Customers are demanding security that is "simple, reliable and effective, and easy to maintain," says Brian Hazzard, director of product management at Bit9 Inc. in Cambridge, Mass. Bit9's Parity offering deploys agents that monitor endpoint systems for a "gray list" of unknown software, which the agent can either block or just monitor, based on policies set at a central administrator.

Ease of use drove Omgeo LLC to Bit9, says Javed Ikbal, chief information security officer at Omgeo, which processes trades in stocks, bonds and other financial assets. He has deployed Bit9 on almost 1,000 machines, including endpoint devices, production servers and servers for quality assurance on new applications. "Any product that is behavior-based requires constant tuning and maintenance to be sure it's capturing what it should capture," he says. Bit9 allows Ikbal "to lock down machines without taking too much maintenance from the user."

Educate and convert

No security tool will work effectively without cooperation from users -- and that requires educating them about the need for some limits on what they can do. When Pearson installed the DeviceWall software at Woolpert, general manager Denise Reinert told employees why new regulations -- and the need to protect their customers -- made it so important for them to safeguard corporate data. "That created a platform to have a conversation," she says, "and when people got to talking about it, [they] became very aware of how much we were at risk."

At Omgeo, "very comprehensive user communication" has helped melt user opposition, says Ikbal. "When Bit9 throws up a message that says, 'You're not allowed to execute this [software],'" the program points the user to a help desk Web site as well as the phone number of a help desk staffer, he says. For a couple of weeks after Bit9 was deployed, the help desk got two to three calls per day, but that has since dropped to zero.