A new application from NetWitness will automate the analysis, prioritization and workflow of malware as part of the company's comprehensive network monitoring solution. The company will premiere its NetWitness Spectrum (News - Alert) application at the 2011 RSA Conference in San Francisco next week.

NetWitness believes modern malware features built-in obfuscation techniques that are designed to behave like legitimate network traffic and communicate without detection. Nearly every investigated case of financial loss, data leakage and other types of network breaches can be linked to some form of malicious executable such as customizable commercial malware or custom malicious code. These advanced and zero-day attacks have made malware a top priority for security organizations.

"Security leaders have chosen NetWitness (News - Alert) because of the precision and rigor we bring to network monitoring. We give them transparency," said Tim Belcher, chief technology officer, NetWitness. "Previous products attempting to identify zero-day malware implement black box methodologies that rely on accurate threat intelligence to target a very limited sample pool to a singular form of malware analysis. Spectrum transparently delivers NetWitness' pervasive real-time monitoring along with a diverse range of potent analytic methods."

The Spectrum application offers signature-free, automated identification of zero-day, targeted and advanced malware. It leverages the NetWitness platform, adding the diverse methodologies of top malware analysts as well as the collective intelligence of the global security community. It offers the visibility to identify executable content wherever it may exist, and can also answer questions about related behavior of the executable within the context of an organization's individual network environment. The solution can analyze an entire network's interaction with each threat factor and adjust the levels of scrutiny according to priority.

"With a detailed record of everything that has happened on the network, the analytic possibilities are vast," said Joshua Corman, research director of enterprise security at The 451 Group (News - Alert). "As we stated six months ago, NetWitness' appropriate focus on data re-use, extensibility, flexibility, and openness provides a unique opportunity to support security teams in their efforts to improve network visibility, close serious gaps and enable continuous process improvement. Like Visualize before it, Spectrum further taps into the latent value of the NetWitness platform - revealing more of the product's full potential for enterprises. Buyers need fewer, better investments to support evolving challenges. NetWitness seems to be listening."

"Real-time analysis allows organizations to rapidly gain an understanding of new malware (e.g., zero-day) or targeted malware specifically fashioned to attack a particular entity," said Rob McMillan and Peter Firstbrook of Gartner (News - Alert). "This also supports a predictive capability to assess other potential target systems, thus supporting decisions around emergency change management (e.g., short-term network segregation for containment). Finally, this type of analysis also helps assess the attacker's intent, and the potential damage that may have occurred."

NetWitness will demo its new solution at the RSA (News - Alert) Conference, as well as lend perspectives on a number of discussions related to zero-day malware, cloud security and advanced persistent threats. Conference attendees may visit the company's website to obtain a code for a complimentary RSA Conference Expo Pass.

Edited by Tammy Wolf