Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis

Malware Analyzer G2 combines emulation, virtualization in one environment

To perform malware analysis, security researchers usually have to choose between two safe "sandboxing" environments: emulation, which is typically used for threat research; and virtualization, which is used for malware simulation. Yesterday, Norman ASA introduced a new "Hybrid Sandboxing" technology that combines both emulation and virtualization in a single environment.

Click here for more of Dark Reading's Black Hat articles.

Norman announced the launch of the Norman Malware Analyzer G2 platform, which offers traditional sandbox analysis while also offering new IntelliVM capability, which embeds Norman's proprietary KernelScout technology for discovery of deeply hidden suspicious software behavior.

Malware Analyzer G2, which is used for studying malware in the Windows environment down to the kernel level, is offered as a hardware appliance or as software. It can scale to enterprises that see 100,000 malware samples a day and can integrate with existing analysis labs, honeypots, and other systems already in place, Norman says.

"Until now analysts had to make a choice: do deep malware inspection using emulation techniques or through virtual environments," says Audun Lodemel, vice president of marketing at Norman. "Malware still gets through." The G2 environment will give researchers a better chance to identify and reverse-engineer malware, no matter how deeply it's hidden, he says.

In addition to emulation and virtualization, the G2 environment includes Norman Malware Debugger PRO, which performs deep analysis of suspicious files with all of the functionality of traditional reverse-engineering and debugging tools in a single interface.

Norman Malware Analyzer G2 will be demonstrated at the Black Hat USA conference in Las Vegas next week.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...