TOP

APT Solution That Detects and Blocks Malicious Codes in Emails

ZombieZERO Inspector E

ZombieZERO Inspector E removes malicious codes contained in an email before sending the email to the mail server. The malicious codes included in the email (EML) are removed and the email is then put together again before being sent to the mail server. In the case of new forms of malware attacks such as spear phishing and ransomware, 87% of them use emails to infiltrate the target computer. Zombie ZERO Inspector E is an APT security solution developed specifically for emails to overcome the limitations of the conventional signature-based spam mail solutions that are unable to provide protection against new malware and malware variants. It also provides MTA functions (spam mail blocking, bypass and removal of attachments) to ensure security in using email services.

Main Functions

  • Mail Transfer Agent
    ·
    Provides MTA functions of collecting and delivering collected emails (EML)
    ·
    Blocks spam mails by using spam score
    ·
    Provides an email APT system and MTA system as two-in-one equipment
  • Detection and Isolation of Email-Based Threats
    ·
    Analyzes and blocks malicious codes (file/URL) sent via email
    ·
    Multi-faceted malicious code analysis: anti-virus, static YARA, dynamic analysis, reputation analysis, etc.
    ·
    Engine for malicious non-PE files: Hangul, MS Office, PDF, Flash, Image, Media, etc.
    ·
    Isolates or blocks only the malicious information in spam or spear phishing mails or emails that includes malicious codes
  • Email Management
    ·
    Can store isolated emails or resend the email with the administrator’s approval
    ·
    Can put the email back together after removing the malicious codes
    ·
    Provides BCC (monitoring) and bypass functions
    ·
    Provides analysis reports and security event notifications (email, SMS, etc.)
    ·
    Flexible scalability in terms of security (interconnection with APT solutions and EDR, reputation analysis-VirusTotal, etc.)
    ·
    Provides a backup function for logs and settings file (automatic/manual)
    ·
    Provides the Syslog forwarding function for interconnection with security monitoring features (SIEM, ESM)

Characteristics

Threat Detection & Analysis
-
Detects and blocks malicious codes in emails collected
-
Overcomes the limitations of the conventional signature-based security systems that cannot detect Zero-Day attacks by performing behavior-based analysis
Integration of MTA Functions and Email APT Solutions
-
Enhances convenience by setting up a two-in-one system (MTA and email APT solution) so that the administrator can perform the management tasks using a single web GUI
Global Pattern Updates
-
Provides live domestic updates: interconnected with KISA C-TAS and Ministry of Education, Cyber Security Center (ECSC)
-
Global live update: Antivirus (Bitdefender), VirusSign, VirusTotal
Domestic/International Certifications
-
Domestic/international CC (EAL2) certifications
-
GS certification
Scalability
-
Enables scalability in security with the application of a multi-faceted defense engine
-
Provides an association analysis function through the integration of APT solution products
-
Can set up an identical analytical environment as that of the user through customization
-
Can be interconnected with vaccine engines and reputation analysis services provided by other suppliers
Dedicated Malware Analysis Team
-
Provides more elaborate analysis results through correlation analysis and AI machine learning (supervised and unsupervised learning) using analytical data from each equipment
-
A dedicated malware analysis team makes an immediate response and provides a manual analysis report

Configuration

·
Detects and blocks malicious codes in emails
·
Removes the malicious codes (URL/attachments) before delivering the email

※ Installed as software on the user’s existing system

TOP