BIT9 plugin

EXECUTIVE SUMMARY

Today’s attackers are after the data and intellectual property on the endpoints and servers. If we are only relying on traditional endpoint security, such as antivirus, or network security, we are putting our organization at risk. AV doesn’t see or stop targeted attacks, nor does it help us respond to an incident. And if an attack bypasses the network security, the endpoints will be compromised.

The Bit9 Security Platform is the industry’s most comprehensive endpoint threat protection solution and the world’s most widely deployed application whitelisting product. With a single agent, Bit9 continuously monitors and records all endpoint and server activity to prevent, detect and respond to cyber threats that evade traditional security defenses.

API- BASED INTEGRATION

The rich APIs of BIT9 deliver IT security and operations teams with an unmatched ability to both “pull in” capabilities from other security solutions and threat intelligence sources as well as expose and “push out” the data captured by Bit9and its full feature set to third-party or homegrown security products. This delivers an unparalleled ability to build on top of Bit9 for best-of-breed prevention, detection and response capabilities that are specifically tailored for an organisation.

As part of this feature, Benison developed a plugin that integrates BIT9’s APIs to a third party security product. Due to ever increasing types of malware, it is not possible to detect and prevent it from infecting a single or multiple systems in a network. Due to this BIT9 provides APIs through which third party vendors can register themselves and receive suspicious files. These third party vendors, will apply their intelligence on the file received from BIT9 and evaluate it for any Malware content and reply the results back to the BIT9 server. The plugin being developed as part of this feature will provide the missing link between BIT9 and a third party security product.

SOLUTION

In our plugin, we will be making use of BIT9 APIs –

  • To register a third party vendor to BIT9.
  • To receive files from BIT9 server. (1)
  • To send the result in the desired form back to BIT9 server. (4)

We will be making use of a third party security product’s APIs –

  • To send/upload the received file from BIT9 to malware detectionengine. (2)
  • To poll the malware detection engine and receive status of the file uploaded. (3)
CHALLENGES
  • Understanding of BIT9 and third party security product’s APIs.
  • Setting up the environment to test the plugin with malicious and non-malicious files.