NetWitness Corp. is debuting its new Spectrum automated malware analysis tool, which adds malicious code analysis capabilities to the company's NextGen network capturing appliances.
Eddie Schwartz, chief security officer of the company, said the new platform, combined with NextGen, makes network capturing more proactive rather than a tool used by forensics investigators.
"Nobody is ever going to stop all inbound attacks, but as things cross the wire you can get closer to a better set of analytics that combines the various dynamics that are out there," Schwartz said. "The dynamics that are unique to your IT environment, unique to technologies you use and unique to the way your users behave and the dynamics of the threat environment."
Schwartz said the new platform could help differentiate NetWitness from its chief competitors, Solera Networks and NIKSUN. Spectrum automates malware analysis, checking new malware found on the company network and scoring it to prioritize risks. The platform can perform static analysis against suspicious objects it finds on the network and determine whether those objects contain malicious code. New malware detected on the network is checked against NetWitness' own malware analysis data and feeds from the SANS Internet Storm Center, SRI International, the Department of the Treasury and VeriSign. The appliances can also push data into major security, information and event management (SIEM) appliances.
Schwartz said the goal is to prioritize remediation and make the process more efficient. In this edition of Security Wire Weekly, Schwartz talks about targeted malware in the wake of the Stuxnet Trojan and explains why blocking all inbound attacks is impossible.
You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:
Security Wire Weekly: Eddie Schwartz, CSO of NetWitness Corp.
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As