Security Blog

Thomas Quinlan's picture
Written by
Thomas Quinlan
In the two previous posts explaining why one should trust Blue Coat for malware analysis, I outlined the thirty year history of antivirus and antimalware that Blue Coat bought with Norman Shark. I also outlined how the customisation available in the virtualisation stack and pattern detection allows for the detection of malware that may even be so specific as to target only your organisation. These two factors alone would be a compelling argument; however
Thomas Quinlan's picture
Written by
Thomas Quinlan
In this series, we’ve looked at how Blue Coat acquired Norman Shark, thereby acquiring not only the technology of the company, but also the people in Norway who specialise in antivirus and antimalware. With the company’s thirty year history, and the expertise behind the product, the acquisition was strategic and valuable. We focused on the people in the first column; today and tomorrow we’re going to focus on the technology. In the executive summary, we noted that one of the specific things that would allow third parties to trust Blue Coat for malware analysis is customisability, and specifically, in two areas: the customised virtual environments and the pattern detection.
Thomas Quinlan's picture
Written by
Thomas Quinlan

This is an expansion of the various reasons as to "Why Trust Blue Coat for Malware Analysis?" executive summary.

Andrew Brandt's picture
Written by
Andrew Brandt, Joe Levy

In a previous blog post, I wrote about a Berkeley Packet Filter (BPF) rule that was able to detect a specific version of the attack methodology employed by the proof-of-concept attack.

Thomas Quinlan's picture
Written by
Thomas Quinlan

I was recently at InfoSec here in London, and a colleague of mine mentioned that a prospective client of the Malware Analysis Appliance seemed impressed with the solution, but towards the end of the conversation asked “In the long run though, why should I trust Blue Coat’s malware analysis?”