In the modern world of information security, there is a need for enterprises to rapidly identify and analyze new forms of malware.
Security vendor Norman is now advancing its malware analysis technology with Norman Malware Analyzer G2 platform. The system is for enterprises and governments that have a need to do their own security analysis as the threats of targeted advanced persistent threats continue to grow.
The Malware Analyzer platform uses two different types of vitualization technologies in an effort to identify and test malware to find out what it might do in a real world environment.
"We now have emulation and virtualization and have combined the two for analysis of malicious code," Einar Oftedal Head of Malware Detection Team at Norman told InternetNews.com.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Oftedal explained that the system provides a web front-end that enables users to analyze code samples. He noted that the system provides high-level details on potential malware as well as a drill down that could enable a user to reverse engineer the malware.
"A big trend we've seen in the last few years is companies setting up incident response teams with people that have tools that do malware analysis," Oftedal said.
"A recent study from Cisco pointed toward the same trend. Cisco found a decline in mass attacks and an increase in targetted attacks.
Oftedal explained that Malware Analyzer G2 is an analyais framework and enables code samples to be submitted via email or via an API that Norman has exposed. As well, if an enterprise anti-virus system for some reason doesn't catch a piece of malware and a PC in the enterprise is infected the sample can be analyzed directly in the Malware Analyzer.
""It gives actionable information that for example can identify that the code is connected to a particular host on a specific port," Oftedal said. "Users can then use the data to respond to the incident and take remediation actions."
"The Norman Malware analyzer is available as both a hardware appliance as well as a software solution. Oftedal noted that Norman is using Linux as the base operating system for their appliances.
"On the virtualization and emulation technologies, Oftedal said that the analyzer has a code sandbox that was built in-house by Norman researchers. They also use a third party virtualization technology that Oftedal declined to specify.
""We are not exposing the technology we're using for the virtual machine as that's a cat and mouse game with threat vectors," Oftedal said.
"Overall, Oftedal expects the need for enterprises and service providers to analyze malware internally will continue to grow.
""I expect to see people scaling their security teams to be able to react as fast as possible when security incidents happen," Oftedal said. "Having an incident response team is something that I see as being required by most enterprises."