...Protect
Domain Controllers
Your eBook
from attackers can come and go from the network, These, too, reside on the domain controllers,
Duis autem thevel
Advanced Threat
eum iriure do- masquerading as legitimate users to access
lor in he ndrerit in vulputate
and changing these credentials, while
business-critical servers, databases and continuing to operate a business, can be
velit esse mol es ti.
intellectual property. daunting, if not impossible.
Advanced Threat
Duis autem vel eum iriure do- Besides stealth, the speed of such an attack This is another reason why domain controllers
lor in he ndrerit in vulputate makes it extremely difficult to identify, let are such valued targets.
velit esse mol es ti consequat, alone stop.
vel illum dolore eu feu.
Table of Contents
“Most damage from an Installed primarily for performance purposes,
these VPNs are routed through designated
attack occurs in the first ports in firewalls.
Backhauls may inadvertently present a
15 minutes.” “superhighway” to the data center once the
attacker has landed on a desktop.
Virtual Servers Despite the promise of VDI to the end user,
LEARN MORE In contrast to Gartner’s finding, a recent rapidly rebooting new desktops can be
Threat
WhiteAdvisor
Paper Bit9 survey found that nearly half of survey problematic. Persistence of data, such as
Advanced
SecuringThreat
VirtualLandscape:
Machines respondents believed their virtual servers were browser add-ons, history, cookies, bookmarks/
What Organizations Need to
Webinar more secure than physical ones. favorites, etc., can be particularly frustrating for
Know –Frost & Sullivan
Virtualization – Your Biggest the end user.
The theory: If one VM is compromised, other
Webinar
Security Gap
Detecting and Stopping VMs and the host system should remain VDI also presents questions of protecting local
Video
Advanced Attacks unaffected. You just power down and relaunch hard disks and connections to other databases.
Protecting Virtual Desktops
andeBook
Servers a new “clean” VM.
Duis autem vel eum iriure do- Other Virtual Attack Vectors
The reality: Most advanced attacks are
lor in he ndrerit in vulputate Other VM architecture components present
velit esse mol es ti. designed to avoid detection. And, even if you
potential attack vectors: virtual networks,
suspect and reboot, it is very likely too late (most
Advanced Threat live migration network traffic between VMs
Duis autem vel eum iriure do- damage is done within the first 15 minutes).
(typically unencrypted), and the hypervisor
lor in he ndrerit in vulputate Advanced Persistent Threats (APTs) will continue,
velit esse mol es ti consequat, console operating system itself.
vel illum dolore eu feu.
either by reusing the same method or via a
The very ease of creating VMs (VM “sprawl”)
package left behind elsewhere on your system.
exacerbates this challenge. Making sure
Virtual Desktops proliferating VMs are properly configured and
There are also some new real-world security patched, as well as decommissioned, can be an
challenges with Virtual Desktop Infrastructure IT nightmare.
(VDI).
Some VDI implementations deploy “backhauls,”
virtual private networks (VPNs) between virtual
desktops and provisioning servers in the
data center.
Information Email
Hacking used
to be more of
a game. Now We are All Getting Smarter
it’s a business. about Security 12
Table of Contents Bottom line: IT/security pros know they need to know “every-
thing, everywhere” to protect themselves against advanced
attacks. Security tools must be integrated and automated to
keep the job of protecting enterprise systems manageable.
LEARN MORE
Survey
White Paper
IT/Security Pros are Aware of The majority believe that the implementation
AdvancedBit9
Threat
Cyber
Landscape:
Security the Danger of best practices and better security policies will
What Organizations
ResearchNeed
Report
to According to the results of a 2012 survey have the biggest impact on improving cyber
Know –Frost & Sullivan conducted by Bit9, IT and security professionals security against advanced threats.
Survey
Focus on Europe:Webinar
Bit9 Cyber are well aware of the changing nature of cyber
Security Research
Detecting Report
and Stopping attacks, how advanced attacks target their What IT/Security Believes
Advanced Attacks
infrastructure, and what they would like to see Nearly two-thirds feel their companies will be
eBook as the most effective strategies for protecting targeted by a cyber attack in the next six months.
Duis autem vel eum iriure do-
their organizations. Two-thirds feel the increase in attacks are real,
lor in he ndrerit in vulputate
velit esse mol es ti. not hype, due to growing numbers of hacktivists,
Advanced Threat cybercriminal groups and nation-states.
Duis autem vel eum iriure do-
More than half identified domain controllers
lor in he ndrerit in vulputate
velit esse mol es ti consequat, as their most important – and most vulnerable
vel illum dolore eu feu. Biggest Impact on Improving – assets.
the State of Cyber-Security?
But 60% are not confident that their current
security is highly effective in protecting them.
Best Practices and Better
58% Security Policies For those in retail and hospitality, endpoints
are most valuable and vulnerable – and only
26% feel confident that their current security
The Individual Employees
20% within an Organization is effective.
Government Regulation
7% and Law Enforcement
If Breached 96% of
Security and IT Professionals Agree
the Public Should be Notified
Information Email
Hacking used
to be more of
a game. Now Governments
it’s a business. are Getting Involved 13
Table of Contents Antivirus Software and HIPS It’s the right idea, but older whitelisting
According to the Ponemon Institute, 77% of solutions have had significant problems:
respondents believe that criminal activities have •• Not sufficiently fine-tuned – just a specific list
evaded their firewalls, 67% their antivirus and of files, often blocking allowable functionality
anti-malware controls, and 60% their intrusion
•• The scale of some of these technologies has
detection and prevention systems.*
fallen short of enterprise demands
Advanced attacks are typically highly
•• Cumbersome in the ways they implement
LEARN MORE customized and unlikely to appear on the
policy
Video White Paper “blacklists” of known threats on which antivirus
Advanced
Bit9’s Trust-Based
Threat Landscape:
Solution (AV) software depends. This last issue is especially key. A solution that
WhatProtects
Organizations
RetailersNeed
Where
to takes more, rather than less, security and IT staff
Know –Frost
Antivirus
& Sullivan
Fails And, like AV, Host Intrusion Prevention Systems time is not moving in the right direction when it
(HIPS) rely on blacklists and are scan-based
Webinar
eBook comes to defending against advanced attacks.
Detecting and Stopping (versus continuous), with no sensor to analyze
Advanced Attacks systems in real time. Trust-based Security: A Proactive
WhiteeBook
Paper As a result, detection is typically too late: Model for Real-Time Protection
Duis
Realistic
autemSecurity,
vel eum Realistically
iriure do- 70-80% of organizations learn of infiltration Forward-leaning trust-based models move
lor in he ndrerit
Deployed:
in vulputate
Today’s beyond the limitations of older blacklist and
Application
velit esse
Control
mol esand
ti. from outside authorities, partners or, worse,
customers, long after they have been whitelist solutions, outperforming them in four
Whitelisting
Advanced Threat key areas:
Duis autem vel eum iriure do- compromised.
lor in he ndrerit in vulputate And what you do learn from reactive models is
•• Visibility that allows you to know what’s
velit esse mol es ti consequat,
too little to help track down all the components running on every computer, without
vel illum dolore eu feu. scanning or polling
of malware or help in anticipating future attacks.
•• Real-time detection of advanced threats and
Older “Whitelisting” Technology zero-day attacks
In the past, “whitelisting” application control
•• Protection that stops all untrusted software
tools tried to solve the “too little, too late”
from executing – not based on a static list but
problems of the reactive model by recognizing
on dynamic, real-time indicators
legitimate functionality and excluding
everything else. •• Forensics, with a full audit trail that
accelerates analysis and response
*Proactive Threat Management Identified as Top Need in Ponemon Institute Research Report
Information Email
Hacking used
to be more of
a game. Now Building a Trust-based
it’s a business. Security Framework 15
Table of Contents Visibility: Know What’s Running on Forensics: Full Audit Trail Accelerates
Every Computer – Right Now Analysis and Response
A proactive security posture gives you full When you suspect you have a threat incident,
visibility into files, executions and critical system you need to analyze, scope, contain and
resources on every machine. remediate the problem.
Only continuous monitoring can identify The same continuous monitoring that gives you
suspicious activity across endpoints, servers visibility into what’s happening in real time also
LEARN MORE and fixed-function devices – right now, not allows you to “go back in time” when needed.
White Paper after the fact. This helps you see what happened in the past,
Realistic
Advanced Security,
Threat Realistically
Landscape:
Detection: Real-Time Protection understand what is happening right now,
What Organizations
Deployed: Need
Today’s
to
Application
Know –Frost Control
& Sullivan
and against Advanced Threats and isolate untrusted software, and determine the
Whitelisting Zero-Day Attacks trust rating for any file.
Webinar
White
Detecting Paper
and Stopping Blacklisting and signature-based detection
Advanced Against
Advanced Protection Attacks
Does Your Security Posture:
tools have no awareness of unique, ✓✓Identify and investigate threats missed by
Advanced Threats: Trust is
eBook customized attacks.
Your Best Defense
Duis autem vel eum iriure do-
other security tools?
lor in he ndrerit in vulputate A trust-based security model detects when ✓✓Provide actionable events that increase
velit esse mol es ti. untrusted software arrives and attempts analyst efficiency and shorten response time?
Advanced Threat to execute.
✓✓Leverage external network intelligence
Duis autem vel eum iriure do-
Other suspicious or unauthorized behavior and enrichment to gain insight into an
lor in he ndrerit in vulputate
velit esse mol es ti consequat, is also detected in real-time: unauthorized attack’s nature?
vel illum dolore eu feu. memory access or changes to registries,
✓✓Establish the capability to rapidly modify
processes or user sessions and/or OS/
or adjust security control configuration to
application tampering.
gain insight?
Protection: Stop All Untrusted ✓✓Deploy a cyber-analytics portal that uses
Software from Executing timely access to security and infrastructure
Proactive trust-based security solutions enable log data?
you to define the software that you trust to run. ✓✓Offset the “carbon (human) layer” of the
Everything else is denied by default. It’s the enterprise’s security model?
only way to stop targeted, customized attacks ✓✓Stop the lateral movement of an attacker
that are unique to your organization. once inside the organization?
✓✓Deter the widest spectrum of malware-
based attacks?
Information Email
Hacking used
to be more of
a game. Now Better Security,
it’s a business. Less Administrative Effort 16
Table of Contents Trust-based Security Protects Engineering co-ops would then review the SOI,
your Bottom Line and, if required, a member of the IS team was
What if you were able to improve the brought in, and a threat assessment team of
performance of your security environment to three got involved.
better prepare and protect your organization If the malware had successfully gained
against advanced threats, reduce audit costs, command and control of a system, a one- to
and minimize unplanned work? three-person forensics team was brought in.
LEARN MORE Reduced Downtime for End Users None of this staff cost (up to eight people)
Worksheet
White Paper With a reactive security model requiring would be incurred if executables are stopped
Advanced
Getting (and
Threat
Staying)
Landscape:
Ahead of frequent updates, the work of line-of-business before they run – to say nothing of the ultimate
Advanced
What Organizations
Threats: A Need
Workbook
to
(LOB) end users can be stopped completely cost of the successful attack!
for Assessing
Know –Frost
Your& Advanced
Sullivan
Threat Protection Posture when security detects an advanced threat or
Webinar Integration with Network Security
DetectingWhite Paper
and Stopping
is encumbered by the overhead of security
software and policies. Solutions
Removing the Advanced
EndpointAttacks
Blind
Spot: Augmenting
A trust-based security framework can also help
eBook Better Use of IT and Ops Talent leverage your investment in network security
SIEM Filters with Trust and
Duis autem vel eum iriure do-
Threat Indicators
lor in he ndrerit in vulputate How much time (and cost) does your current solutions which send out alerts on suspicious
velit esse mol es ti. security model require in IT and operations staff files entering the network.
Advanced Threat responding to outages or reimaging systems Rather than staff having to research each one,
Duis autem vel eum iriure do- when they are corrupted? a trust-based system automatically filters out
lor in he ndrerit in vulputate
In a proactive model where only trusted nonactionable events, prioritizing those that are
velit esse mol es ti consequat,
vel illum dolore eu feu. software is allowed to run, you recapture time high impact for rapid incidence response.
previously spent on security patching, incident Real-time endpoint sensors tell you every
response, reimaging systems, and maintaining place malware may have landed. Based on
AV software. analysis of recorded information on previous
activity, malware can be automatically banned,
Increasing Security Staff Effectiveness
updating security policies.
You may have invested in a Security
Information and Event Management (SIEM) The integration should work the other way as
system to help security staff identify, mitigate well: suspicious files detected off network (e.g.,
and track incidents. via USB) are sent for detonation and analysis by
network security solutions.
The economics of playing catch-up working in
a reactive security model are not encouraging.
Prior to using a trust-based security platform,
one company was seeing between 10 and 20
systems of interest (SOI) a day, each of which
was routed to the Information Security (IS) team
by email.
Information Email
Hacking used
to be more of
a game. Now Bit9: Trust-based
it’s a business. and Proactive 17
Table of Contents The Bit9 Security Platform The result is real-time detection without
having to test and update data files or wait for
Four essential capabilities are applied in
signature file updates.
concert, and an enterprise’s application
infrastructure is strengthened and able to 3. Protection
safeguard itself against the harmful effects of Bit9’s proactive, trust-based security solution
today’s advanced threats. enables you to define the software you trust to
The Bit9 Security Platform also integrates run in your organization.
LEARN MORE with network security solutions and the Everything else is denied by default. As a
White Paper SIEMs filter and prioritizes suspicious result, advanced threats and other forms of
Advanced
Advanced Protection
Threat Landscape:
Against activity with the highest impact on malware are stopped in their tracks – including
What
Advanced
Organizations
Threats:Need
Trustto
Is
systems. targeted, customized attacks that are unique
KnowYour
–Frost
Best&Defense
Sullivan
to your organization.
Data
Webinar
Sheet 1. Visibility
Detecting
Bit9 Security
and Stopping
Platform From a single console, Bit9 provides immediate 4. Forensics
Advanced Attacks When you suspect you have a threat incident,
visibility into the files, executions and critical
eBook system resources on every machine protected – Bit9 provides the information you need to
Duis autem vel eum iriure do- no scanning or polling required. analyze, scope, contain and remediate the
lor in he ndrerit in vulputate
problem.
velit esse mol es ti. This visibility ensures that you know what has
Advanced Threat arrived and executed on every system in your You can “go back in time” to see what happened
Duis autem vel eum iriure do- company. in the past, understand what is happening right
lor in he ndrerit in vulputate now, isolate untrusted software, and determine
velit esse mol es ti consequat, 2. Detection the trust rating for any file.
vel illum dolore eu feu. Bit9’s trust-based approach combines real-
time sensors, Advanced Threat Indicators
(ATIs), and the Bit9 Software Reputation
Service to proactively detect advanced
threats and malware.
Information Email
About Bit9 18
Follow us online: