Newest Listing

Top Rated

Most Popular

Net Adv Malware SystemsRSS

Network Advanced Malware Systems

The Category Name

There is some debate surrounding what this category should be called and there is little doubt that the name will change over time as the products morph and mature, (it has changed several times tonight as I created the page) moreover, once the vendor marketing people start spending money!

NSS refer to these products as Breach Detection Systems, in my opinion the definition of the word Breach is too similar to the word Intrusion, moreover, these products don't just detect threats within files they can prevent them

Next Generation is also banded about and whilst there is logic in the term, it will soon become dated.

Introduction

Products within this category fill the gap left by antivirus solutions which use signatures and heuristics. The threat from individually crafted malware is on the increase, these unique payloads are often being targeted towards individuals with increasingly complex and convincing delivery methods. The concept has been around for years and known as spear phishing and more recently Advanced Persistant Threat (APT).

The Technology

In order to identify the threats within the payloads the files are deconstructed, analysed and run in a "sandbox" which emulates the target environment. The complexity of the analysis varies between products. There appears to be 2 distinct methods of sandboxing, the first performs the analysis remotely in the Cloud and reports back to the device, the second conducts the analysis locally.  There are pros and cons with both

Remote File Sharing.  By analysing the files remotely a deeper and more complex analysis can be performed, however, the files in question must leave the controlled space of the client, there is also some latency in the response.  Another benefit is that these products may have large quantities of endpoint solutions, greatly increasing the number of files being analysed.

Local Analysis. You keep the files and they don't leave your controlled space, this is of particular value to Defence etc, there is some argument that a file entering your network from the Internet is already compromised. These products react quicker but do not conduct such rigorous tests as those which send files home for analysis

 

 

 

Sourcefire AMP for FirePOWER

Visit the Product Site

Sourcefire Advanced Malware Protection for FirePOWER™ provides users with the ability to protect against sophisticated network malware, advanced persistent threats (APTs) and targeted attacks – from point of entry, through propagation, to post-infection r ...

VendorSourcefire
Pricing ModelCommercial
Modified
FireEye MAS

Visit the Product Site

The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted APT attacks embedded in common file formats ...

VendorFireEye
Pricing ModelCommercial
ModifiedNever
McAfee Network Threat Response

Visit the Product Site

McAfee Network Threat Response is a software package that captures, deconstructs, and analyzes malware that is resident inside your network today. Network Threat Response is a powerful cyber tool for security analysts. It automatically identifies malware ...

VendorMcAfee
Pricing ModelCommercial
Modified
Websense ThreatSeeker Network

Visit the Product Site

In-the-Cloud Sandboxing. Sandbox analysis is difficult to perform in real time, since malware samples can take a few minutes to activate. The ThreatSeeker Network can generate many different online sandbox environments to simulate various target platforms ...

VendorWebsense
Pricing ModelCommercial
Modified
Palo Alto WildFire

Visit the Product Site

Palo Alto Networks has developed WildFire, which provides the ability to identify malicious behaviors in executable files by running them in a virtual environment and observing their behaviors. This enables Palo Alto Networks to identify malware quickly a ...

VendorPalo Alto
Pricing ModelCommercial
Modified
Norman Malware Analyser G2 (MAG2)

Visit the Product Site

NNP collects files on the wire, detects known malware and delivers payloads from unknown threats to the MAG2 for deep malware analysis. Once analysis is completed in MAG2, security teams have actionable intelligence to remediate the damage from the malwar ...

VendorNorman
Pricing ModelCommercial
Modified

Visit the Product Site

ThreatSecure enables users to indentify and isolate risks associated with Advanced persistent Threats (APTs), targeted attacks and Zero-Day threats. ThreatSecure reduces your exposure to advanced threats and data-breaching malware through  threat de ...

VendorThreat Track Security
Pricing ModelCommercial
Modified

Visit the Product Site

ThreatAnalyzer enables you to completely and accurately quantify the risk and exposure your organization faces from any malware threat. As a fully customizable platform, ThreatAnalyzer enables you to recreate your entire application stack (including virt ...

VendorThreat Track Security
Pricing ModelCommercial
Modified