Security Insight

Why is Visibility the Key behind Intelligent Threat Response?

  • Date03-14-2018

The biggest cybersecurity issue in 2017 was ransomware without a doubt. While the spotlight on security concerns was taken over by ransomware attacks, advanced persistent threats (APTs) have continually developed in a more persistent manner.


Fortunately, security solutions in response to these growing range of sophisticated APT attacks are also evolving steadily. The solutions have shifted from a network sandboxing response to an integrated response of network and endpoint level. In this regard, Visibility is the key behind an immediate and active response to the diverse entry points of APT attacks. AhnLab has recently released a new version of its APT protection solution, AhnLab MDS (Malware Defense System, hereinafter MDS), with a great broadening of threat visibility.


Visibility determines the success of the response on the complex forms of attacks that are occurring today. It provides quick and accurate identification of the threat including the entry point, type, behavior, and the target. These days, in particular, visibility-based threat responses are required more than ever due to the rise in APT attacks targeting corporations and organizations, and also the rise in ransomware and its variants.



[Figure 1] Three elements of threat visibility


Security threats usually enter the internal systems via applications and services used by both users and the systems of enterprises and organizations. The most typical path of infection is network- such as web, email, file transfer, and shared systems. However, recently, there have been increasing cases of direct infection to endpoint systems via various storage media, such as thumb drives. 


Therefore, in order to quickly detect and respond to intrusions, it is necessary to identify the type and behavior of the threat and also gain a total network threat picture; from the point of entry to the target system.


AhnLab MDS Threat Visibility - What Is Different?

The latest MDS provides a differentiated experience to security administrators with full visibility on attack flow via intuitive dashboard. MDS shows a clear and easy view on malware analyzed by the virtual machine, and also provides a detailed behavior analysis report.


A recommended response against the threat is also provided, as shown in Figure 2. The attack flow chart and detailed analysis report help security administrators gain a clear insight into the network threat and respond to the attack in real-time.



[Figure 2] Recommended countermeasures in accordance with the attack flow


Behavior analysis reports have also been largely improved to deliver more clear and detailed information about the relation between files and processes.



[Figure 3] Reports provided in various languages


Immediate Response Based On Thorough Threat Visibility

For an effective response to threats, a detailed understanding of each malicious file, threat type, and its effects are required. MDS provides Attack Flow on dashboard, which allows users to have an intuitive understanding of the point of entry, status on analysis, and the behavior of threats at a glance. Using the flow, as shown in Figure 4, the security administrator can monitor and measure the event-based detection and analysis status of the entire threat within the organization.



[Figure 4] Intuitive threat trend on dashboard


Recent attacks are using packet splitting or SSL (Secure Sockets Layer) as a method in the attempt to bypass detection by the security solutions. This is why response at the endpoint and threat collection are essential. 


In order to respond from the endpoint, interoperation with agents is needed and a dedicated agent is required for automatic or manual response is a must. MDS is a solution designed and developed considering the interoperations of endpoints and networks to collect threats directly at endpoints as well as making automatic and manual responses through dedicated agents. MDS is able to integrate with V3, AhnLab’s established anti-malware product, to deliver a robust protection and ease burdens of security management and operation. Not only that, MDS is interoperable with your anti-virus products to counter known malware.


If necessary, the administrative pages for actual operations and response processes are also provided so that the security administrator can take additional measures and actions. In addition, agents can be grouped and common and individual policies can be applied to each group such as department or end user levels. With MDS, security administrators can response more effectively against threats using its distinctive threat visibility and easy management features.