Qualys buys Nemean Networks for behavior-aware malware detection

The acquisition expands Qualys’ IDS signatures and increases its threat data.

Vulnerability management vendor Qualys Inc. announced the acquisition of Madison, Wisconsin-based Nemean Networks LLC in a deal that could result in faster signatures for attacks identified in the wild.

Nemean Networks’ core technology was developed at the University of Wisconsin (UW)-Madison. The technology automatically generates protocol behavior-aware signatures to identify malicious attack activity. Nemean uses raw attack data from honeynets to develop an attack signature for specific groups of attacks.

Nemean said its technology can capture large-scale malicious activity. It uses an algorithm to conduct Bayesian analysis and detect anomalies or attack patterns in traffic.

The small company wrapped its technology up into what it called a Network Situational Awareness System. The IDS relies on sensors that apply the Nemean signatures to an enterprise’s traffic stream to detect malicious activity.

Qualys said it plans to use the technology to develop Intrusion Detection System (IDS) signatures for Snort and other open source tools. The company now owns exclusive rights to Nemean’s technology including all patents.

Qualys said the technology can identify malicious attack activity with unprecedented accuracy. The technology also includes a Honeynet system, which captures malware attack data that can be shared with the security community.

Paul Barford, CEO and founder of Nemean Networks will become Qualys’ chief scientist.