Track and report security incidents

Threat Intelligence Cloud

Leverages next-generation threat detection and prevention via the following three key features:

1. Software Reputation Services – Provides highly accurate and up-to-date insight into known-good, known-bad, and unproven software installed on computers.
2. Advanced Threat Indicators – Monitor and examine many system facets, including files, registry, process, and memory execution to identify potential compromise or infection in real time. Also examine the recorded history of endpoint activity that Bit9 and Carbon Black maintain to “reach back in time” and retrospectively identify advanced threats and malware. ATIs are fully customizable to meet the specific needs of environments.
3. Attack Classifications – Uses intelligence feeds from third-party sources to help identify the type of malware and the likely threat actor group behind an attack. This enables security teams to better understand a specific attack in order to respond more quickly and effectively. This feature can also leverage an organization's internal intelligence feeds to enhance capabilities.

The Threat Intelligence Cloud provides incident response and forensics teams with invaluable knowledge and insight while responding to incidents.

External Analytics

Provides Syslog event output that can be analyzed and displayed by multiple different tools. This feature enables a Bit9 Server to be configured to send data to external data analytics tools. The external analytics integration feature provides another way to utilize the extensive data collected by the Bit9 Platform.

Logs for events, alerts, and meters

The Bit9 Security Platform collects extensive logs of events, alerts, and meters across files and devices throughout your organization. This data can be stored for as long as required.