Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:18 AM
Dark Reading
Dark Reading
Products and Releases

NetWitness Rolls Out Automated Approach To Malware Analysis

NetWitness Spectrum assesses, scores, and prioritizes risks

HERNDON, VA – January 24, 2011 – NetWitness Corporation, creator of the enterprise standard in network monitoring announced the unveiling of NetWitness Spectrum at next month’s RSA Security Conference. NetWitness Spectrum is a revolutionary approach to automating malware analysis that replicates the knowledge, process, and workflow of world-class malware analysts to enable the identification of advanced and zero-day malware.

“Security leaders have chosen NetWitness because of the precision and rigor we bring to network monitoring. We give them transparency,” said Tim Belcher, Chief Technology Officer, NetWitness Corporation. “Previous products attempting to identify zero-day malware implement black box methodologies that rely on accurate threat intelligence to target a very limited sample pool to a singular form of malware analysis. Spectrum transparently delivers NetWitness’ pervasive real-time monitoring along with a diverse range of potent analytic methods.”

NetWitness Spectrum:

Mimics the techniques of leading malware analysts by asking thousands of questions about an object and all of its related network behavior, without requiring a signature or a known “bad” action.

Leverages NetWitness Live by fusing and triangulating information from leading threat intelligence and reputation services to assess, score, and prioritize risks.

Utilizes NetWitness NextGen’s pervasive network monitoring capability for full network visibility and extraction of all content – executable and metadata – across all protocols and applications.

Provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals, including a wealth of detailed supporting data, such as: intelligence fusion, sandboxing, correlation, and scoring options that are designed for diverse environments and rapidly evolving threats.

When combining these distinct analytic and scoring methods with the unique benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum provides an unmatched capability to detect and identify zero-day malware.

“With a detailed record of everything that has happened on the network, the analytic possibilities are vast,” said Joshua Corman, Research Director of Enterprise Security at The 451 Group. “As we stated six months ago, NetWitness’ appropriate focus on data re-use, extensibility, flexibility, and openness provides a unique opportunity to support security teams in their efforts to improve network visibility, close serious gaps and enable continuous process improvement. Like Visualize before it, Spectrum further taps into the latent value of the NetWitness platform – revealing more of the product’s full potential for enterprises. Buyers need fewer, better investments to support evolving challenges. NetWitness seems to be listening.”

According to Rob McMillan and Peter Firstbrook of Gartner1: “Real-time analysis allows organizations to rapidly gain an understanding of new malware (e.g., zero-day) or targeted malware specifically fashioned to attack a particular entity. This also supports a predictive capability to assess other potential target systems, thus supporting decisions around emergency change management (e.g., short-term network segregation for containment). Finally, this type of analysis also helps assess the attacker’s intent, and the potential damage that may have occurred.”

1Gartner, Inc., “Emerging Vendors in Malware Control, 2010,” December 9, 2010.

About NetWitness

NetWitness' is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solutions are deployed in customer environments to solve a wide range of tough information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls. NetWitness customers include enterprises across the Global 1000 in sectors such as financial services, power and energy, telecommunications, retail, and high-tech, as well as government agencies around the world in defense, homeland security, law enforcement, and intelligence. To download the freeware version of NetWitness Investigator, visit http://download.netwitness.com. For more information about how you can Know Everything and Answer Everything™ using NetWitness, contact: [email protected] Twitter handle: NetWitness.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.