Malware, or nasty little bits of computer code that maliciously infect your computer when you download a file or use a certain application, is one of the modern age's biggest plagues (along with bedbugs). While network monitoring companies probably can't do anything about bedbugs, one such company, Herndon-Va.-based NetWitness Corporation, is pushing ahead to tackle the specter of malware with the unveiling of its new NetWitness Spectrum (News - Alert) at next month's RSA Security Conference.

NetWitness Spectrum is a new idea in automating malware analysis that replicates the knowledge, process and workflow of world-class malware analysts to enable the identification of advanced and zero-day malware. (“Aero-day” refers to a virus or malware attack that occurs before the developer of the software or application even knows about the vulnerabilities the malware has been designed to exploit).

“Security leaders have chosen NetWitness (News - Alert) because of the precision and rigor we bring to network monitoring. We give them transparency,” said Tim Belcher, chief technology officer of NetWitness Corporation. “Previous products attempting to identify zero-day malware implement black box methodologies that rely on accurate threat intelligence to target a very limited sample pool to a singular form of malware analysis. Spectrum transparently delivers NetWitness' pervasive real-time monitoring along with a diverse range of potent analytic methods.”

The new solution actually mimics the techniques of malware analysts by asking thousands of questions about an object and all of its related network behavior, without requiring a signature or a known “bad” action. It collects and aggregates available threat intelligence in order to assess, score and prioritize the risk.

Once this is accomplished, it leverages NetWitness NextGen's (News - Alert) network monitoring capability for full network visibility and extraction of all content – executable and metadata – across all protocols and applications. The result is that it provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals, including a wealth of detailed supporting data, such as: intelligence fusion, sandboxing (running unknown applications in a safe environment where they can't do any harm, in order to study and test them), correlation and scoring options that are designed for diverse environments and rapidly evolving threats.

When combining these distinct analytic and scoring methods with the benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum is in a position to provide advanced capability to detect and identify zero-day malware.

“With a detailed record of everything that has happened on the network, the analytic possibilities are vast,” said Joshua Corman, research director of Enterprise Security at The 451 Group (News - Alert). “As we stated six months ago, NetWitness' appropriate focus on data re-use, extensibility, flexibility, and openness provides a unique opportunity to support security teams in their efforts to improve network visibility, close serious gaps and enable continuous process improvement. Like Visualize before it, Spectrum further taps into the latent value of the NetWitness platform – revealing more of the product's full potential for enterprises. Buyers need fewer, better investments to support evolving challenges. NetWitness seems to be listening.”

According to Rob McMillan and Peter Firstbrook of analyst company Gartner (News - Alert), “Real-time analysis allows organizations to rapidly gain an understanding of new malware (e.g., zero-day) or targeted malware specifically fashioned to attack a particular entity. This also supports a predictive capability to assess other potential target systems, thus supporting decisions around emergency change management (e.g., short-term network segregation for containment). Finally, this type of analysis also helps assess the attacker's intent, and the potential damage that may have occurred.”