AhnLab MDS

Overview

​A complete advanced threat protection solution that delivers fast, truly comprehensive protection against known and unknown malware, zero-day exploits, and targeted attacks​

More recent and sophisticated cyber-attacks have targeted organizations by injecting malware or files into web applications and email. The attacks initiate the distribution of malware that passes undetected through conventional security solutions; hence, these are so-called Advanced Persistent Threats(APTs).

However, the response to the ever-evolving malware-based threats has been via ordinary security methods like antivirus, firewall, and intrusion prevention products.
Because of this, many organizations remain vulnerable to Advanced Persistent Threats. It’s no secret that these attacks cost a company via lost intellectual property, stolen information assets, damage to equipment, and network downtime.

One thing is common to all Advanced Persistent Threats scenarios; although the methods are diverse, all are triggered by malware.

AhnLab MDS (Malware Defense System) is a network sandbox based APT (Advanced Persistent Threat) protection solution that combines on-premise and cloud-based analytics to defeat advanced targeted threats anywhere across the organization.

AhnLab MDS employs multi-engines that provide signature-based detection, reputation-feed based detection, and signature-less detection, thereby accurately identifying traditional threats as well as unknown threats and variants that infiltrate via email, the web, and endpoints. It provides rapid malware detection and remediation with real-time blocking of malicious network traffic and dynamic disruption of active security breaches. ​ 

- A network sandbox and multi-engine based threat detection

- Threat visibility empowered by machine learning based analysis

- Layered response at both networks and endpoints

- Simplified management and rapid response to known and unknown threats

- Automated malware removal and targeted disruption of malware network activity

Resources

[Insight] Acknowledged Unknown Threat Detection Effectiveness by ICSA Labs Read More >

[White Paper] Best Practical Response against Ransomware Download >

[White Paper] Invasion of Malware Evading the Behavior-based Analysis  Download >

Features

​Today’s advanced targeted malware evades typical security defenses – but not AhnLab MDS.

MDS: Detects and analyzes traffic anomalies

- Inspects and analyzes various Internet service protocols (HTTP, SMTP, SMB/CIFS, and FTP)

- Monitors two-way traffic for inbound and outbound file transmission (IPv4/IPv6)

- Detects and quarantines malicious emails and attached files (available when MTA license is applied)

- Identifies new and unknown malware through sandbox-based dynamic analysis and static detection based on signature and machine learning

- Adopts its exclusive engine for non-PE malware analysis (MS Office, Adobe and Hancom Office)

- Provides PCAP-based packet capture and PCAP file download for VM analysis process and C&C detection

- Detects and blocks access when an infected PC connects to suspicious websites or C&C server

- Shares behavior analysis results of MDS appliances on the network through MDS Manager and cloud-feed

MDS Manager: Centrally monitors and manages logs from MDS appliances as well as MDS agents

- Provides threat status and events information on dashboardt

- Displays the detected malware and traffic anomalies 

- Provides detailed logs on event type, IP address and behaviors on file, process, registry, and network

- Integrates and manages events and logs detected by MDS appliances deployed on network segment, email segment, network shared folder segment, etc. 

- Distributes behavior analysis results of MDS appliances, thereby preventing analysis duplication among deployed MDS appliances

- Sends alerts and notices to the individual or all host systems that MDS agent installed

- Configures policies and sends command to collect suspicious files to MDS agent

- Interoperates with HR database and AD (Active Directory) to confirm detection and response status on host systems

- Forwards syslog in CEF and LEEF format 

- Interoperates and manages YARA rules

- Provides automatic and manual backup for logs and settings

- Provides various analysis report templates

MDS Agent: Collects and responds to suspicious files in endpoints

- Extracts suspicious files from host systems – Machine-learning technology adopted

- Responds to suspected infected host systems including malware removal, system isolation, etc.

- Detects abnormal process and conducts Execution Holding on suspicious files

- Restores removed files if necessary

- Provides an integrated agent with V3, AhnLab’s anti-virus product, to enhance endpoint protection

Advantages

​AhnLab MDS delivers comprehensive protection through its complete defense process of “Detect-Analyze-Respond-Prevent.”​

Cyber Kill Chain-based Response

​- Provides an advanced hybrid approach with assembly-level analysis—a hybrid technology of static analysis and dynamic analysis—to detect exploitation

- Blocks harmful URLs and outbound traffic to Internet Relay Chat (IRC) and Command & Control (C&C) servers

- Prevents the execution of suspicious files that attempt to run on endpoint and blocks or permits the execution depending on the analysis result

- Combats email-based threats that use spear phishing tactics and evade anti-spam filters

- Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediates infected systems, and provides ongoing intelligence that benefits all AhnLab customers

- Automatic and manual malware removal and precise checks on abnormal network activity without affecting normal business operations​

Deployment

AhnLab MDS can be deployed effectively in accordance with corporate network environment and security requirements.

Specifications

AhnLab provides a full lineup of MDS products that supports all networks ranging from small and medium to enterprise-class.

AhnLab MDS

* Note: Performance values vary depending on the system configuration and network environment

AhnLab MDS Manager