Network Protection

Network Protection

A comprehensive, high performance security appliance that helps organizations protect critical IT infrastructure against cyber threats, Norman delivers the most effective protection available for enterprise networks.

The Solution

Highly scalable and simple to deploy,  NNP exposes threats by rapidly scanning multiple protocols on the wire – including email attachments - using signatures and sandboxing to automatically detect and block malicious traffic.

Deploy in-line or out-of-band

Implement NNP flexibly to meet your needs. Prevent known malware from entering your network by placing NNP in-line at each point of network ingress, or use NNP to monitor network traffic on a mirror port on a switch and receive alerts only when malware is detected.  

Malware scanned and blocked across multiple protocols

NNP serves as a fast, automatic detector of malware entering your network.  By scanning multiple protocols, using signatures and sandboxing to determine if something is malicious, NNP can identify known threats and assess the risks of advanced threats.  This risk assessment determines the level of threat posed by the sample and mitigates future attacks.  NNP also serves as an incoming mail proxy that blocks, quarantines, or forwards suspicious email prior to delivery.

Collect suspicious files for deep analysis using MAG2

If you wish to conduct deeper malware analysis, NNP serves as an efficient collector of potential threats by employing Norman’s industry leading Malware Analyzer G2 (MAG2).  Leveraging NNP’s multiple-protocol scanning capabilities, samples can be quickly delivered to MAG2 for surface, behavioral and dynamic analyses. Thus, NNP assists overall collection efforts and broader malware analysis processes.

Use MAG2 detection patterns to block future malware attacks

Once detailed analysis has been produced by Malware Analyzer G2 and previously unknown malware has been identified, specific detection patterns for the malware are then fed back to NNP, blocking future attacks and continuously improving IT security defenses.

NEW - Now with Norman Scanner Engine 7 (NSE7) NNP includes Norman’s highest performance scanning engine, NSE7, delivering new file detection capabilities, integrated Norman SandBox® functionality, smaller update files, and a rapid response platform to add new functionality as the threat landscape evolves.

Key Benefits

  • Turnkey Solution: Self-contained anti-malware appliance with everything you need to protect networks against malware.
  • Comprehensive Protection: Extensive list of protocols scanned and file types supported, since malware takes many forms and many paths.
  • High Performance: Ultra-fast high throughput scanning up to 6Gbps nominal traffic on 10Gbps interfaces.
  • Malware Prevention: When NNP detects a malicious file in transfer on your network, it actively terminates the file transfer and blocks the specific network path to prevent other users or systems from accessing the same file.
  • Configurable Scanning: Balance speed vs. depth of inspection by choosing to Bypass, Block, Minimal Scan, Medium Scan or Full Scan for each protocol. In addition, Norman SandBox scan is always on, providing powerful detection capabilities.
  • High Availability: Supports multiple fail-over options for high-availability networks, enabling organizations to survive system or application failures with no discernible interruption to business-critical applications.
  • Low Latency: Traditional proxy solutions typically involve latency in data traffic by holding back a stream of files, while NNP avoids this problem by only holding back the necessary data needed to perform a malware scan.
  • Flexible Deployment:  Deploy in-line as malware prevention or out-of-band to monitor and alert when malware is detected. Use as standalone network protection or in conjunction with Norman Malware Analyzer G2 (MAG2).
  • URL blocking: Prohibits access to unwanted web sites, preventing user exposure to threats and inappropriate content.
  • Transparent: Operates transparent to IP traffic on Layer 2 with no network IP reconfiguration – ready to use out of the box.
  • Enhanced Security: Detects deep malware intrusions that other solutions miss, preventing spreading on traditional Internet protocols and common network protocols including Windows File Sharing.


  • Deployable anywhere in the network
  • Highly scalable platform
  • Mirror port / SPAN port support
  • Supports network cards up to 10Gbps with scanning up to 6Gbps
  • Supports up to 4,096 VLANs
  • High availability solution and built-in redundancy with failover NIC
  • Remote API for configuration, status, and reporting information, including batch configuration of multiple NNPs
  • High availability solution and built-in redundancy with failover NIC
  • Mail proxy to scan and block / quarantine / forward suspicious inbound email prior to delivery

Malware Scanning:

  • Real-time malware scanning of network traffic
  • Unmatched protocol scanning capabilities include HTTP, SMTP, POP3, IMAP4, RPC, FTP, TFTP, IRC file transfers, and Windows file sharing (CIFS/SMB/SMB2); Block MSN and BitTorrent protocols
  • Extensive files scanning support now includes Windows x64 (PE32+),
  • Apple binaries (Mach-O), and .NET binaries
  • Remote application programming interface (API)
  • Malware source detection and isolation
  •  Automatic scan engine and signature update

Additional Features:

  • Optional blocking of MSN traffic and BitTorrent protocol
  • Customizable content / URL blocking
  • Multi-tiered traffic blocking or exclusion based on IP-address, MAC address or VLAN ID
  • Powerful integration and workflow support with remote API alerting via SMTP/mail, remote syslog, and SNMP


Comprehensive Network Protection with Malware Analyzer G2

When Norman Network Protection (NNP) is deployed with the Malware Analyzer G2 (MAG2), the interception and discovery of malicious files in your network is simplified. NNP collects files on the wire, detects known malware and delivers payloads from unknown threats to the MAG2 for deep malware analysis. Once analysis is completed in MAG2, security teams have actionable intelligence to remediate the damage from the malware. In addition, MAG2 provides NNP with detection criteria for the malware so that future attacks can be blocked.


Certifications & Awards