Spectrum
Zero-day and targeted malware is successfully compromising your network and evading existing security technologies. Why? Modern malware is designed to behave like legitimate traffic and communicate undetected. NetWitness developed Spectrum in response to demand from security professionals for precise and pervasive identification and prioritization of the broad range malware-related threat.
The Need for A New Approach
Over the past several years, advanced and zero-day malware attacks have become a growing problem with no sign of abatement. This issue has become the top concern for most security organizations. Nearly every investigated case of data leakage, financial loss, or other network breach involves some form of malicious executable (i.e., customizable commercial malware or custom malicious code) that is being used to maintain a foothold into compromised networks. Obfuscation techniques are evolving at an increasing rate and traditional security tools cannot consistently keep up. The current threat environment demands a new, agile approach to the detection of malware.
NetWitness Spectrum – A Revolutionary Approach
Spectrum is built upon the award winning NetWitness network monitoring platform, which provides enterprise-wide visibility and complete knowledge of all network activity. In addition to utilizing this unparalleled visibility to identify executable content wherever it exists, Spectrum is able to answer any question about the related behavior of that executable in the context of the unique environment that is your organization’s network. In effect, Spectrum is able to consider the history of your entire network’s interaction with each threat actor on the Internet, and adjust the levels of scrutiny accordingly. It’s like having an HD video camera attached to every object crossing the wire.
For each piece of executable content found on the network, Spectrum will ask thousands of questions concerning the file. At a high level, Spectrum:
•Mimics the techniques of leading malware analysts by asking thousands of questions about an object and all of its related network behavior, without requiring a signature or a known “bad” action.
•Leverages NetWitness Live by fusing and triangulating information from leading threat intelligence and reputation services to assess, score, and prioritize risks.
•Utilizes NetWitness NextGen’s pervasive network monitoring capability for full network visibility and extraction of all content — executable and metadata — across all protocols and applications.
•Provides transparency and efficiency to malware analytic processes by delivering complete answers to security professionals, including a wealth of detailed supporting data, such as: intelligence fusion, sandboxing, correlation, and scoring options that are designed for diverse environments and rapidly evolving threats.
When combining these distinct analytic and scoring methods with the unique benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum provides an unmatched capability to detect and identify zero-day malware.
Spectrum offers the first analytical workflow combined with a complete rendering of network traffic for ubiquitous, automated malware analysis; thus, delivering the most comprehensive identification, investigation and risk-based prioritization of malicious content activity directly into the hands of security teams. Security operations teams can effectively and efficiently determine proactive remediation efforts based on the solution’s results
