TOP

APT Solution That Detects and Blocks Malicious Codes Entering via the Network-Connected File Transmission Segments

ZombieZERO Inspector F

Zombie Zero F detects and blocks malicious codes in files transmitted between an external network and an internal network in connection with a network-linked solution in an environment where the networks are separated. Files are shared (SMB/NFS/Web API, etc.) by a network-linked solution, and it is analyzed by the file APT solution to check for the presence of new malware and malware variants as a way to protect the client/server.

Main Functions

  • Interconnected with Network-Linked Solution
    ·
    A system that analyzes files in connection with a network-linked solution
  • Detection and Isolation of Malicious Codes in Files
    ·
    Analyzes and blocks malicious codes in collected files
    ·
    Multi-faceted malicious code analysis: anti-virus, static YARA, dynamic analysis, reputation analysis, etc.
    ·
    Engine for malicious non-PE files: Hangul, MS Office, PDF, Flash, Image, Media, etc.
    ·
    Delivers the analysis results using a shared folder (SMB/NFS/Web API, etc.)
  • Network Connection Management
    ·
    Can block files or resend the file with the administrator’s approval
    ·
    Provides analysis reports and security event notifications (email, SMS, etc.)
    ·
    Flexible scalability in terms of security (interconnection with APT solutions and EDR, reputation analysis-VirusTotal, etc.)
    ·
    Provides a backup function for logs and settings file (automatic/manual)
    ·
    Provides the Syslog forwarding function for interconnection with security monitoring features (SIEM, ESM)

Characteristics

Threat Detection & Analysis
-
Analyzes the collected files using the file system sharing feature
-
Overcomes the limitations of the conventional signature-based security systems that cannot detect Zero-Day attacks by performing behavior-based analysis
-
Checks the hidden file extension (true extension) and provides an analysis
Interconnection with Network-Linked Solutions
-
Provides a linking system based on the experience of interconnecting the system with diverse network-linked solutions
Global Pattern Updates
-
Provides live domestic updates: interconnected with KISA C-TAS and Ministry of Education, Cyber Security Center (ECSC)
-
Global live update: Antivirus (Bitdefender), VirusSign, VirusTotal
Domestic/International Certifications
-
Domestic/international CC (EAL2) certifications
-
GS certification
Scalability
-
Enables scalability in security with the application of a multi-faceted defense engine
-
Provides an association analysis function through the integration of APT solution products
-
Can set up an identical analytical environment as that of the user through customization
-
Can be interconnected with vaccine engines and reputation analysis services provided by other suppliers
Dedicated Malware Analysis Team
-
Provides more elaborate analysis results through correlation analysis and AI machine learning (supervised and unsupervised learning) using analytical data from each equipment
-
A dedicated malware analysis team makes an immediate response and provides a manual analysis report

Configuration

·
A solution for APT response to files entering an internal network from an external network through a network-linked solution
·
Interconnected with existing network-linked solutions

※ Installed as software on the user’s existing system

Network-Linked Solution Interconnection References


TOP