Bit9: A lack of insight into endpoint threats requires greater intelligence for users

News by Dan Raywood

Users are blind to threats that occur on the endpoint and require intelligence to understand the threat, according to Bit9.

Users are blind to threats that occur on the endpoint and require intelligence to understand the threat, according to Bit9.

Speaking to SC Magazine, Patrick Morley, president and CEO of Bit9, said that the company's expansion into threat detection and partnerships and technology connectors with FireEye and Palo Alto Networks have been driven by user demands of the technology.

He said: “Our users say that how they are using the technology and communications is that they need file intelligence and executable content for response. If something happens you have log management to tell you about it, but if something goes down, how do you know what happened?

“The incident response person goes in and takes what happened apart and on the network can tell what happened on the machine. On the endpoint and servers though, you are really blind and our users say that their requirements are that they need the intelligence to put it together.”

Bit9 announced the launch of advanced threat indicator technologies in March, and a number of new partnerships in May. Morley explained that these connectors look at malware behaviours so malware can be seen on the network, and intelligence is combined to tell the user what the point of entry was on the endpoint.

“You can see where it came in and on what endpoint, what it did and what it left and ban it automatically on the fly and, using the connectors, send it back to FireEye and Palo Alto Networks for execution,” he said.

“The coverage of advanced malware is much higher than a year ago. In my opinion this because of three areas: market awareness; concern among users and CISOs about what is going on; and the fact that the UK government are bringing cyber security to the forefront.”

Morley continued: “With whitelisting, you only allow software that you trust but all data is collected in real-time, so you put in a central database and use it to detect incidents.

“You can spend a few hours reviewing what happened, or 20-30 hours recreating what happened and trying to understand the point of entry."

Bit9 this week announced a number of new channel partners, following the doubling of its EMEA team and increased users in the region. In the last year the company has grown its customer base by 50 per cent since its UK launch.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews