Norman has taken malware analysis to the next level with a hybrid sandboxing model.

By integrating the latest virtualization technology with the award winning Norman SandBox, Norman has combined the benefits of code emulation with VM introspection to offer unmatched threat intelligence.

IntelliVM images can be fully customized, giving analysts the ability to analyze any threat type, in any version of any application they choose. IntelliVM can be tailored to match your organizations desktop environments, gathering intelligence on malware targeting your environment and specific application vulnerabilities.


IntelliVM uses Norman’s KernelScout driver, embedding the intelligence observation agent at the lowest level of the system’s kernel. This technology offers several benefits over traditional monitoring techniques, including:

  • Unrivaled transparency into all critical system events
  • Observes intelligence with superior accuracy
  • Faster monitoring accelerates your analysis processes
  • More intelligence by embedding at the lowest level
  • Avoid detection and unnatural malware behavior
  • Security against malicious behavior that may compromise your analysis lab
  • Advanced rootkit monitoring