Bit9 Parity Suite V6.0.2
Strengths: Drift reporting and dashboarding.
Weaknesses: Not a lot of out-of-the-box templates for policy or reports.
Verdict: A great complement to existing firewall and anti-virus endpoint solutions. The drift reporting capability is worth the investment alone.
Bit9 Parity is a policy-driven whitelisting solution for managing the applications and devices that can run on Windows computers. Parity provides the ability to track the propagation of software in an environment, generate audit trails of portable storage activity and control the software and devices used on computers, including blocking modern malware, targeted attacks, installation of unauthorized software and execution of files from unauthorized devices.
Parity Server Software installs on Windows Server 2003 Standard or later. Admins need to have IIS (Internet Information Services) and .NET installed on the server and have SQL Server on the server or remote prior to loading the application. SQL Server 2005/2005 Express and SQL Server 2005/2008 are supported. The install was wizard driven and very straightforward. We were up and running in under 15 minutes. Once installed, the server console is accessed via any web browser.
Parity uses an agent-based approach for client management. Client stations download the agent from the server. Computers aren't imported, they are discovered once the client is loaded. Although computers aren't discovered via Active Directory (AD), they can be mapped to Parity policies via AD policies. Once installed, admins can gather a file inventory from the endpoints. Bit9 Parity provides continuous monitoring of all software and portable storage devices running on each endpoint. It provides an in-the-cloud, software-reputation service that assigns a trust rating to all software to identify computers at risk with embedded malware. As well, it provides policy-based controls that ensure only trusted software, portable storage devices and configuration changes are made to the endpoint.
The package includes application control and whitelisting, device control, file integrity monitoring, registry protection, memory protection, operating system integrity protection, trust-based software reputation and cloud-based policies. After endpoints are under Parity control, admins approve new applications or patches using the approval methods that best suit the organization's software rollout procedures. Parity features several automatic approval methods (trusted directories, approved publishers, trusted users and enabled updaters) that make it simple to approve new software without having to do it file by file.
The user interface is easy to navigate. The homepage is dashboard driven and users have a lot of flexibility in customizing the portlets. Admins can display any of the Parity summary information or even link a portlet to an outside URL for additional data. Customers have a few policy templates and can use those to customize more. Reporting was light, but again, clients can add what they want. There was one feature that we found particularly useful: a baseline drift report.
Standard support is offered between 8 a.m and 8 p.m., Monday through Friday, and is available at 20 percent of sale price, while 24/7 support can be purchased for 25 percent of the sales price. The documentation is well done and simple to follow. Alerting is available for configured trigger events via email, the real-time dashboards and an alert banner page.