Appliance automates malware detection

Security firm NetWitness today announced Spectrum, an appliance for enabling automated malware analysis that works in conjunction with the company's traffic-analysis gear used to spot threats and policy violations.

FIGHTING BACK: Is retaliation the answer to cyberattacks?

The Spectrum appliance is intended to sit at the Internet gateway to examine inbound/outbound network traffic and it can find inbound evidence of "an executable and inappropriate file," or outbound botnet activity, according to Eddie Schwartz, NetWitness chief security officer. "It's another application on top of our infrastructure."

While Spectrum doesn't block suspected inbound malware, it can issue a warning to the security manager about suspicious traffic and enables the NetWitness NextGen equipment to keep track of potential malware code and where it's going in real-time, the company says.

"You can get a profile of how malware moved around the organization," says Schwartz.

Spectrum, which starts at $50,000 and is available, is intended to compete with products from Damballa and FireEye.

Read more about wide area network in Network World's Wide Area Network section.