The Real Value of Bit9

 
 
By Cameron Sturdevant  |  Posted 2008-09-26 Print this article Print
 
 
 
 
 
 
 



This is where the real value of Bit9 comes into play. Based on extensive research, the company has created a hash value for tens of thousands of published applications. Parity 4.1 uses the hashed values of files found on individual systems to compare and identify applications in the production environment.

Parity also provides the ParityCenter (which is included in the subscription license and is provided with a 10 percent annual fee for perpetual customers). The ParityCenter reports back what it knows about the identified files-for example, the file publisher, if the file contains malware as identified by ParityCenter anti-virus and code analysis tools. Based on ParityCenter recommendations, I quickly approved most of the software found on my test systems.

Further, the Parity Server used information from ParityCenter to pass judgment on these files, such as using the new application categorization feature to call out peer-to-peer and other potentially problematic programs for easy identification.

I found that there is still a fair amount of judgment work left to administrators. Many of the VMware files used in my test network had not yet been vetted by ParityCenter. Bit9 is forming relationships with anti-malware vendors, which may speed the identification process for identifying circulating malware.

I easily integrated Parity 4.1 with the Active Directory infrastructure in use on my test network, which made short work of grouping end-user systems.

Once the Parity 4.1 system was initialized, I lived mostly in the "new files" section of the dashboard, checking out the newly found items reported by the Parity agents. This is a real timesaver for users accustomed to the previous version of Parity and greatly increased my confidence that I was making policy decisions based on the most up-to-date information about my user systems. 

eWEEK Labs Technical Director Cameron Sturdevant can be reached at csturdevant@eweek.com.

 




 
 
 
 
Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel