NetWitness' CSO on targeted malware, Spectrum malware analysis tool


NetWitness' CSO on targeted malware, Spectrum malware analysis tool

NetWitness Corp. is debuting its new Spectrum automated malware analysis tool, which adds malicious code analysis capabilities to the company's NextGen network capturing appliances.

Eddie Schwartz, chief security officer of the

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

company, said the new platform, combined with NextGen, makes network capturing more proactive rather than a tool used by forensics investigators.

"Nobody is ever going to stop all inbound attacks, but as things cross the wire you can get closer to a better set of analytics that combines the various dynamics that are out there," Schwartz said. "The dynamics that are unique to your IT environment, unique to technologies you use and unique to the way your users behave and the dynamics of the threat environment."

Schwartz said the new platform could help differentiate NetWitness from its chief competitors, Solera Networks and NIKSUN. Spectrum automates malware analysis, checking new malware found on the company network and scoring it to prioritize risks. The platform can perform static analysis against suspicious objects it finds on the network and determine whether those objects contain malicious code. New malware detected on the network is checked against NetWitness' own malware analysis data and feeds from the SANS Internet Storm Center, SRI International, the Department of the Treasury and VeriSign. The appliances can also push data into major security, information and event management (SIEM) appliances.

Schwartz said the goal is to prioritize remediation and make the process more efficient. In this edition of Security Wire Weekly, Schwartz talks about targeted malware in the wake of the Stuxnet Trojan and explains why blocking all inbound attacks is impossible.

Play now:

Download for later:

Security Wire Weekly: Eddie Schwartz, CSO of NetWitness Corp.
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As