Enhanced automated malware analysis by RSA

RSA announced new capabilities for RSA NetWitness Spectrum, an analytical workbench for the identification, analysis and prioritization of malware-based threats to enterprise networks.

The new capabilities provide support for real-time analysis of an expanded list of content types associated with many of the most critical advanced threat vectors. RSA also has added a host of new intelligence partners, expanding the multi-source community of expertise from which RSA NetWitness Spectrum draws its situational awareness.

RSA NetWitness Spectrum is built upon the RSA NetWitness network security monitoring platform which is designed to enable enterprises to record and analyze all network traffic. It leverages the power of the RSA NetWitness architecture to re-use the captured data and apply four distinct techniques that an advanced analyst would use to investigate and prioritize malware-related events.

The workbench is engineered to automatically analyze all executable content going across the network by automatically answering thousands of questions about the behavior of files within both the full context of an organization’s network and its relationship to security intelligence across an ecosystem of content providers.

This approach permits the security operation center to better determine “Which files are suspect? Why might it be malicious? What is it trying to do? Where else is it on the network? Which files deserve my attention more than others?” much faster and with more accuracy than in the past.

The workbench is also designed to extend the core RSA NetWitness enterprise security platform, as well as complement RSA’s other security technologies, by providing richer context around additional alerts and events.

RSA NetWitness Spectrum 1.1 has added support for Adobe PDF, Microsoft Office documents and JAR archive to its analysis engine. As targeted attacks using PDFs as an infection vehicle grow, it is now engineered to subject all PDF, Microsoft Office documents and JAR files to the same investigative rigor as every executable – combining four distinct investigation techniques including sandboxing, community intelligence, file content and network behavior analysis.

Additionally, RSA has added new partners to the extensive community of threat intelligence and sandboxing providers. From these partners, RSA NetWitness Spectrum draws situational awareness and offers customers the ability to select and use a wide array of intelligence and content providers. The new partners include out-of-the-box integration with industry leading dynamic malware analysis from ThreatGRID as well as GFI SandBox. Additionally, a host of other intelligence and whitelist providers have been added to bolster Spectrum’s analytical arsenal.

“The days of signatures, blacklists and purpose-built security defenses alone are gone,” said Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group. “At best, these products provide baseline protection. What’s needed is an approach that looks beyond basic patterns, models the subtle ebbs and flows of network activity, then analyzes how content and behavior should be judged based upon anomalies and business policies. RSA is one of the vendors that truly understands this and is delivering an advanced level of situational awareness in advanced malware detection.”