08.17.2009 – Waltham, MA – Bit9, Inc., the pioneer and leader in Enterprise Application Whitelisting, today announced Bit9 Parity for Government, an application and change control solution that offers tailored support for federal, state and local government needs. The new solution helps agencies ensure FISMA compliance and automates security controls as recommended by the Consensus Audit Guidelines (CAG), a joint initiative developed by defense experts from federal agencies and the SANS Institute.

The CAG list is a set of 20 security controls effective in blocking the most serious real-world threats. For each control, information is presented as to what attacks can be prevented and best practices for proper implementation. The CAG list was originally developed to address the new FISMA (U.S. ICE Act of 2009) that requires federal agencies to monitor, detect, analyze, protect, report and respond against known vulnerabilities, attacks and exploitations.

“Classic personal firewall and antivirus solutions are proving they are not enough in the fight against malware. These older technologies are being replaced with endpoint protection using whitelisting techniques to help organizations with security, performance and to reduce IT security related costs,” said Stephen Northcutt, president of SANS Technology Institute. “Whitelisting is more than an endpoint security play; it also provides compliance and operational configuration management benefits with its ability to stop the installation of unauthorized software.”

The latest version of Bit9 Parity for Government automates and makes compliance easier by monitoring, detecting, analyzing and protecting against both known and unknown vulnerabilities. Bit9 helps government agencies achieve, maintain and prove compliance with continuous auditing that detects any undesirable application, device and configuration changes and provides a real time live inventory of “all software, all the time” on endpoints.

The adoption of application whitelisting is rapidly increasing in the government sector and has become a priority since the CAG list specifically recommended application whitelisting as a critical control for addressing today’s advanced persistent cyber threats.

Bit9 helps government agencies and contractors meet compliance in all three of the categories – assessment, enforcement and compliance. Bit9 provides visibility into what applications are running on a government organization’s endpoints (PCs, laptops, servers) and enforces the use of authorized applications, preventing the installation or execution of unauthorized applications and the use of unauthorized portable storage devices. These controls minimize the risk of malicious, illegal and unauthorized software that can create vulnerabilities and enable stealth targeted attacks.

Core features of Bit9 Parity for Government include:

• Total software inventory for endpoints that classifies software as authorized or unauthorized; software auditing to prove compliance

• Application whitelisting to ensure only authorized software is allowed to run

• Total device inventory and control to ensure only approved storage devices are used for data loss prevention

• “Bulk ban” capability to mass ban applications based on cryptographic hash

• Configuration assessments that determine whether systems comply with internal and external policies

• Change detection and reporting that monitors systems to ensure they remain in a known and trusted state

• Access to the Bit9 Trust Rating on any new software found in your environment, delivered through the Bit9 Global Software Registry™, the largest repository of software intelligence in the industry

“Government agencies around the world are faced with the same challenges of protecting highly sensitive data from internal and external threats and ensuring compliance with a myriad of regulatory concerns,” said Tom Murphy, chief strategy officer at Bit9. “Coming on the heels of the CAG endorsement of whitelisting, Bit9 Parity for Government is well timed to provide our government customers with a whitelisting solution that can help them protect their systems while ensuring adherence to the emerging government security standards.”

About Bit9, Inc.
Bit9 is the pioneer and leader in enterprise application whitelisting. The company’s application control, security and integrity solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry™ — the world’s largest database of software intelligence – to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, including government, retail, financial services, healthcare, e-commerce and telecommunications. Founded in 2002, Bit9 is privately held and based in Waltham, Massachusetts. For more information, visit http://www.bit9.com or call +1 617.393.7400.