Advanced Threat Watch:

Looking Ahead
Information Email

Letter from the CEO

The Bad Guys Are Open

for Business

Attacks: Proliferating and

Diversifying

Everyone’s a Target

Where’s Your Weak Spot?

Endpoint Exposure

Server Security Challenges

Domain Controller
Vulnerabilities

Virtual System Vulnerabilities

We Are All Getting Smarter

about Security

Governments are
Getting Involved

Older Security Models:

Too Little, Too Late

Building a Trust-based
Security Framework

Better Security, Less

Administrative Effort

Bit9: Trust-based
and Proactive

About Bit9
 Information Email

Contents
Letter from the CEO................................................................................................................3  

The Bad Guys are ....................................................................................................................4

Open for Business

Attacks: Proliferating ............................................................................................................5

and Diversifying

Everyone’s a Target.................................................................................................................6
Learn More by clicking Cautionary Tales: .....................................................................................................................7
on these “live” symbol Where’s Your Weak Spot?
when you see them.
Endpoint Exposure.................................................................................................................8
WhitePaper/
White Paper/
DataSheet
Data Sheet Server Security Challenges..................................................................................................9

Domain Controller Vulnerabilities.................................................................................. 10

Webinar
Webinar
Virtual System Vulnerabilities.......................................................................................... 11
Video
Video
We are All Getting................................................................................................................ 12
Smarter about Security
ThreatAdvisor
Threat Advisor
Governments are Getting Involved............................................................................... 13

Workbook
Workbook Older Security Models:....................................................................................................... 14
Too Little, Too Late
Blog
Blog
Building a Trust-based ....................................................................................................... 15
Security Framework
Information
Information
Better Security, Less ............................................................................................................ 16
Administrative Effort

Bit9: Trust-based and Proactive...................................................................................... 17

About Bit9............................................................................................................................... 18
 Information Email
Hacking used
to be more of
a game. Now Letter from
it’s a business. the CEO 3

Table of Contents Welcome

We at Bit9 have put together this eBook Two core components are required in a
to give you a quick review of where things next-generation security platform: first,
stand on both sides of the cyber battle. a real-time sensor and recorder that can
continuously monitor all new software
Cybercriminals launching advanced
LEARN MORE
that arrives and attempts to execute
attacks are smart. They operate as

Video White Paper on systems.
businesses, with R&D leveraging the
Advanced
CEOThreat
PatrickLandscape:
Morley on
What
the Past,
Organizations
Present andNeed
Future
to latest tools for crafting Advanced This is essential to provide the detection
of
Know
Trust-based
–Frost & Security
Sullivan
Persistent Threats (APTs). and analysis required to allow security
Webinar
Detecting and Stopping
professionals to prioritize and respond to
The bad learn from one another.
Advanced Attacks attacks as quickly as possible.
As attacks proliferate, they diversify
eBook
Duis autem vel eum iriure do- into “families.” The second core component is the ability
lor in he ndrerit in vulputate
to enforce policies based on trust, which
velit esse mol es ti. In this eBook, we look at some recent
Advanced Threat
allows you to specify the software that you
advanced attacks and how they’ve
Duis autem vel eum iriure do- trust to run in your enterprise; everything
lor in he ndrerit in vulputate targeted specific assets within a variety
velit esse mol es ti consequat,
else by default is suspect or denied.
of industries.
vel illum dolore eu feu.
We’ve included links to a wide array of
Our surveys show that security and
resources for you to learn more about
IT professionals – and governments
advanced attacks and how to improve
worldwide – are becoming increasingly
your own security posture.
aware of the dangers advanced threats
pose to their endpoints, servers, domain Please visit the Resources page of our
controllers and virtual environments. website. It’s a quick way to stay current
on news and trends in the advanced
Security models are evolving to address
threat landscape.
the unique characteristics of advanced
threats that continue to go undetected Sincerely,
by older, reactive security technologies.

Patrick Morley, CEO, Bit9, Inc.

 Information Email
Hacking used
to be more of
a game. Now The Bad Guys
it’s a business. are Open for Business 4

Table of Contents “…Most malware is specifically designed to steal critical or

sensitive data for monetary gain or economic advantage
(nation-state economic espionage).” –Frost & Sullivan, 2012
Who are They? Cybercrime is a Business
LEARN MORE Hacking used to be more of a game: showing Cyber attackers run their operations like
off a hacker’s prowess, getting publicity – businesses.
White Paper
Advanced Threat Landscape: especially within the hacking community. •• “Purchasing agents” acquire readily available
What Organizations
What Organizations
Need to Today’s cyber attacks are “weaponized,” malware.
Know –Frost
Need&toSullivan
Know
–Frost & Sullivan
designed and used by: •• “R&D” weaves malware into customized
Webinar
eBook
Detecting and Stopping •• Hacktivists to disrupt business continuity of advanced attacks.
Advanced
Detecting Attacks
and Stopping targeted organizations •• “Strategic planning” prepares for the long
Advanced Attacks
eBook •• Well-funded for-profit cybercriminals and haul (stealing data and intellectual property
autem vel eum iriure
Duis Video
do- nation-states to “exfiltrate” valuable1990’s data persistently over time).
lor in he Bit9
ndrerit in vulputate
Board Member
velit
Richard esseDiscusses
Clarke mol es ti.
and intellectual property. •• “Operations” exercise remote command and
Industrial Espionage control for months, if not years.
Advanced Threat
Duis autem vel eum iriure do-
lor in he ndrerit in vulputate
velit esse mol es ti consequat,
vel illum dolore eu feu. 1990s Present
Access Overt (Showing off ) Stealthy

Motive Vandalism Profit, Espionage

and/or Damage

Methods One Stage/Component Targeted

Indiscriminate, Mass Distribution Multi-faceted, Persistent
Common Vulnerability Zero Day

Examples 1998: CIH 2001: Code Red 2006: Nyxem 2010: Stuxnet
1999: Melissa 2003: SQL Slammer, Blaster, Sobig.F 2007: Zeus 2011: Morto Worm
2000: ILOVEYOU 2004: Bagle, MyDoom, Sasser 2011: SpyEye
2012: Gauss
2012: Flame
 Information Email
Hacking used
to be more of
a game. Now Attacks: Proliferating
it’s a business. and Diversifying 5

Table of Contents

Flame Gauss Mini-Flame Shamoon

LEARN MORE

Webinar
White Paper
Advanced
The Future
Threat
of Cyber
Landscape:
Attacks
Faster and Stealthier Families, Copycats and Mac Attacks
What Organizations Need to Advanced attacks are designed for stealth In the cyber underworld, sharing technology is
Video
Know –Frost & Sullivan
The Future of Cybersecurity
and persistence. commonplace, which leads to variants (400+
variants today, 1M new each day) that can be
ThreatWebinar
Advisor Bloor Research reports that Flame, an
Detecting and Stopping
Don’t Get Burned by Flame advanced attack aimed at stealing information used for entirely different targets.
Advanced Attacks
Threat Advisor from industrial systems, was said to have In May 2012, Flame – perhaps the largest and
eBook
A Family Affair: bypassed 43 different antivirus and host most comprehensive cyber-espionage toolkit
Duis autem vel eum iriure do-
Stopping Gauss intrusion detection and prevention systems known to date – was discovered. In July, we
lor in he ndrerit in vulputate
velit esse mol es ti. over an eight-month period. saw a more surgical variant dubbed mini-Flame,
Advanced Threat Some advanced attacks are designed to go also designed to steal data.
Duis autem vel eum iriure do- undetected for years. In August, Gauss was discovered. Based on
lor in he ndrerit in vulputate
velit esse mol es ti consequat, According to Frost & Sullivan, today’s malware the same development platform as Flame, it
vel illum dolore eu feu. evolves almost every 20 seconds into new and targeted banking and financial institutions.
more dangerous variants – and some can bring The copycat Shamoon attacks crudely
an enterprise network to a complete halt in less masqueraded as a Flame variant, but rather
than a minute. than stealing information from oil and gas
companies, it was designed to destroy data.
Malware is not designed exclusively for PCs; the
Flashback Trojan attacked more than 600,000
Macs in 2012.
 Information Email
Hacking used
to be more of
a game. Now
it’s a business. Everyone’s a Target 6

Table of Contents Think You’re not Big Enough or Strategic Enough to Target?
A 2012 Bit9 survey found that while Healthcare
government was the sector that most expected As the adoption and exchange of the Electronic
to be attacked in the next six months, right Medical Record (EMR) escalates, so too have the
behind them came the healthcare, technology regulations and challenges related to securing
and retail sectors. electronic Protected Health Information (ePHI).
LEARN MORE Half the smaller companies (with 100-500 The potential access to ePHI has given rise to

Survey
White Paper employees) surveyed felt they would be more advanced attacks by financially motivated
Advanced
2012 Bit9
Threat
Cyber
Landscape:
Security targeted by a cyber attack within the next cybercriminals. In fact, between September 2009
What Organizations
ResearchNeed
Report
to six months. and February 2012, nearly 20 million Americans
Know –Frost & Sullivan
Threat Advisor had the privacy of their ePHI breached.
A Better and Easier
Webinar
Way to Retail and Consumer
Defendand
Detecting POSStopping
Systems According to Verizon’s 2012 Data Breach Control Systems
Advanced Attacks
Threat Advisor Investigations Report, retail and consumer Critical industrial and infrastructure
Law Firms are eBook
Facing (R&C) businesses are breached more often than control systems are facing increasingly
Duis autem Advanced Attacks
vel eum iriure do-
any other industry. sophisticated cyber attacks. Industry sectors,
lor in he ndrerit in vulputate
Threat Advisor such as energy, utilities, transportation,
velit esse mol es ti. If you’re like most R&C businesses, you don’t
Securing Protected Health
have an abundance of IT resources to protect water supply, communications, chemicals
Advanced Threat
Information
Duis autem vel eum iriure do- your information assets against advanced and manufacturing, are all vulnerable to
Threat Advisor
lor in he ndrerit in vulputate threats. At the same time, you need to meet complicated “digital weapons.”
Control Systems are Under
velit esse mol es ti consequat,
Advanced Attack consumer expectations for 24/7 business The consequences of compromised and
vel illum dolore eu feu.
availability that cut into network service sabotaged Industrial Control Systems
windows, putting yet more pressure on IT. (ICS), including supervisory control and
data acquisition (SCADA) systems and the
Law Firms programmable logic controllers (PLC) they
Law firms work with and manage highly command, can lead to explosions, spills and
sensitive corporate data that is increasingly property damage, as well as the potential loss
valued by sophisticated cybercriminals. of life.
According to the American Bar Association
(ABA), when seeking to obtain critical, protected
information about corporations, attackers
are frequently looking at that organization’s
network of partners and suppliers—including
their law firm—rather than attacking the
corporation head on.
 Information Email
Hacking used
to be more of
a game. Now Cautionary Tales:
it’s a business. Where’s Your Weak Spot? 7

Table of Contents Opportunities Abound Luckily, while the malware was unsuccessful at
Across all industries and sectors, all infrastructures a data breach, PCs were unavailable to clinical
have four key areas that are typical points of users for six hours while IT investigated.
entry for attackers: domain controllers, servers, The cleanup process was expensive – and the
endpoints and virtual systems. hospital’s reputation was put at risk. Read more »
On this page, you’ll find examples of challenges
faced by companies in defending each type Challenge: Server Security
LEARN MORE of asset. Follow the link to learn how you, like A large financial technology provider suffered a
they, successfully meet them. breach in one of its customer-facing data centers.
Case Study
Fortune 1000 Company Almost a thousand servers were under attack.
Protects Servers with Bit9 Challenge: Endpoint Security All were running McAfee® antivirus software,
Case Study The IT team in a large healthcare facility but that was not enough to detect or prevent
International Communications manages thousands of desktops and laptops the spread of harmful malware.
Company Locks Down that employ antivirus software.
Domain Controller With critical company and customer data at
But antivirus protection alone was no match for risk, the IT department had to take action fast.
the three computer viruses that attacked the Read more »
network within a six-month span.
Challenge: Domain Controller Security
An international communications company
was running 225 domain controllers storing
Internet credential and authentication information
company-wide.
There was growing concern that attackers
could exploit perimeter machines, appropriate
permissions and passwords, and gain access to
valuable data.
The company was in the process of evaluating
solutions when a breach occurred. Read more »

Physical Servers
Challenge: Virtual Systems Security
Virtual Servers
An attack on an ISP leveraged an orphaned and
forgotten virtual machine (VM), a virtual server
created in haste but then abandoned. Because
the VM fell off the asset list, patching was
overlooked, and it became the perfect place for
an attacker to sit unnoticed. Read more »

Fixed-Function End-User
Customer Endpoints, Desktops and Laptops
POS Systems, ATMs
 Information Email
Hacking used
to be more of
a game. Now
it’s a business. Endpoint Exposure 8

Table of Contents Endpoints Point of Sale Systems

Today’s knowledge workers have access to a As the gateway through which a high volume
stunning array of devices they can employ to of sensitive data passes, POS systems are
drive the business forward. routinely targeted by malicious entities looking
Unfortunately, this diversity also affords hackers to lift and exploit financial data. Retailers
more opportunities to infiltrate critical systems. understand the security challenges they face,
but many remain unable to adequately protect
Corporate IT departments are under immense these systems due to a continued reliance on
LEARN MORE pressure to protect these endpoints – and the legacy antivirus solutions.
Webinar company’s brand reputation – from the harmful
Application Control: An
effects of data loss, theft and corruption. And while the aftereffects of a customer data
Essential Endpoint Security breach are worrisome in their own right,
Component –Forrester IT must find a way to safeguard the organization organizations must also grapple with how
White Paper and prevent downtime from infection and such an event will affect ongoing Payment
9 Common Oversights that remediation – without limiting the freedom Card Industry Data Security Standard (PCI
Lead to PCI Gaps and required to maximize user effectiveness and
Data Breaches DSS) compliance – or face the steep penalties
productivity. associated with failing to meet these
White Paper
Moving Beyond a requirements.
Porous Perimeter
Animation
Protect Your Store Systems
and Achieve PCI Compliance
What Type of Access do Employers Allow?

96% allow personal devices to access

corporate email.

85 calendar/scheduling.
% allow personal devices for 68% of IT
decision makers ranked
security as the most
important concern

71% allow employee-owned mobile

devices to access their network.
driving their policy.
 Information Email
Hacking used
to be more of
a game. Now
it’s a business. Server Security Challenges 9

Table of Contents Servers Intellectual Property on Servers

As the hub for such a wide array of mission- The combination of increasing global
critical and customer-facing applications and competition, the digitalization of IP, and
data – including intellectual property—servers ubiquitous Internet access has made corporate
have become popular targets of hackers and trade secrets a lucrative target for advanced
criminal entities. attackers:
What makes servers particularly vulnerable •• Marathon Oil, Exxon Mobil, and Conoco
LEARN MORE is the fact that they cannot be returned to a Phillips lost valuable “bid data” detailing the

Video White Paper useable state as quickly or as easily as a desktop quantity, value and location of oil discoveries
Advanced Threat
Server
Landscape:
Security system can. worldwide.
What Organizations Need to
Threat Advisor Regardless of the scale or success of the attack, •• A U.S. metallurgical company lost technology
Know –Frost & Sullivan
Cyber Threats Target that cost $1 billion, and required 20 years of
once infected, a server must revert to a backup
Webinar
Intellectual Property
image, hindering the availability of key revenue- development, to cyber espionage based in
Detecting and Stopping
Survey
Advanced Attacks generating applications and services. China.
Server Security Survey
eBook •• American Superconductor Corporation’s
Animation
Duis autem vel eum iriure do-
Bit9 Server Security Survey
stock dropped 83% in the months following
Protect your Servers
lor in he ndrerit in vulputate •• In 2012, targeted malware continues to be the
theft of its turbine control system source
velit esse mol es ti. top server security concern for 52.4% of survey
code stolen from its servers in Austria.
Advanced Threat respondents – up 15% over last year’s survey.
Duis autem vel eum iriure do- •• The number of respondents confirming they
lor in he ndrerit in vulputate
velit esse mol es ti consequat, had either been attacked or were uncertain
as to whether they had been attacked rose
vel illum dolore eu feu. Findings highlight the
to 43%.
•• Confidence in the ability to identify and stop increased need for greater
advanced threats has dropped.
control in identifying and
•• Twelve percent of the survey group ranked
“too much administrative effort on security stopping advanced attacks
solution” as even more of a concern than
actual attacks.
on valuable server resources
•• Forty-three percent of respondents use more before they execute – while
than 1 FTE to manage server security.
decreasing the security-related
administrative workloads of IT
and security professionals.
 Information Email
Hacking used
to be more of
a game. Now Domain Controller
it’s a business. Vulnerabilities 10

Table of Contents Domain Controllers Once access to domain controllers has been
Domain controllers are prime targets for established, cybercriminals can exfiltrate an
advanced persistent attacks, designed to entire organization’s user logins and passwords
infiltrate and allow cybercriminals to maintain a in less than 15 minutes.
presence without detection.
Recovery is Costly
Domain controllers store credential and If your domain controller is compromised, it’s not
authentication information for every user at an just users whose passwords need to be changed.
LEARN MORE organization (as well as machines and processes).
Every business application and server has
Threat
WhiteAdvisor
Paper In contrast to single-purpose “smash-and-grab” machine-to-machine or application-to-
Advanced
Protecting
Threat
Your
Landscape:
Domain attacks that might target credit card numbers on application credentials that they use to
What Organizations
Controllers
Need to a specific server, advanced persistent attacks are
Know –Frost & Sullivan access resources.
Video designed to steal these “keys to the kingdom.”
Domain Webinar
Controllers In many cases, these credentials are hard-
Detecting and Stopping
Webinar Stealth and Speed coded into the application or configuration of
Advanced Attacks Armed with an organization’s user credentials, the system.
Gone in 15 minutes...Protect
Domain Controllers
Your eBook
from attackers can come and go from the network, These, too, reside on the domain controllers,
Duis autem thevel
Advanced Threat
eum iriure do- masquerading as legitimate users to access
lor in he ndrerit in vulputate
and changing these credentials, while
business-critical servers, databases and continuing to operate a business, can be
velit esse mol es ti.
intellectual property. daunting, if not impossible.
Advanced Threat
Duis autem vel eum iriure do- Besides stealth, the speed of such an attack This is another reason why domain controllers
lor in he ndrerit in vulputate makes it extremely difficult to identify, let are such valued targets.
velit esse mol es ti consequat, alone stop.
vel illum dolore eu feu.

Total Attack Time

Locate and Target
Under 15 Minutes! Vulnerable User
Perform
Drop Connect to Reconnaissance
Payload Domain Controller

Move Laterally, Searching

for Access Points
Gain Elevated
Privileges

Execute Exfiltrate Existing Create New Clean Up

Payload Credentials Credentials Tracks
 Information Email
Hacking used
to be more of
a game. Now Virtual System
it’s a business. Vulnerabilities 11

Table of Contents
“Most damage from an Installed primarily for performance purposes,
these VPNs are routed through designated
attack occurs in the first ports in firewalls.
Backhauls may inadvertently present a
15 minutes.” “superhighway” to the data center once the
attacker has landed on a desktop.
Virtual Servers Despite the promise of VDI to the end user,
LEARN MORE In contrast to Gartner’s finding, a recent rapidly rebooting new desktops can be
Threat
WhiteAdvisor
Paper Bit9 survey found that nearly half of survey problematic. Persistence of data, such as
Advanced
SecuringThreat
VirtualLandscape:
Machines respondents believed their virtual servers were browser add-ons, history, cookies, bookmarks/
What Organizations Need to
Webinar more secure than physical ones. favorites, etc., can be particularly frustrating for
Know –Frost & Sullivan
Virtualization – Your Biggest the end user.
The theory: If one VM is compromised, other
Webinar
Security Gap
Detecting and Stopping VMs and the host system should remain VDI also presents questions of protecting local
Video
Advanced Attacks unaffected. You just power down and relaunch hard disks and connections to other databases.
Protecting Virtual Desktops
andeBook
Servers a new “clean” VM.
Duis autem vel eum iriure do- Other Virtual Attack Vectors
The reality: Most advanced attacks are
lor in he ndrerit in vulputate Other VM architecture components present
velit esse mol es ti. designed to avoid detection. And, even if you
potential attack vectors: virtual networks,
suspect and reboot, it is very likely too late (most
Advanced Threat live migration network traffic between VMs
Duis autem vel eum iriure do- damage is done within the first 15 minutes).
(typically unencrypted), and the hypervisor
lor in he ndrerit in vulputate Advanced Persistent Threats (APTs) will continue,
velit esse mol es ti consequat, console operating system itself.
vel illum dolore eu feu.
either by reusing the same method or via a
The very ease of creating VMs (VM “sprawl”)
package left behind elsewhere on your system.
exacerbates this challenge. Making sure
Virtual Desktops proliferating VMs are properly configured and
There are also some new real-world security patched, as well as decommissioned, can be an
challenges with Virtual Desktop Infrastructure IT nightmare.
(VDI).
Some VDI implementations deploy “backhauls,”
virtual private networks (VPNs) between virtual
desktops and provisioning servers in the
data center.
 Information Email
Hacking used
to be more of
a game. Now We are All Getting Smarter
it’s a business. about Security 12

Table of Contents Bottom line: IT/security pros know they need to know “every-
thing, everywhere” to protect themselves against advanced
attacks. Security tools must be integrated and automated to
keep the job of protecting enterprise systems manageable.
LEARN MORE

Survey
White Paper
IT/Security Pros are Aware of The majority believe that the implementation
AdvancedBit9
Threat
Cyber
Landscape:
Security the Danger of best practices and better security policies will
What Organizations
ResearchNeed
Report
to According to the results of a 2012 survey have the biggest impact on improving cyber
Know –Frost & Sullivan conducted by Bit9, IT and security professionals security against advanced threats.
Survey
Focus on Europe:Webinar
Bit9 Cyber are well aware of the changing nature of cyber
Security Research
Detecting Report
and Stopping attacks, how advanced attacks target their What IT/Security Believes
Advanced Attacks
infrastructure, and what they would like to see Nearly two-thirds feel their companies will be
eBook as the most effective strategies for protecting targeted by a cyber attack in the next six months.
Duis autem vel eum iriure do-
their organizations. Two-thirds feel the increase in attacks are real,
lor in he ndrerit in vulputate
velit esse mol es ti. not hype, due to growing numbers of hacktivists,
Advanced Threat cybercriminal groups and nation-states.
Duis autem vel eum iriure do-
More than half identified domain controllers
lor in he ndrerit in vulputate
velit esse mol es ti consequat, as their most important – and most vulnerable
vel illum dolore eu feu. Biggest Impact on Improving – assets.
the State of Cyber-Security?
But 60% are not confident that their current
security is highly effective in protecting them.
Best Practices and Better
58% Security Policies For those in retail and hospitality, endpoints
are most valuable and vulnerable – and only
26% feel confident that their current security
The Individual Employees
20% within an Organization is effective.

Security Industry Through

18% Better Technology

Government Regulation
7% and Law Enforcement

If Breached 96% of
Security and IT Professionals Agree
the Public Should be Notified
 Information Email
Hacking used
to be more of
a game. Now Governments
it’s a business. are Getting Involved 13

Table of Contents National Infrastructures on Point Being Compliant Doesn’t Mean

Like the private sector, federal organizations are You’re Secure
facing an increasing number of cyber threats Passing compliance audits is no guarantee you
stemming from the vulnerabilities introduced are secure, whether from internal breaches
by new technologies. More than ever, (unintentional or planned malfeasance) or
organizations are challenged to secure their external attacks, like an Advanced Persistent
critical infrastructures. Examples include: Threat (APT).
LEARN MORE •• U.S.: Cyber Information Sharing and Credit card payment processor Heartland
Threat
WhiteAdvisor
Paper Protection Act (CISPA) Payment Systems and retailer T.J. Maxx were
AdvancedContinuous
Threat Monitoring
Landscape: •• UK: National Cyber Security Strategy both breached while having demonstrated PCI
What Organizations Need to DSS compliance.
Threat Advisor •• Australia: Strategies to Mitigate Targeted
Know –Frost & Sullivan
The Convergence of
Cyber Intrusions Frequently, initiatives to meet and pass
Security and Compliance
Webinar
Detecting and Stopping compliance audits are crafted and maintained
White Paper In the U.S., FISMA regulations and NIST Special
Advanced Attacks by teams separate from enterprise security.
Twenty Critical Security Publications have laid out a new paradigm
eBook
Controls for Effective for federal security controls—one based on You may have installed encryption software and
Duis autem vel Cyber Defense
eum iriure do- simple access controls to help satisfy PCI DSS
risk and continuous monitoring and further
lor in he ndrerit in vulputate
Webinar automation of security controls. But the true requirements in the U.S. But today’s advanced
velit esse mol es ti.
Streamline Risk Management attacks are designed to work around these
goal of these new regulations is for real-time (or
Advanced
with the SANS 20Threat
Critical
Duis autem velSecurity Control
eum iriure do- near-real-time) risk mitigation. defenses – knowledge that those designing
lor in he ndrerit in vulputate compliance strategies may not possess and, in
velit esse mol es ti consequat, EU Directive the long run, may not be held accountable for.
vel illum dolore eu feu. The EU executive will release a draft directive on The two realms need to better coordinate.
cyber security in 2013 proposing the creation
of a cooperation mechanism to prevent and
counter cross-border cyber incidents and a
minimum standard of cyber preparedness at the
national level.
The European Cybercrime Centre will be run
out of Europol’s headquarters, tasked with
coordinating national cybercrime authorities
and training national cyber-security experts.
Read more. »
 Information Email
Hacking used
to be more of
a game. Now Older Security Models:
it’s a business. Too Little, Too Late 14

Table of Contents Antivirus Software and HIPS It’s the right idea, but older whitelisting
According to the Ponemon Institute, 77% of solutions have had significant problems:
respondents believe that criminal activities have •• Not sufficiently fine-tuned – just a specific list
evaded their firewalls, 67% their antivirus and of files, often blocking allowable functionality
anti-malware controls, and 60% their intrusion
•• The scale of some of these technologies has
detection and prevention systems.*
fallen short of enterprise demands
Advanced attacks are typically highly
•• Cumbersome in the ways they implement
LEARN MORE customized and unlikely to appear on the
policy

Video White Paper “blacklists” of known threats on which antivirus
Advanced
Bit9’s Trust-Based
Threat Landscape:
Solution (AV) software depends. This last issue is especially key. A solution that
WhatProtects
Organizations
RetailersNeed
Where
to takes more, rather than less, security and IT staff
Know –Frost
Antivirus
& Sullivan
Fails And, like AV, Host Intrusion Prevention Systems time is not moving in the right direction when it
(HIPS) rely on blacklists and are scan-based
Webinar
eBook comes to defending against advanced attacks.
Detecting and Stopping (versus continuous), with no sensor to analyze
Advanced Attacks systems in real time. Trust-based Security: A Proactive
WhiteeBook
Paper As a result, detection is typically too late: Model for Real-Time Protection
Duis
Realistic
autemSecurity,
vel eum Realistically
iriure do- 70-80% of organizations learn of infiltration Forward-leaning trust-based models move
lor in he ndrerit
Deployed:
in vulputate
Today’s beyond the limitations of older blacklist and
Application
velit esse
Control
mol esand
ti. from outside authorities, partners or, worse,
customers, long after they have been whitelist solutions, outperforming them in four
Whitelisting
Advanced Threat key areas:
Duis autem vel eum iriure do- compromised.
lor in he ndrerit in vulputate And what you do learn from reactive models is
•• Visibility that allows you to know what’s
velit esse mol es ti consequat,
too little to help track down all the components running on every computer, without
vel illum dolore eu feu. scanning or polling
of malware or help in anticipating future attacks.
•• Real-time detection of advanced threats and
Older “Whitelisting” Technology zero-day attacks
In the past, “whitelisting” application control
•• Protection that stops all untrusted software
tools tried to solve the “too little, too late”
from executing – not based on a static list but
problems of the reactive model by recognizing
on dynamic, real-time indicators
legitimate functionality and excluding
everything else. •• Forensics, with a full audit trail that
accelerates analysis and response

*Proactive Threat Management Identified as Top Need in Ponemon Institute Research Report
 Information Email
Hacking used
to be more of
a game. Now Building a Trust-based
it’s a business. Security Framework 15

Table of Contents Visibility: Know What’s Running on Forensics: Full Audit Trail Accelerates
Every Computer – Right Now Analysis and Response
A proactive security posture gives you full When you suspect you have a threat incident,
visibility into files, executions and critical system you need to analyze, scope, contain and
resources on every machine. remediate the problem.
Only continuous monitoring can identify The same continuous monitoring that gives you
suspicious activity across endpoints, servers visibility into what’s happening in real time also
LEARN MORE and fixed-function devices – right now, not allows you to “go back in time” when needed.
White Paper after the fact. This helps you see what happened in the past,
Realistic
Advanced Security,
Threat Realistically
Landscape:
Detection: Real-Time Protection understand what is happening right now,
What Organizations
Deployed: Need
Today’s
to
Application
Know –Frost Control
& Sullivan
and against Advanced Threats and isolate untrusted software, and determine the
Whitelisting Zero-Day Attacks trust rating for any file.
Webinar
White
Detecting Paper
and Stopping Blacklisting and signature-based detection
Advanced Against
Advanced Protection Attacks
Does Your Security Posture:
tools have no awareness of unique, ✓✓Identify and investigate threats missed by
Advanced Threats: Trust is
eBook customized attacks.
Your Best Defense
Duis autem vel eum iriure do-
other security tools?
lor in he ndrerit in vulputate A trust-based security model detects when ✓✓Provide actionable events that increase
velit esse mol es ti. untrusted software arrives and attempts analyst efficiency and shorten response time?
Advanced Threat to execute.
✓✓Leverage external network intelligence
Duis autem vel eum iriure do-
Other suspicious or unauthorized behavior and enrichment to gain insight into an
lor in he ndrerit in vulputate
velit esse mol es ti consequat, is also detected in real-time: unauthorized attack’s nature?
vel illum dolore eu feu. memory access or changes to registries,
✓✓Establish the capability to rapidly modify
processes or user sessions and/or OS/
or adjust security control configuration to
application tampering.
gain insight?
Protection: Stop All Untrusted ✓✓Deploy a cyber-analytics portal that uses
Software from Executing timely access to security and infrastructure
Proactive trust-based security solutions enable log data?
you to define the software that you trust to run. ✓✓Offset the “carbon (human) layer” of the
Everything else is denied by default. It’s the enterprise’s security model?
only way to stop targeted, customized attacks ✓✓Stop the lateral movement of an attacker
that are unique to your organization. once inside the organization?
✓✓Deter the widest spectrum of malware-
based attacks?
 Information Email
Hacking used
to be more of
a game. Now Better Security,
it’s a business. Less Administrative Effort 16

Table of Contents Trust-based Security Protects Engineering co-ops would then review the SOI,
your Bottom Line and, if required, a member of the IS team was
What if you were able to improve the brought in, and a threat assessment team of
performance of your security environment to three got involved.
better prepare and protect your organization If the malware had successfully gained
against advanced threats, reduce audit costs, command and control of a system, a one- to
and minimize unplanned work? three-person forensics team was brought in.
LEARN MORE Reduced Downtime for End Users None of this staff cost (up to eight people)

Worksheet
White Paper With a reactive security model requiring would be incurred if executables are stopped
Advanced
Getting (and
Threat
Staying)
Landscape:
Ahead of frequent updates, the work of line-of-business before they run – to say nothing of the ultimate
Advanced
What Organizations
Threats: A Need
Workbook
to
(LOB) end users can be stopped completely cost of the successful attack!
for Assessing
Know –Frost
Your& Advanced
Sullivan
Threat Protection Posture when security detects an advanced threat or
Webinar Integration with Network Security
DetectingWhite Paper
and Stopping
is encumbered by the overhead of security
software and policies. Solutions
Removing the Advanced
EndpointAttacks
Blind
Spot: Augmenting
A trust-based security framework can also help
eBook Better Use of IT and Ops Talent leverage your investment in network security
SIEM Filters with Trust and
Duis autem vel eum iriure do-
Threat Indicators
lor in he ndrerit in vulputate How much time (and cost) does your current solutions which send out alerts on suspicious
velit esse mol es ti. security model require in IT and operations staff files entering the network.
Advanced Threat responding to outages or reimaging systems Rather than staff having to research each one,
Duis autem vel eum iriure do- when they are corrupted? a trust-based system automatically filters out
lor in he ndrerit in vulputate
In a proactive model where only trusted nonactionable events, prioritizing those that are
velit esse mol es ti consequat,
vel illum dolore eu feu. software is allowed to run, you recapture time high impact for rapid incidence response.
previously spent on security patching, incident Real-time endpoint sensors tell you every
response, reimaging systems, and maintaining place malware may have landed. Based on
AV software. analysis of recorded information on previous
activity, malware can be automatically banned,
Increasing Security Staff Effectiveness
updating security policies.
You may have invested in a Security
Information and Event Management (SIEM) The integration should work the other way as
system to help security staff identify, mitigate well: suspicious files detected off network (e.g.,
and track incidents. via USB) are sent for detonation and analysis by
network security solutions.
The economics of playing catch-up working in
a reactive security model are not encouraging.
Prior to using a trust-based security platform,
one company was seeing between 10 and 20
systems of interest (SOI) a day, each of which
was routed to the Information Security (IS) team
by email.
 Information Email
Hacking used
to be more of
a game. Now Bit9: Trust-based
it’s a business. and Proactive 17

Table of Contents The Bit9 Security Platform The result is real-time detection without
having to test and update data files or wait for
Four essential capabilities are applied in
signature file updates.
concert, and an enterprise’s application
infrastructure is strengthened and able to 3. Protection
safeguard itself against the harmful effects of Bit9’s proactive, trust-based security solution
today’s advanced threats. enables you to define the software you trust to
The Bit9 Security Platform also integrates run in your organization.
LEARN MORE with network security solutions and the Everything else is denied by default. As a
White Paper SIEMs filter and prioritizes suspicious result, advanced threats and other forms of
Advanced
Advanced Protection
Threat Landscape:
Against activity with the highest impact on malware are stopped in their tracks – including
What
Advanced
Organizations
Threats:Need
Trustto
Is
systems. targeted, customized attacks that are unique
KnowYour
–Frost
Best&Defense
Sullivan
to your organization.
Data
Webinar
Sheet 1. Visibility
Detecting
Bit9 Security
and Stopping
Platform From a single console, Bit9 provides immediate 4. Forensics
Advanced Attacks When you suspect you have a threat incident,
visibility into the files, executions and critical
eBook system resources on every machine protected – Bit9 provides the information you need to
Duis autem vel eum iriure do- no scanning or polling required. analyze, scope, contain and remediate the
lor in he ndrerit in vulputate
problem.
velit esse mol es ti. This visibility ensures that you know what has
Advanced Threat arrived and executed on every system in your You can “go back in time” to see what happened
Duis autem vel eum iriure do- company. in the past, understand what is happening right
lor in he ndrerit in vulputate now, isolate untrusted software, and determine
velit esse mol es ti consequat, 2. Detection the trust rating for any file.
vel illum dolore eu feu. Bit9’s trust-based approach combines real-
time sensors, Advanced Threat Indicators
(ATIs), and the Bit9 Software Reputation
Service to proactively detect advanced
threats and malware.
Information Email

About Bit9 18

Bit9 is the Leader in Trust-based Security

The Bit9 Trust-based Security Platform continuously monitors and records all activity on servers and
endpoints to detect and stop cyber threats that evade traditional security defenses. A cloud-based
software reputation service, combined with policy-driven application control and whitelisting,
provides the most reliable form of security in a model that can be rapidly implemented with less
maintenance than traditional tools.

The Bit9 5-Day Free Trial

The Bit9 5-Day Free Trial is designed for IT security and forensics professionals interested in closing
the endpoint security gap left open by traditional, reactive security solutions. This cloud-based trial is a
complete working deployment of the Bit9 security platform which includes the industry’s leading
trust-based application control and whitelisting solution. Sign up today at www.bit9.com/freetrial.

Follow us online: