Norman Data Defense Systems Introduces Automated Malware Forensics

Norman Data Defense Systems announced the release of its Norman SandBox Analyzer product line. The tools allow IT professionals to conduct their own forensic analysis in an automated fashion to produce detailed insight in a matter of seconds.

"This is the first time a data security company has put forensic tools this powerful directly into the hands of in-house security personnel," stated Hank Dugan, CEO of Norman Data Defense Systems' North American subsidiary.

As the name implies, SandBox Analyzer works by providing sandbox technology to confine malware in a controlled simulated computer environment. The sandbox lets malware operate as it normally would while the analyzer records all of its actions, such as sending email, deleting or creating files, opening ports, and making network connections. Norman said that due to the way the sandbox is constructed, malware never gains access to real system resources.

IT pros benefit from having detailed analysis available and using that information to better protect their networks. For example, if a given piece of malware tries to connect to sites on the Internet, then those URLs can immediately be added to block lists.

SandBox Analyzer was officially released at the Infosecurity Conference in New York City this week, where the product was named winner of the 2006 Tomorrow's Technology Today Award in the Virtual Environment Solutions and Forensics categories. The product line is available as Sandbox Analyzer and Sandbox Analyzer Pro, as well as Sandbox Analyzer Reporter, which is an online subscription service.