Product Watch: Norman Introduces 'Hybrid Sandboxing' Malware Analysis

To perform malware analysis, security researchers usually have to choose between two safe "sandboxing" environments: emulation, which is typically used for threat research; and virtualization, which is used for malware simulation. Yesterday, Norman ASA introduced a new "Hybrid Sandboxing" technology that combines both emulation and virtualization in a single environment.

Norman announced the launch of the Norman Malware Analyzer G2 platform, which offers traditional sandbox analysis while also offering new IntelliVM capability, which embeds Norman's proprietary KernelScout technology for discovery of deeply hidden suspicious software behavior.

Malware Analyzer G2, which is used for studying malware in the Windows environment down to the kernel level, is offered as a hardware appliance or as software. It can scale to enterprises that see 100,000 malware samples a day and can integrate with existing analysis labs, honeypots, and other systems already in place, Norman says.

"Until now analysts had to make a choice: do deep malware inspection using emulation techniques or through virtual environments," says Audun Lodemel, vice president of marketing at Norman. "Malware still gets through." The G2 environment will give researchers a better chance to identify and reverse-engineer malware, no matter how deeply it's hidden, he says.

In addition to emulation and virtualization, the G2 environment includes Norman Malware Debugger PRO, which performs deep analysis of suspicious files with all of the functionality of traditional reverse-engineering and debugging tools in a single interface.

Norman Malware Analyzer G2 will be demonstrated at the Black Hat USA conference in Las Vegas next week.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.