Netwitness Spectrum tops anti-malware list

Netwitness Spectrum

RSA Netwitness Spectrum software, which allows operators to scan almost every corner of their electronic networks for paralyzing malicious code, took the “Best Anti-Malware Solution” trophy home from the 2011 GSN homeland security awards.

Nearly 100,000 new malware samples are found daily, said the company in nominating its product. Criminals and nation-state elements quickly adapt to security solutions, rendering signature-dependent malware defenses obsolete, it said. New approaches, said the company, that look exclusively for “bad,” based on certain predictable behavioral patterns, can also be defeated. The company’s Spectrum product changes the game by allowing organizations to automatically analyze every executable on their network to determine its maliciousness.

The software, it said, uses multidiscipline methodology to look for deviations from a known good state without signatures and prioritizes the results, so security analysts can focus their remediation efforts. Competing technologies only provide limited capabilities and visibility into modern malware because they rely on their own threat intelligence (blacklist “cloud” of signatures) or are dependent on one or two possible analytical methodologies such as sandboxing, it said. Sandboxing is suspect to environmentally VM-aware malware and temporal subterfuge, missing many potential advanced threats. There are numerous examples in which zero-day malware and APTs slip past technologies that rely heavily on proprietary cloud-based intelligence and a sandbox. Only Spectrum employs four distinct and concurrent analytic methodologies to deliver consolidated and prioritized malware analysis that blends diverse threat intelligence, deep packet inspection, multi-vendor sandboxing, and static analysis to ensure maximum visibility into advanced threats.

Spectrum alerts users to valid threats, false positives, or lower priority beacons and spam bots and perhaps most importantly, tells users where the threat made its entry, how it moved laterally, what systems were owned, what data was exfiltrated, and when. In contrast to current approaches, Spectrum is the only platform that analyzes everything;  fuses and triangulates information from multiple third-party intelligence/reputation services; delivers precise and multidimensional answers on the structure and behavior of suspect malware and provides the content and context of all network activity associated with suspect malware, said the company.

Once NetWitness records the data, it is reused for a variety of purposes, allowing economy of scale and efficiency of operations. This “big data” aggregation and data re-use model, and central analytics on an N-tier architecture differs from current models where security investments become obsolete, said the company.

NetWitness can act as a force multiplier by automating deep malware analysis that is typically a manually intensive process conducted by highly skilled individuals, said RSA. Spectrum delivers prioritized results with workflow that enables the security team to efficiently track and remediate the greatest areas of risk. Spectrum removes the guesswork and definitively answers whether or not malware is on the network.

The GSN homeland security awards were handed out during a festive celebratory dinner in Washington, DC, on Nov. 14. For a complete list of all categories and all winners, click here.