Skip to main content

Net Adv Malware Systems

Network Advanced Malware Systems

The Category Name

There is some debate surrounding what this category should be called and there is little doubt that the name will change over time as the products morph and mature, (it has changed several times tonight as I created the page) moreover, once the vendor marketing people start spending money!

NSS refer to these products as Breach Detection Systems, in my opinion the definition of the word Breach is too similar to the word Intrusion, moreover, these products don't just detect threats within files they can prevent them

Next Generation is also banded about and whilst there is logic in the term, it will soon become dated.

Introduction

Products within this category fill the gap left by antivirus solutions which use signatures and heuristics. The threat from individually crafted malware is on the increase, these unique payloads are often being targeted towards individuals with increasingly complex and convincing delivery methods. The concept has been around for years and known as spear phishing and more recently Advanced Persistant Threat (APT).

The Technology

In order to identify the threats within the payloads the files are deconstructed, analysed and run in a "sandbox" which emulates the target environment. The complexity of the analysis varies between products. There appears to be 2 distinct methods of sandboxing, the first performs the analysis remotely in the Cloud and reports back to the device, the second conducts the analysis locally.  There are pros and cons with both

Remote File Sharing.  By analysing the files remotely a deeper and more complex analysis can be performed, however, the files in question must leave the controlled space of the client, there is also some latency in the response.  Another benefit is that these products may have large quantities of endpoint solutions, greatly increasing the number of files being analysed.

Local Analysis. You keep the files and they don't leave your controlled space, this is of particular value to Defence etc, there is some argument that a file entering your network from the Internet is already compromised. These products react quicker but do not conduct such rigorous tests as those which send files home for analysis

 

 

 

Defeat business email compromise using advanced heuristics, BEC scam analysis, sender authentication enforcement & controls, and domain intelligence to help block typo squatting and identity spoofing.Protect your brand reputation by using automation t ...

Messaging Gateway

Every second of the day, the Forcepoint ThreatSeeker Intelligence scours the vast expanse of online content for potential threats. It’s up to the task. It receives global input from over 155 countries and, working in parallel with Forcepoint ACE, analyzes ...

WildFire utilizes near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats, keeping your organization protected. Scan Malware Anywhere Access advanced file analysis capabilities to secure applications like we ...

Palo Alto WildFire
VIPRE Security

VIPRE ThreatAnalyzer is a dynamic malware analysis sandbox that lets you safely reveal the potential impact of malware on your organization—so you can respond faster and smarter in the event of a real threat.

VIPRE ThreatAnalyzer