Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:18 AM
Dark Reading
Dark Reading
Products and Releases

NetWitness Rolls Out Automated Approach To Malware Analysis

NetWitness Spectrum assesses, scores, and prioritizes risks

HERNDON, VA – January 24, 2011 – NetWitness Corporation, creator of the enterprise standard in network monitoring announced the unveiling of NetWitness Spectrum at next month’s RSA Security Conference. NetWitness Spectrum is a revolutionary approach to automating malware analysis that replicates the knowledge, process, and workflow of world-class malware analysts to enable the identification of advanced and zero-day malware.

“Security leaders have chosen NetWitness because of the precision and rigor we bring to network monitoring. We give them transparency,” said Tim Belcher, Chief Technology Officer, NetWitness Corporation. “Previous products attempting to identify zero-day malware implement black box methodologies that rely on accurate threat intelligence to target a very limited sample pool to a singular form of malware analysis. Spectrum transparently delivers NetWitness’ pervasive real-time monitoring along with a diverse range of potent analytic methods.”

NetWitness Spectrum:

Mimics the techniques of leading malware analysts by asking thousands of questions about an object and all of its related network behavior, without requiring a signature or a known “bad” action.

Leverages NetWitness Live by fusing and triangulating information from leading threat intelligence and reputation services to assess, score, and prioritize risks.

Utilizes NetWitness NextGen’s pervasive network monitoring capability for full network visibility and extraction of all content – executable and metadata – across all protocols and applications.

Provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals, including a wealth of detailed supporting data, such as: intelligence fusion, sandboxing, correlation, and scoring options that are designed for diverse environments and rapidly evolving threats.

When combining these distinct analytic and scoring methods with the unique benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum provides an unmatched capability to detect and identify zero-day malware.

“With a detailed record of everything that has happened on the network, the analytic possibilities are vast,” said Joshua Corman, Research Director of Enterprise Security at The 451 Group. “As we stated six months ago, NetWitness’ appropriate focus on data re-use, extensibility, flexibility, and openness provides a unique opportunity to support security teams in their efforts to improve network visibility, close serious gaps and enable continuous process improvement. Like Visualize before it, Spectrum further taps into the latent value of the NetWitness platform – revealing more of the product’s full potential for enterprises. Buyers need fewer, better investments to support evolving challenges. NetWitness seems to be listening.”

According to Rob McMillan and Peter Firstbrook of Gartner1: “Real-time analysis allows organizations to rapidly gain an understanding of new malware (e.g., zero-day) or targeted malware specifically fashioned to attack a particular entity. This also supports a predictive capability to assess other potential target systems, thus supporting decisions around emergency change management (e.g., short-term network segregation for containment). Finally, this type of analysis also helps assess the attacker’s intent, and the potential damage that may have occurred.”

1Gartner, Inc., “Emerging Vendors in Malware Control, 2010,” December 9, 2010.

About NetWitness

NetWitness' is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solutions are deployed in customer environments to solve a wide range of tough information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls. NetWitness customers include enterprises across the Global 1000 in sectors such as financial services, power and energy, telecommunications, retail, and high-tech, as well as government agencies around the world in defense, homeland security, law enforcement, and intelligence. To download the freeware version of NetWitness Investigator, visit http://download.netwitness.com. For more information about how you can Know Everything and Answer Everything™ using NetWitness, contact: [email protected] Twitter handle: NetWitness.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.