Migrating from CSA Protection to Bit9 Protection

Priveon Recommends Bit9 Parity Application Whitelisting Solution as Replacement for CSA

Cisco has announced the end-of-sale and end-of life for the Cisco Security Agent. This leaves customers with a decision to make on how to replace that functionality. Priveon, as the leading implementer of the CSA product, has analyzed many of the software options available on the market today that could replace the Day Zero capabilities for customers and has made a decision regarding our next generation replacement: Application Whitelisting with Bit9 Parity.

Replacement Product Selection Criteria

Priveon looked at various potential products as replacement options for the Cisco Security Agent (CSA) and determined that Bit9’s approach at Application Whitelisting was by far the best solution available to prevent Day Zero and Known Attacks. We were determined to find a solution that: provided unparalleled attack prevention, allowed your computing environment to remain protected during the transition, would not require much (if any) end-user training, did not required a sharp technical learning curve for your support staff, and was manageable via an intuitive configuration and reporting interface. To accomplish this, Priveon used the following main criteria:

Prevent Day0 Attacks

  • Application Whitelisting stops Day0 (and known attacks) by preventing new/untrusted executables from running on the protected system.
  • Bit9 Whitelisting accomplishes this by performing multiple hash algorithms (MD5, SHA-1, SHA-256) on the new file and comparing that hash to the local hash table of approved hashes.
  • Using Bit9’s intuitive methodology, this is both extremely manageable and far less a burden to manage than CSA’s complex policy structure.

Easier to implement than CSA

  • You deploy the Bit9 Parity agent just as you did with the CSA product BUT policy/grouping can be linked directly to active directory, which vastly speeds implementation.
  • This makes targeting systems and users with the correct policy an easy task.

Easier to manage than CSA

  • Whitelisting, a vastly simplified and effective mechanism for preventing Day0, dramatically reduces the product learning curve required by CSA administrative staff.
  • Bit9 provides access natively to their cloud service know as the Parity Knowledge Database. This allows administrators to get expert real-time information about a file and whether it should be trusted or not based upon numerous AV/anti-malware scans and other criteria.
  • Your staff can react to events in the Bit9 console much more quickly and are provided the information they need to make the best decisions possible. You no longer have to be a forensic expert to tune your endpoint protection solution.

Management Interface

  • A simplified protective mechanism also simplifies the moving parts required to manage the product.
  • The Bit9 Parity dashboard and console is also a dramatic improvement from CSA management. The data you need is at your fingertips.
  • Real-time information of systems that are most problematic and real-time inventory of system applications is readily available.
  • You can quickly view systems that have drifted from the standard image and accepted configuration to isolate users and systems that are most likely to cause your organization harm.

Easy to migrate from CSA

  • Priveon has developed a migration strategy that includes running parallel products if required/desired until completed migration occurs without loss of security during the process.

Support staff must be able to understand the technology, architecture, deployment and management quickly/easily

  • The architecture (from the agent, through the management console and database) is very similar to CSA and will be easily understood by current CSA customers and support staff.

End-users must not require much if any re-training after migration

  • The agent can be completely silent in either monitor or prevent mode if desired.
  • Parity also supports a mechanism very similar to CSA interactive mode (queries) where we can hand some of the security determination back to the end-user if desired or required.
  • This interaction is also extremely similar to the interaction CSA end-users have today and will not in most cases require anything other than extremely light retraining in the form of a simple email/screenshot.

 

Supporting Information:

What is Bit9 Parity and Application Whitelisting?

Priveon CSA Migration Services