NetWitness Rolls Out Automated Approach To Malware Analysis

NetWitness Spectrum assesses, scores, and prioritizes risks

January 25, 2011

3 Min Read


HERNDON, VA – January 24, 2011 – NetWitness Corporation, creator of the enterprise standard in network monitoring announced the unveiling of NetWitness Spectrum at next month’s RSA Security Conference. NetWitness Spectrum is a revolutionary approach to automating malware analysis that replicates the knowledge, process, and workflow of world-class malware analysts to enable the identification of advanced and zero-day malware.

“Security leaders have chosen NetWitness because of the precision and rigor we bring to network monitoring. We give them transparency,” said Tim Belcher, Chief Technology Officer, NetWitness Corporation. “Previous products attempting to identify zero-day malware implement black box methodologies that rely on accurate threat intelligence to target a very limited sample pool to a singular form of malware analysis. Spectrum transparently delivers NetWitness’ pervasive real-time monitoring along with a diverse range of potent analytic methods.”

NetWitness Spectrum:

Mimics the techniques of leading malware analysts by asking thousands of questions about an object and all of its related network behavior, without requiring a signature or a known “bad” action.

Leverages NetWitness Live by fusing and triangulating information from leading threat intelligence and reputation services to assess, score, and prioritize risks.

Utilizes NetWitness NextGen’s pervasive network monitoring capability for full network visibility and extraction of all content – executable and metadata – across all protocols and applications.

Provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals, including a wealth of detailed supporting data, such as: intelligence fusion, sandboxing, correlation, and scoring options that are designed for diverse environments and rapidly evolving threats.

When combining these distinct analytic and scoring methods with the unique benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum provides an unmatched capability to detect and identify zero-day malware.

“With a detailed record of everything that has happened on the network, the analytic possibilities are vast,” said Joshua Corman, Research Director of Enterprise Security at The 451 Group. “As we stated six months ago, NetWitness’ appropriate focus on data re-use, extensibility, flexibility, and openness provides a unique opportunity to support security teams in their efforts to improve network visibility, close serious gaps and enable continuous process improvement. Like Visualize before it, Spectrum further taps into the latent value of the NetWitness platform – revealing more of the product’s full potential for enterprises. Buyers need fewer, better investments to support evolving challenges. NetWitness seems to be listening.”

According to Rob McMillan and Peter Firstbrook of Gartner1: “Real-time analysis allows organizations to rapidly gain an understanding of new malware (e.g., zero-day) or targeted malware specifically fashioned to attack a particular entity. This also supports a predictive capability to assess other potential target systems, thus supporting decisions around emergency change management (e.g., short-term network segregation for containment). Finally, this type of analysis also helps assess the attacker’s intent, and the potential damage that may have occurred.”

1Gartner, Inc., “Emerging Vendors in Malware Control, 2010,” December 9, 2010.

About NetWitness

NetWitness' is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solutions are deployed in customer environments to solve a wide range of tough information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls. NetWitness customers include enterprises across the Global 1000 in sectors such as financial services, power and energy, telecommunications, retail, and high-tech, as well as government agencies around the world in defense, homeland security, law enforcement, and intelligence. To download the freeware version of NetWitness Investigator, visit For more information about how you can Know Everything and Answer Everything™ using NetWitness, contact: [email protected]. Twitter handle: NetWitness.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights