Spectrum 
Zero-day and targeted malware is successfully compromising your network and evading existing security technologies. Why? Modern malware is designed to behave like legitimate traffic and communicate undetected. NetWitness developed Spectrum in response to demand from security professionals for precise and pervasive identification and prioritization of the broad range malware-related threat.
The Need for A New Approach
Over the past several years, advanced and zero-day malware attacks have become a growing problem with no sign of abatement. This issue has become the top concern for most security organizations. Nearly every investigated case of data leakage, financial loss, or other network breach involves some form of malicious executable (i.e., customizable commercial malware or custom malicious code) that is being used to maintain a foothold into compromised networks. Obfuscation techniques are evolving at an increasing rate and traditional security tools cannot consistently keep up. The current threat environment demands a new, agile approach to the detection of malware.
NetWitness Spectrum – Automated Malware Analysis
Spectrum is an analytical workbench that revolutionizes the identification, analysis, and prioritization of malware-based threats to enterprise networks. Advanced security analysts understand that no tool can block all attacks. Spectrum helps enable security operations centers to identify and mitigate serious problems missed by both traditional and modern approaches to malware protection.
What makes Spectrum unique is its ability to see the full spectrum of attacks and analyze all the data in a network utilizing four distinct investigation techniques that an advanced analyst would use to investigate and prioritize events. Spectrum automatically analyzes every executable going across the network, and can answer questions about the behavior of files within the full context of an organization’s network.
When combining these distinct analytic and scoring methods with the unique benefits obtained from pervasive visibility into content and behavior, NetWitness Spectrum provides an unmatched capability to detect and identify zero-day malware.
At a high level, Spectrum:
- Identifies the widest spectrum of malware, APTs and zero-day attacks
- Analyzes attacks by utilizing a wide spectrum of investigation techniques
- Increases the speed and accuracy of investigations
- Enhances the value derived from existing security investments
Spectrum offers the first analytical workflow combined with a complete rendering of network traffic for ubiquitous, automated malware analysis; thus, delivering the most comprehensive identification, investigation and risk-based prioritization of malicious content activity directly into the hands of security teams. Security operations teams can effectively and efficiently determine proactive remediation efforts based on the solution’s results.
- Inspects all network sessions, regardless of protocol, for suspicious activity or files. Detects and flags both suspicious network activity and files
- Imports a file or a session or a file and session to be processed
- Integrates bi-directionally with NextGen Investigator for in depth analysis
- Risk-based scoring methodology with all context behind a score exposed to help prioritize remediation efforts
- Leverages NetWitness Live for list-based content and context, including NetWitness Profilers (indicators, parsers, reports and rules)
- Provides anonymous submission of files via Live to the security community for analysis, including white list/black lists, reputation services, dynamic/static analysis services and others
- Integrates with Identity via NetWitness Live to associate users with activity
- Integrates with both on-premise and cloud-based sandboxes
- Flexible Dashboard, Chart and Summary displays for a unified view
- Web-based user interface with multi-lingual support
- Supports SNMP, syslog, and SMTP data push for integration in SIEM
- Full role-based access controls
- Stand alone and NextGen-integrated product options available
NetWitness Spectrum™ Appliance
| SKU | Processor | RAM | Interfaces | Total Storage | Power | Form Factor | Weight | |
|---|---|---|---|---|---|---|---|---|
 |
NWA200-N-32M | Dual Intel Xeon E5620 Quad Core, 2.4GHz | Up to 32GB | (2) 100/1000 Copper | 8TB | Redundant Max 700W | 1U, Full-Depth | 45 lbs |
 |
NWA2400-N-64M | Dual Intel Xeon X5650 Hex Core, 2.66GHz | Up to 64GB | (6) 100/1000 Copper | 24TB | Redundant Max 800W | 2U, Full-Depth | 65 lbs |
