Proactive forensic toolkit for threat-based policies

Norman ASA announced its Forensic Toolkit, which enables organizations to investigate client activity and provides a management console that makes it easy to apply policies to proactively eliminate suspicious client behavior.

Norman Forensic Toolkit uses extensive analysis collected via Norman SandBox technology to determine policies that define “bad behavior.” It identifies suspicious client behavior and decodes the threat before creating a policy based on the threat’s behavior. The management console is used to distribute the policy across the network, clean infections and block future instances of the threat.

For example, when network administrators read about a new form of malware that hides behind a rootkit and creates suspicious files, changes registry settings and tries to connect to an outside server, they can enter these details into the management console, submit the search throughout the network with “uninstall threat” as the remediation setting, and the threat is instantly mitigated and reported.

If a network is compromised by a “zero day” threat that is discovered by Norman SandBox, the Toolkit launches an automatic, predefined search and the network is scanned for matching threats. The management console is then used to apply policies based on the threats behavior—and users can share this information with Norman’s Labs, where it is evaluated and re-distributed to prevent a potential infection reaching other Norman users.