Sponsored By

Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis

Malware Analyzer G2 combines emulation, virtualization in one environment

To perform malware analysis, security researchers usually have to choose between two safe "sandboxing" environments: emulation, which is typically used for threat research; and virtualization, which is used for malware simulation. Yesterday, Norman ASA introduced a new "Hybrid Sandboxing" technology that combines both emulation and virtualization in a single environment.

Norman announced the launch of the Norman Malware Analyzer G2 platform, which offers traditional sandbox analysis while also offering new IntelliVM capability, which embeds Norman's proprietary KernelScout technology for discovery of deeply hidden suspicious software behavior.

Malware Analyzer G2, which is used for studying malware in the Windows environment down to the kernel level, is offered as a hardware appliance or as software. It can scale to enterprises that see 100,000 malware samples a day and can integrate with existing analysis labs, honeypots, and other systems already in place, Norman says.

"Until now analysts had to make a choice: do deep malware inspection using emulation techniques or through virtual environments," says Audun Lodemel, vice president of marketing at Norman. "Malware still gets through." The G2 environment will give researchers a better chance to identify and reverse-engineer malware, no matter how deeply it's hidden, he says.

In addition to emulation and virtualization, the G2 environment includes Norman Malware Debugger PRO, which performs deep analysis of suspicious files with all of the functionality of traditional reverse-engineering and debugging tools in a single interface.

Norman Malware Analyzer G2 will be demonstrated at the Black Hat USA conference in Las Vegas next week.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

Black Hat News2011

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights