Store
|
Contact Norman
|
About Norman
|
Select location
Corporate
Norge
France
Deutschland
Sverige
Danmark
Suomi
Nederland
Schweiz
España
United States
United Kingdom
Italia
Proactive IT security
Home / Home office Small / Medium business Enterprise Our technology Security center Norman as a business partner Support   Partner web
Home
>
Enterprise
>
All enterprise products
>
Malware Analyzer products
>
Norman SandBox Online Analyzer
All enterprise solutions
All enterprise products
Endpoint security
Email products
Gateway products
Malware Analyzer products
Services

Norman SandBox Online Analyzer

Key features

Norman SandBox Online Analyzer - product image

Norman SandBox Online Analyzer is a web-based and cost effective alternative to the full Norman SandBox Analyzer tool. Like SandBox Analyzer, SandBox Online Analyzer enables users to analyze file behavior in a much faster and more effective way than ever before. The analyst may upload files for analysis and view previous analyses and statistics from anywhere in the world. The need for manpower and actual time needed to analyze the suspicious files are thereby reduced considerably.

The service allows the customer to upload suspicious executable files to Norman’s dedicated servers which will then provide a comprehensive analysis of the files' action. After a file has been processed, reports with in-depth descriptions of the file's actions in an API log view and a summary report are available in a web interface.

The summary report includes the following information blocks:

  • File/Malware categories, i.e. W32/Backdoor, W32/Worm, W32/Downloader, etc.
  • Changes to the computers file system.
  • Changes in the registry and system settings. 
  • Network Services details 
  • Processor and window information

SandBox Online Analyzer satisfies the following requirements: 

  • Customers not requiring unlimited analysis capabilities of the SandBox Analyzer.
  • Analysts frequently away from designated malware analysis lab locations. 
  • Customers who do not have a dedicated virus analysis lab and wish to let Norman supply the processing power

SandBox Online Analyzer allows the customer to purchase a set number of file analysis submissions, eliminating the need to purchase the unlimited processing power of a local SandBox Analyzer installation. Access to various types of statistics and historical trends of malicious techniques used in malware analyzed by Norman SandBox is also available.

Downloads

Type Title Comment Usage
Try Norman SandBox Analyzer products Online registration form Form
Request live demo

Live demo of Norman SandBox analyzer products

 Form
Norman Green Book on Analyzing Malware

Executive White Paper

 Whitepaper
The SANS Technology Institute - Interview About The Norman Malware Analyzer Interview with Kurt Natvig and Righard J. Zwienenberg from Norman.  

Detailed product information

More about...
Detailed information
Deployment scenarios
Comparison Chart - SandBox Analyzer, SandBox Online Analyzer and Norman SandBox Analyzer Pro

SandBox Technology

Norman has pioneered new advancements in reverse engineering technologies over the past decade and antivirus enhancements for over two decades. Years of real world testing and enhancements in Norman’s analysis labs have resulted in Norman’s proactive SandBox technology. SandBox is now one of the main components used to process the multitude of samples Norman and many other organizations receive each day. SandBox provides for a full simulation of potentially malicious executable code in a safe environment. The underlying SandBox technology simulates a Windows based computer system. SandBox emulates all hardware and software used in a real Windows environment, as well as necessary network services. The file to be analyzed is loaded into the simulated hard disk and started in the simulated Windows environment. Inside the simulated environment, the file will behave as it would in a real computer system. This behavior is observed by the SandBox as the SandBox emulator itself is responsible for processing all the file code. As a proprietary technology, Norman has full control to tailor the environment to current and future forensic needs and adapt to emerging threats.

Exploit Code

SandBox Analyzer products now have the ability to not only detect and analyze executable code, but also exploit code concealed in Microsoft Office as well as other popular exploitable file formats. Arbitrary code execution is becoming a greater problem every day, especially when they come in the form of a zero day exploit. The ability to quickly understand these exploits using Norman’s SandBox technology saves analysts a great deal of effort, not to mention the avoidance of impact this will have upon users and organizations.

Advanced Packer Support

Packers are increasing in use, with trends moving toward more complex protectors like Themida, Enigma, and Slovak Protector(SVKP). These technologies are readily available as both free and commercial applications, making it easy for any malware author not skilled enough to write self defending codes themselves, to build it into their malicious applications. In general, packers and protectors are not a problem for SandBox. As a fully emulated Windows system, the executable will simply run through the protection mechanisms as it would on real system.

Rootkits

Norman SandBox is able to detect rootkit activity when malicious code attempts to inject its own code or custom behavior into other applications, drivers, or the host SandBox operating system.

Find your local reseller


Relevant products
Norman SandBox Analyzer (Enterprise)
Norman SandBox Analyzer Pro (Enterprise)
Norman SandBox Reporter (Enterprise)
Events
Black Hat Europe 2010 [2010-04-12]
Infosecurity Europe 2010 [2010-04-27]
Black Hat USA 2010 [2010-07-24]
Support
Support issues for Norman SandBox Online Analyzer
RELEVANT WEBCASTS
Register for SandBox Analyzer webcast
Privacy policy
|
License agreement
|
Trademarks
|
Sitemap