Bit9 Parity 4.1 Protects Windows Systems

This is where the real value of Bit9 comes into play. Based on extensive research, the company has created a hash value for tens of thousands of published applications. Parity 4.1 uses the hashed values of files found on individual systems to compare and identify applications in the production environment.

Parity also provides the ParityCenter (which is included in the subscription license and is provided with a 10 percent annual fee for perpetual customers). The ParityCenter reports back what it knows about the identified files—for example, the file publisher, if the file contains malware as identified by ParityCenter anti-virus and code analysis tools. Based on ParityCenter recommendations, I quickly approved most of the software found on my test systems.

Further, the Parity Server used information from ParityCenter to pass judgment on these files, such as using the new application categorization feature to call out peer-to-peer and other potentially problematic programs for easy identification.

I found that there is still a fair amount of judgment work left to administrators. Many of the VMware files used in my test network had not yet been vetted by ParityCenter. Bit9 is forming relationships with anti-malware vendors, which may speed the identification process for identifying circulating malware.

I easily integrated Parity 4.1 with the Active Directory infrastructure in use on my test network, which made short work of grouping end-user systems.

Once the Parity 4.1 system was initialized, I lived mostly in the “new files” section of the dashboard, checking out the newly found items reported by the Parity agents. This is a real timesaver for users accustomed to the previous version of Parity and greatly increased my confidence that I was making policy decisions based on the most up-to-date information about my user systems. 

eWEEK Labs Technical Director Cameron Sturdevant can be reached at csturdevant@eweek.com.