Security Insight

AhnLab MDS, Acknowledged by ICSA Labs for Advanced Threat Defense

  • Date11-18-2019

AhnLab MDS (Malware Defense System) passed the 2019 Q3 Advanced Threat Defense (ATD) Certification Testing by ICSA Labs, a global security solution testing and certification organization, with outstanding results in all criteria.


▲ AhnLab MDS Certified by ICSA Labs for ATD


ICSA Labs tested the detection capabilities of AhnLab MDS for new or little-known threats, which are commonly undetectable by security solutions. Tested threat vectors included email attachments, remote injection, email links, web drive-by, web downloads, and direct install, which are all common causes of enterprise breach, as highlighted by ISCA Labs. ICSA Labs utilized malicious samples in addition to generating new legitimate executables themselves for running tests on innocuous applications. 


Near perfection unknown threat detectability

ICSA Labs tested AhnLab MDS for its detection capabilities with 879 samples during a mix of 1517 test run in the 32-day test cycle. AhnLab MDS detected 99.1% of the malicious threats it encountered during testing, which exceeds the required criteria for the ATD certification. ICSA Labs emphasized that, “All but seven days during the 32-day test cycle, AhnLab MDS scored 100% effectiveness for detecting new and little-known threats.”


Figure 1. AhnLab MDS Threat Detection by Day of Test Cycle (*Source: ICSA Labs 'ATD Certification Testing Report'. Q3 2019)


AhnLab MDS (Malware Defense System) is a network sandbox based APT (Advanced Persistent Threat) protection solution with hybrid-cloud analytics. AhnLab MDS provides signature-based, reputation-based, and behavioral-based detection by employing on-premise multi-engine with cloud-based analytics. It conducts a thorough scan to detect document-based malware, which is so-called malicious non-PE files with its Dynamic Intelligent Content Analysis (DICA) engine. 


AhnLab provides thorough visibility on all endpoint threats via an integrated dashboard. It also provides dynamic analytics of email attachments in the sandbox and performs signature-based and reputation-based analytics on malicious URL or script included in e-mails. Moreover, AhnLab MDS takes proactive measures, such as finding abnormal network traffic and blocking it, and detecting suspicious files and enabling Execution Holding (EH). EH is especially useful when it comes to preventing new malware or internal spread.


Figure 2. AhnLab MDS Threat Detectability


How AhnLab MDS reduces the burden of security administrators

How AhnLab MDS reduces burdens of security administrators ICSA Labs conducted a false positive (FP) test on AhnLab MDS with 638 innocuous applications that it launched for this exact test. Misclassifying normal files as malicious, thus triggering an alert, could not only result in an operational and financial burden but it could also take time away from critical security issues that really needs attention. AhnLab MDS recorded zero false positives for 638 innocuous apps, as shown in Figure 3.


Figure 3. Zero Alerts on Innocuous Apps (*Source: ICSA Labs 'ATD Certification Testing Report'. Q3 2019)


ICSA Labs Advanced Threat Defense Report stated, “AhnLab MDS passed all the test cases to attain ICSA Labs Advanced Threat Defense Certification. The solution was very effective at detecting malware across various malware types and malware families.”


To learn more about AhnLab MDS, visit