1. ©2013 Bit9. All Rights Reserved Next-Generation Endpoint and Server Security Real-time monitoring and protection for endpoints and servers

2. Acceleration of Intellectual Property Loss: Significant Breaches of 2012 Jan Feb Mar Apr May Jun July Aug Sept Oct Jan Feb Mar Apr May Jun July Aug Sept Oct Nov

3. NY Times article – posted 2/20/2013

4. Attackers are shifting to delivering UNKNOWN Malware via FTP and Web Pages (Threatpost.com March 27, 2013 by Christopher Brook) Palo Alto Networks put out a study recently finding: Attackers have shifted from email exploits to web-based exploits Web pages load instantly and can be tweaked on the fly versus waiting for email attack to work 94% of undetected malware came from web-browsers or web proxies 95% of the FTP based exploits were never detected by anti-virus 97% used non-standard ports to infect systems Palo Alto recommends the following: Investigate unknown traffic Restrict rights to DNS domains Real-time detection and blocking More fully deployed antimalware technology

5. Have Hackers invented something earth shattering? USA Today on 3/27/13 by Geoff Collins Hacking is incredibly easy. Survey data consistently shows that 80 to 90 percent of successful breaches of corporate networks required only the most basic techniques. Hacking tools are easily acquired from the Internet, including tools that "crack" passwords in minutes. But consider this: a vast majority of hacks are stunningly simple to deflect with 4 simple steps president of product management at 1E

6. So what ARE the four simple measures? First is "Application white-listing," which allows only authorized software to run on a computer or network. Second is very rapid patching of Operating Systems. Third is very rapid patching of software The fourth is minimizing the number of people on a network who have "administrator" privileges Can also limit which applications can be installed

7. Java Problems

8. LaptopsResults Let’s summarize the threat scape……. Have the #1 and #2 most vulnerable applications running Java Adobe Access networks and servers Leave the perimeter regularly with no control of usage Use a security tool that looks for known bad and is minimally effective Threat of stolen IP Credentials taken Servers brought off line Websites hacked and altered Malware keeps “coming back” Significant time & money spent on forensics Reimaging of machines due to malware Loss of productivity Brand tarnishing

9. IPS/IDS Off-network Rogue employees USB devices Hacking Connected to mobile phone Fixed-Function Virtual/Physical Servers Anti Virus Next-Gen Firewall Network Monitoring SIEM Network Analytics Virtual Detonation Challenge: Malware Gets on Endpoints and Servers Phishing Web drive by Zero-day Watering holes Memory Malware gets on machines “…it’s clear that blacklist-based antivirus is fighting a losing battle…” Forrester Research Sept 2012 “…it’s clear that blacklist-based antivirus is fighting a losing battle…” Forrester Research Sept 2012 Endpoint and Server Security Network Security 400M+ Variants Desktops & Laptops Windows & Mac Anti Virus

10. Desktops & Laptops Fixed-Function Virtual/Physical Servers Real-time sensor and recorder  Actionable Intelligence for every endpoint and server  Every executable and critical system resource  Results in days or weeks  Low user, admin, and system impact 1 2 Real-time enforcement engine  Ban software  Allow only software you trust to run  Highest level of endpoint/server security  Implement as quickly as desired Next-Generation Endpoint and Server Security Bit9 Solution Bit9: Next-Generation Endpoint and Server Security Visibility Detection Protection Forensics

11. Customer Actions Customer Benefits Bit9 Time to Results: Rapid with Low User/Admin Impact Know what’s running on every computer right now Days Visibility Deploy Bit9 Sensor/Recorder on Endpoints & Servers 1 1 Detect advanced threats in real-time without signatures Detection “Immediate” Turn on Bit9 Advanced Threat Indicators 2 2 Recorded details about what’s happened on every endpoint/server Forensics “Immediate” Prioritize and Investigate Alerts 3 3 Stop all untrusted software from executing As quickly as desired Protection Define and Apply Trust Policies 4 4 Time to Results

12. Transfer alerts Submit files automatically Submit files on-demand Incoming files on network “Detonate” files for analysis Next-Generation Network Security Prioritize network alerts Investigate scope of the threat Remediate endpoints and servers Next-Generation Endpoint and Server Security Correlate endpoint/server and network data Automatic analysis of all suspicious files On-demand analysis of suspicious files Endpoint and server files How Network Security Enhances Endpoint Security The industry’s first and only network connector

13. Customer Projects Bit9 Can Help With ProjectsResolution Advanced threat protection projects Bit9 can stop zero-day attacks and advanced threats Windows 7/8 roll out Bit9 reduces reimaging costs Removing admin rights Bit9 increases security without impeding users Virtualization Bit9 will secure your VDI, virtual servers, or terminal services FIM for Servers Bit9 ensure no one is tampering with your servers Compliance Bit9 reduce the operational and cost burden of AV and still be compliant Incident Response Bit9 can we accelerate your investigation, forensics, and remediation

14. Real-Time Security Large Chemical Company Bit9 on 60,000 endpoints and servers Before Bit9: Suspected infections but slow to confirm After Bit9: Immediately found Advanced threat on executive’s PC Executable disguised as PDF Bit9 confirmed malware was only on one machine Customer removed malware and remediated threat CHEMICAL PROVIDERS 1 of the Top 10

15. Visibility Large Oil Manufacturer Company Bit9 on 10,000 endpoints and servers Before Bit9: Unknown existing malware FireEye Customer After Bit9: They integrated Bit9 w/FireEye and found a piece of malware from a FE alert on 3 machines. With deeper inspection they saw that that malware had dropped another executable and that malware was on 15 machines. FE never saw that malware because it didn’t come through the network. All this happened very quickly due to the real time visibility.

16. What Makes Bit9 Unique? Next-Generation Endpoint and Server Security One agent for visibility, detection, forensics, protection Real-time monitoring and recording of endpoints and servers On- and off-network protection Proven reliability and scalability Bit9 DB Cross-platform support Real-time integration with network security On- and off-network protection Lowest impact on systems, admins and users Actionable Intelligence for every endpoint and server Remote and disconnected users Most deployments (1,000) Windows certified Largest scalability Windows and Mac Faster incident response and remediation

17. ControlsPCISOXNERC CIPHIPAAFISMA Protect Sensitive /Critical Data Protect CC Data Protect Log Files Protect Critical Endpoints Protect PII Protect Log Files Control File Assets FIM Secure Infrastructure – Utilize Anti-Malware AV on Endpoints and Servers AV on Servers AV on Endpoints and Servers AV on Servers Asset Analysis – Threat and Trust Measure Compliance Risk Vulnerability Detection and Ranking Malicious intent and Malware Detection Risk Reporting and Assessment Risk Reporting Vulnerability Assessment Security Policy Enforcement and Audit Security Policy and Awareness Log and Records Audit and Review Critical Control and DR Plan Review Security Awareness and Data Privacy Training Logging and Authorized Access Tracking Bit9 Satisfies Many of Your Compliance Needs