Ultimate Threat Response with Powerful Visibility
Overview
A complete advanced threat protection solution that delivers fast, truly comprehensive protection against known and unknown malware, zero-day exploits, and targeted attacks
More recent and sophisticated cyber-attacks have targeted organizations by injecting malware or files into web applications and email. The attacks initiate the distribution of malware that passes undetected through conventional security solutions; hence, these are so-called Advanced Persistent Threats(APTs).
However, the response to the ever-evolving malware-based threats has been via ordinary security methods like antivirus, firewall, and intrusion prevention products. Because of this, many organizations remain vulnerable to Advanced Persistent Threats. It’s no secret that these attacks cost a company lost intellectual property, stolen information assets, damage to equipment, and network downtime.
One thing is common to all Advanced Persistent Threats scenarios; although the methods are diverse, all are triggered by malware.
AhnLab MDS (Malware Defense System) is a network sandbox-based APT (Advanced Persistent Threat) protection solution that combines on-premise and cloud-based analytics to defeat advanced targeted threats anywhere across the organization.
AhnLab MDS employs multi-engines that provide signature-based detection, reputation-feed-based detection, and signature-less detection, thereby accurately identifying traditional threats as well as unknown threats and variants that infiltrate via email, the web, and endpoints. It provides rapid malware detection and remediation with real-time blocking of malicious network traffic and dynamic disruption of active security breaches.
– A network sandbox and multi-engine-based threat detection
– Threat visibility empowered by machine learning-based analysis
– Layered response at both networks and endpoints
– Simplified management and rapid response to known and unknown threats
– Automated malware removal and targeted disruption of malware network activity
Features
Today’s advanced targeted malware evades typical security defenses – but not AhnLab MDS.
MDS: Detects and analyzes traffic anomalies
- Inspects and analyzes various Internet service protocols (HTTP, SMTP, SMB/CIFS, and FTP)
- Monitors two-way traffic for inbound and outbound file transmission (IPv4/IPv6)
- Detects and quarantines malicious emails and attached files (available when MTA license is applied)
- Identifies new and unknown malware through sandbox-based dynamic analysis and static detection based on signature and machine learning
- Adopts its exclusive engine for non-PE malware analysis (MS Office, Adobe, and Hancom Office)
- Provides PCAP-based packet capture and PCAP file download for VM analysis process and C&C detection
- Detects and blocks access when an infected PC connects to suspicious websites or C&C server
- Shares behavior analysis results of MDS appliances on the network through MDS Manager and cloud-feed
MDS Manager: Centrally monitors and manages logs from MDS appliances as well as MDS agents
- Provides threat status and events information on the dashboard
- Displays the detected malware and traffic anomalies
- Provides detailed logs on event type, IP address, and behaviors on file, process, registry, and network
- Integrates and manages events and logs detected by MDS appliances deployed on a network segment, email segment, network shared folder segment, etc.
- Distributes behavior analysis results of MDS appliances, thereby preventing analysis duplication among deployed MDS appliances
- Sends alerts and notices to the individual or all host systems that the MDS agent installed
- Configures policies and sends commands to collect suspicious files to the MDS agent
- Interoperates with HR database and AD (Active Directory) to confirm detection and response status on host systems
- Forwards Syslog in CEF and LEEF format
- Interoperates and manages YARA rules
- Provides automatic and manual backup for logs and settings
- Provides various analysis report templates
MDS Agent: Collects and responds to suspicious files in endpoints
- Extracts suspicious files from host systems – Machine-learning technology adopted
- Responds to suspected infected host systems including malware removal, system isolation, etc.
- Detects abnormal processes and conducts Execution Holding on suspicious files
- Restores removed files if necessary
- Provides an integrated agent with V3, AhnLab’s anti-virus product, to enhance endpoint protection
Advantages
AhnLab MDS delivers comprehensive protection through its complete defense process of “Detect-Analyze-Respond-Prevent.”
Cyber Kill Chain-based Response
The latest cyber threats originate from outside networks and exploit known vulnerabilities. It also has become more difficult to identify such malware. AhnLab MDS proactively detects and responds to threats at each stage of the advanced threat lifecycle.
Holistic Response on Both Networks and Endpoints
- Provides an advanced hybrid approach with assembly-level analysis—a hybrid technology of static analysis and dynamic analysis—to detect exploitation
- Blocks harmful URLs and outbound traffic to Internet Relay Chat (IRC) and Command & Control (C&C) servers
- Prevents the execution of suspicious files that attempt to run on the endpoint and blocks or permits the execution depending on the analysis result
- Combats email-based threats that use spear-phishing tactics and evade anti-spam filters
Reduced Burdens of Security Operation and Cost
- Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediates infected systems, and provides ongoing intelligence that benefits all AhnLab customers
- Automatic and manual malware removal and precise checks on abnormal network activity without affecting normal business operations
Deployment
AhnLab MDS can be deployed effectively in accordance with the corporate network environment and security requirements.
Specification
AhnLab provides a full lineup of MDS products that supports all networks ranging from small and medium to enterprise-class.
AhnLab MDS
MDS 4000A | MDS 8000A | MDS 10000A | |
---|---|---|---|
Analysis Capacity | 35,000 samples per day | 90,000 samples per day | 200,000 samples per day |
Agent Count | 700 | 2,000 | 5,000 |
Traffic Throughput | 1 Gbps | 2 Gbps | 5 Gbps |
HDD | 1TB x 2ea. | 1TB x 4ea. | 1TB x 8ea. |
RAID Configuration | RAID 1 | RAID 10 | RAID 10 |
Network Interface |
|
|
<Default>
<Option>
|
Power Supply | 750W Redundant Power | 750W Redundant Power | 750W Redundant Power |
Form Factor | 1U Rack-Mount (19”) | 1U Rack-Mount (19”) | 2U Rack-Mount (19”) |
Chassis Dimensions (WxDxH,mm) | 482 x 721.91 x 42.8 mm | 482 x 721.91 x 42.8 mm | 482.4 x 715.5 x 86.8 mm |
* Note: Performance values vary depending on the system configuration and network environment
AhnLab MDS Manager
AhnLab MDS Manager
5000BR |
AhnLab MDS Manager
10000BR |
||
Agent Count |
Combined Type (Host Controller + Data Viewer) |
2,000 | 5,000 |
Dedicated Type (Host Controller-dedicated) |
5,000 |
10,000 |
|
CPU | 1 * 3.30GHZ, 6Core | 1 * 3.40GHz, 8Core | |
RAM | 32GB | 64GB | |
HDD | 1TB x 2ea., 2TB x 2ea | 2TB x 2ea., 4TB x 2ea | |
RAID Configuration |
RAID 1 |
RAID 1 |
|
Network Interface | 2 x 1GbE Ports (Copper) |
2 x 1GbE Ports (Copper) |
|
Power Supply |
400W Redundant Power | 800W Redundant Power | |
Form Factor |
1U Rack-Mount, 19 inch | 2U Rack-Mount, 19 inch | |
Chassis Dimensions (WxDxH,mm) |
437 x 503 x 43 |
437 x 647 x 89 |
* Data Viewer: Integrated monitoring and log management
* Host Controller: Agent system repair and management
System Requirements for AhnLab MDS Agent
OS Support | |
---|---|
Client PC | Windows XP SP3 or higher / 7 / 8(8.1) / 10 |
Server | Windows Server 2003 SP2 or higher / 2008 / 2012 / 2016 |
* Both 32 and 64-bit are supported for the above OS
Đánh giá
Chưa có đánh giá nào.