AccessData has released version 4 of its flagship Forensic Toolkit (FTK) product as well as two new expansion modules for forensic examiners and malware analysts. Cerberus is a malware analysis and triage technology aimed at reducing the level of expertise required to triage suspected malware. AccessData hopes that the new module will allow incident responders to gain actionable intelligence on malware threats without waiting for a malware team to analyze binaries in a sandbox using traditional, and often time-consuming, reverse-engineering techniques.

Providing the first step toward automated reverse engineering, Cerberus assigns threat scores and performs disassembly analysis to determine the behavior and intent of suspect binaries, prior to sending them on for deeper analysis. The Visualization module allows FTK users to view data in multiple display formats, including timelines, social analyzer, pie charts and more. This release combines the back-end processing of FTK with a new graphical analytic interface, allowing FTK users to enhance the accuracy and speed with which they can analyze case data.

(Read the full report here. A 451 Research subscription is required but a free trial is available here)

Columbia, Maryland-based Tenable Network Security has released version 5.0 of its venerable Nessus vulnerability scanner with a focus on ease of use, rapid policy creation, fully customizable reports, and improved scan-time and navigation efficiency. The company has also been busy collaborating with SCADA consultancy Digital Bond to bring its detection and passive monitoring capabilities into critical infrastructure environments such as electric grids, oil pipelines, chemical manufacturing plants and water treatment plants.

(Read the full report here. A 451 Research subscription is required but a free trial is available here)

(Note: This 451 Research report expands upon the ideas put forth in my Dark Reading Big Data Security Or SIEM Buzzword Parity? blog post)

We doubt that we would find anyone that would argue that there wasn’t a wealth of security-pertinent data made available by the various deployed technical controls and corresponding user actions in an enterprise environment. An argument that many would likely join in on, however, is the question of what data is relevant in a security context. Some might say that only network-level logs (such as firewall or IPS logs) and user-access-related logs are required, whereas others might include endpoint security logs, proxy-related logs and maybe even deep packet inspection data. Something that we can likely all agree upon, however, is that having access to information that might be required is likely better than lamenting not having access to it in the midst of a security incident. The fact is, security has become a ‘big data’ problem. If organizations want to collect all data (and we do mean ALL data) on the odd chance that it might contain information pertinent to the success of the security program, organizations need to start thinking less about security as a tangible defensive control and more as an abstraction layer atop enterprise data.

This report was written primarily by Andrew Hay with input from 451 Research’s Data Management & Analytics Research Manager, Matt Aslett.

(Read the full report here. A 451 Research subscription is requiredbut a free trial is available available)