Bit9 Parity product review for endpoint security - Information Security Magazine

Bit9 Parity product review for endpoint security

ENDPOINT SECURITY


Bit9 Parity 3.5
REVIEWED BY GREG BALAZE

Bit9
Price: $35 per desktop

@exb

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.
@exe

Bit9's Parity 3.5 is designed to give you control over what users can do on company computers, and prevent executables from unauthorized or malicious apps from running on your desktops.


Configuration/ManagementB  
Bit9 Parity Server was easy to install and didn't have much to configure. A step-by-step screen walks you through setting everything from IP addresses and ports to selecting the creation of a self-signed or previously generated certificate. It automatically installs SQL Server 2005 and Apache Web Server, which is used for remote administration.

Small client agents for Windows XP/2000 (Vista is coming) are generated or updated automatically when a policy is created or modified for a group. The agents can also be downloaded off the Web, or distributed by application deployment software such as SMS. The agent and server communicate via a SSL tunnel.


Policy ControlB  
Policies are applied based on groups set up within Parity Server that specify the file types it will block. Security condition levels, set by group, determine what happens when a file violates policy--various combinations of allowing or prohibiting file execution with or without notification. For policy enforcement, you can identify executables by name, or hash the file. Although malware can use an altered name to pose as a legitimate app, Parity will report on renamed programs. We recommend using hashes, though this means additional administrative overhead before deploying software.

Programs can be authorized to run from trusted individuals, trusted directories or trusted deployment applications, eliminating the need to manually add to the policy for each software deployment.

Recognizing the problems posed by mobile workforces, Bit9 allows for different security conditions when attached to the local network, and when disconnected.


EffectivenessA  
Parity is effective at stopping programs from executing, as the agent goes through a lengthy process of inventorying the host workstation and reporting executable files to the Parity Server. This can take a while, especially in large enterprises with many clients.

Parity Server uses a combination of blacklisted applications and Bit9's signature database of known malware. The latter prevents the rapid spread of viruses and spyware from host to host by identifying the offending program and preventing its subsequent execution on other protected systems.

The Parity agent allowed executables to run according to policy, and quickly caught changes we made to a file. For example, we renamed Kazaa, a prohibited app, but still couldn't run it.


ReportingC  
Bit9 has some work to do to beef up reporting capabilities. While several canned reports give quick access to important information, the sparse main reports page gives limited statistics on important file activities. We were disappointed that there's no way to graph the statistics, which would be especially useful for trending reports. There's no syslog support, nor can reports be exported to another format.


Verdict
Bit9 Parity 3.5 does a good job of preventing unwanted programs from running, although we didn't see any new methodologies or technologies that make it stand out from established competitors.


Testing methodology: We installed Parity Server on a Windows 2003 SP1 machine to manage several fully patched XP and Windows 2000 VMware clients. We used a variety of applications, such as Skype, Kazaa and µTorrent, to test executable blocking.

This was first published in May 2007