News Releases3 min read

Bit9 First IT Security Company to Report that it Stopped Flame Attack in a Customer Network

Bit9 application control and allowlisting succeeds where 43 traditional AV and security tools fail

06.05.12 – Waltham, Mass.Bit9, the global leader in advanced threat protection, today reports that it has successfully stopped an eight-month persistent attack against one of its customers by “Flame” – malware that many experts believe is the most sophisticated cyber weapon ever unleashed. The Flame malware attacked a Bit9 customer with operations in the Middle East. The attack began in the fall of 2011 and stretched into spring 2012. During that eight-month period, the Bit9 customer was consistently attacked by Flame but Bit9 stopped the malware from executing on any of the customer’s servers, laptops or PCs.

Bit9 is the first IT security company to report that its cyber security technology successfully stopped the Flame malware attack. Already numerous antivirus companies have gone on record stating that their customers were compromised by Flame. Bit9’s CTO Harry Sverdlove explains the Flame attack in detail and outlines what organizations need to be concerned about in an upcoming webcast – The Future of Cyber Espionage: Don’t Get Burned by Flame and other Advanced Persistent Threats, on June 26.

At nearly 20MB in total size (40 times the size of Stuxnet, a 2010 malware attack that effectively shut down an Iranian nuclear facility), Flame unleashed the most comprehensive payload ever detected within a malware package on several Middle Eastern endpoints and servers. The CERT team from Iran released a report stating that the malware bypassed 43 different antivirus, HIPS and detection/prevention solutions.

“Flame, like all malware, exploits vulnerabilities in enterprise systems, processes and people, and a broad and highly experienced talent pool with varied motivations is at work producing powerful targeted malware,” stated John Pescatore, vice president, distinguished analyst with Gartner in a recent report*. “Use ‘allowlisting’ approaches for critical servers whenever possible” he added in the recommendations portion of the report.

With antivirus solutions relying on denylists that hand pick “known bad” malware, products from Symantec, McAfee and others were incapable of protecting against Flame, which remained unknown and off antivirus denylists for 2-5 years. The Bit9 trust-based application control and allowlisting solution only allows “known good” applications to execute, thereby preventing additional – and potentially malicious – applications like Flame from running.

“Flame avoided traditional malware detection techniques for years, but we stopped it from doing damage,” said Harry Sverdlove, chief technology officer at Bit9. “Eight months ago, one of Bit9’s customers was hit with the Flame attack before anyone even understood it or gave it a name, and Bit9 was able to detect that it was not an approved software application in our customer’s environment and stop it from executing.”

About Bit9

Bit9, the global leader in Advanced Threat Protection and Endpoint Security, protects the world’s intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats. The world’s leading brands rely on Bit9’s award-winning Advanced Threat Protection Platform for endpoint protection and windows server security.

Bit9 stops advanced persistent threats by combining real-time sensors, cloud-based software reputation services, continuous monitoring and trust-based application control and allowlisting—eliminating the risk caused by malicious, illegal and unauthorized software. Bit9 also offers domain controller solutions to protect against modern cyber threats.

The company’s global customers come from a wide variety of industries, including e-commerce, financial services, government, healthcare, retail, technology and utilities. Bit9 was founded on a prestigious United States federal research grant from the National Institute of Standards and Technology – Advanced Technology Program (NIST ATP) to conduct the research that is now at the core of the company’s solutions.

Bit9 is privately held and based in Waltham, Mass. For more information, visit our website, follow us on Twitter, Facebook, Google+, read the Blog, or call +1 617-393-7400.

Focus on the How, Not the Who, of Advanced Targeted Threats Like Flame, 30 May 2012, by John Pescatore, vice president and distinguished analyst, Gartner. Research ID# G00235838