Realizing that an application or system has been compromised is one thing, but figuring out exactly what should be done about it is quite another.
Looking to extend the reach and scope of its security analytics capabilities, Blue Coat Systems this week announced that it has acquired Norman Shark, a provider of malware analysis software.
According to Steven Schoenfeld, senior vice president of products at Blue Coat, Blue Coat intends to extend the reach of the Norman Shark software across the entire spectrum of its security intelligence services. Schoenfeld says Blue Coat already has an existing partnership with Norman Shark. By opting to acquire Norman Shark, Schoenfeld says Blue Coat expects to be able to more tightly integrate the zero-day sandboxing technology software with Blue Coat software and services, which the company further enhanced earlier this year by acquiring Solera Networks, a provider of a Big Data analytics application that is optimized for security.
Schoenfeld says one of the things that distinguishes Norman Shark most is that it can run a full copy of a custom desktop Windows environment in its sandbox. Rather than emulating a generic Windows environment, Schoenfeld says the Norman Shark approach specifically discovers how an advanced persistent threat (APT) is compromising a specific environment. That information, says Schoenfeld, is critical in terms of discovering how lethal a threat might be and deciding the appropriate response to take to remediate that threat.
While APTs still represent a minority of the threats being aimed at organizations, Schoenfeld says they represent a clear escalation in the type of security threats used because they can be targeted at specific organizations or even individuals. As a result, the level of security that IT organizations will need to provide going forward will need to be significantly more robust and granular than anything most have provided to date. Key to that effort is not only better security software being installed on premise, but also increased reliance on security intelligence services in the cloud that can identify potential threats and appropriate countermeasures long before a threat actually finds a vulnerability to exploit.