TOP

ATP Solution That Detects and Blocks Malware Entering via Network Traffic

ZombieZERO Inspector N

ZombieZERO N is a security solution that detects and blocks new malware and malware variants by collecting valid data from the network traffic. URLs, files and other information collected from the network are analyzed using a virtual machine in order to respond to and defend against network APT. Using behavior-based multi-dimensional analysis (anti-virus engine, static YARA, dynamic behavior analysis, reputation analysis), new malware and malware variants that are not yet known are detected, and preemptive response can be made against potential internal threats.

Main Functions

  • Detection/Analysis of Malware and Abnormal Traffic
    ·
    Monitors bilateral network traffic for incoming and outgoing files
    ·
    Collects and analyzes major Internet service protocols (HTTP, HTTPS, SMTP, POP, IMAP, etc.)
    ·
    Multi-dimensional malware analysis: anti-virus, static YARA, dynamic analysis, reputation analysis, etc.
    ·
    Engine for malicious non-PE files: Hangul, MS Office, PDF, Flash, Image, Media, etc.
    ·
    Detects and blocks access to harmful sites and C&C communication
  • Integrated Monitoring and Management
    ·
    Enables monitoring of security status and provides information on major events (malware infiltration or abnormal traffic) via the dashboard
    ·
    Provides information on detailed behavior analysis logs in relation to files, processes, the registry, networks, etc.
    ·
    Provides analysis reports and security event notifications (email, SMS, etc.)
    ·
    Flexible scalability in terms of security (interconnection with APT solutions and EDR, reputation analysis-VirusTotal, etc.)
    ·
    Provides a backup function for logs and settings file (automatic/manual)
    ·
    Provides the Syslog forwarding function for interconnection with security monitoring features (SIEM, ESM)
  • Response to and Treatment of Malware
    ·
    Detects and blocks or isolates malware senders and C&C communication
    ·
    Detects and blocks abnormal traffic (sessions in backward direction, flood, scan, etc.)
    ·
    Redirects connections from malicious URL/IP to a specific page
    ·
    Provides network access history (PCAP) in regard to malicious files

Characteristics

Threat Detection & Analysis
-
Extracts downloaded file/URL information from the network traffic in real time
-
Overcomes the limitations of the conventional signature-based security systems that cannot detect Zero-Day attacks by performing behavior-based analysis
SSL Traffic Analysis
-
Analyzes encrypted traffic (HTTPS) in connection with SSL decryption equipment to detect and block malware
Global Pattern Updates
-
Provides live domestic updates: interconnected with KISA C-TAS and Ministry of Education, Cyber Security Center (ECSC)
-
Global live update: Antivirus (Bitdefender), VirusSign, VirusTotal
Domestic/International Certifications
-
Domestic/international CC (EAL2) certifications
-
GS certification
Scalability
-
Enables scalability in security with the application of a multi-faceted defense engine
-
Provides an association analysis function through the integration of APT solution products
-
Can set up an identical analytical environment as that of the user through customization
-
Can be interconnected with vaccine engines and reputation analysis services provided by other suppliers
Dedicated Malware Analysis Team
-
Provides more elaborate analysis results through correlation analysis and AI machine learning (supervised and unsupervised learning) using analytical data from each equipment
-
A dedicated malware analysis team makes an immediate response and provides a manual analysis report

Configuration

·
Analyzes, detect and blocks malicious codes entering via the network
·
Blocks access from a C&C server or malicious URL through blocked packets

※ Installed as software based on virtualization on the user’s existing system to be used as an APT solution

TOP