Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

NetWitness Adds Automated Malware Analysis To Network Monitoring Platform

NetWitness has introduced an automated malware analysis module to its NextGen network security monitoring and analysis platform. Spectrum combines the platform's network capture/recording capabilities to obtain detailed information on suspect file activity and techniques that malware researchers commonly use in a "sandbox" environment. These capabilities include static analysis to reveal details such as packing, obfuscation, embedded Java scripts, etc., in order to examine the nature of the malware and its impact on the enterprise.

Spectrum also leverages public global information from the security community, including sources such as the Malware Domain List, ZeuSTracker and Shadowserver, as well as its own Live threat intelligence service. NetWitness uses additional analysis from several partners to be announced, and will enable enterprises to include their own data sources and third-party products and services that offer sandboxing, file integrity checking, security intelligence and malware detection capabilities to augment malware and threat analysis.

NetWitness says that the synthesis of network capture and analysis, threat intelligence and malware analysis gives organizations the information they need to understand the full extent of an attack and respond.

"All the results are served up and prioritized to security teams," says Eddie Schwartz, NetWitness CSO. "They also have all the context and content to do things like follow-up, damage assessment and understand potential second-, third- and fourth-stage infections they are facing based on the type of malware."

NetWitness is among several vendors, such as Packet Motion and Solera Networks, that are in what Forrester Research calls the network visibility and analysis (NAV) market. Forrester asserts that comprehensive knowledge of everything that is happening on enterprise networks is essential to good security practice because the "trust but verify" model is based on a flawed assumption. The better approach is to assume that no one is to be trusted and proceed accordingly.

  • 1