logo

TOP

An APT solution that detects and blocks malware entering via user segments such as computers and servers

EDR (ZombieZERO EDR)

This is a security solution in the form of an agent that detects and blocks attacks from ransomware, new malware and malware variants occurring in the user segments such as computers and servers. EDR (ZombieZERO EDR) is installed on the client/server to detect and block attacks via USB, Wi-Fi, Build, Share Folder and encrypted compression that bypass the mail/email/network connections.

Diverse options such as Anti-Virus, Holding, Ransomware, Backup and None
Integration and scalability possible by linking with existing APT solutions

Main Functions

  • Malware Detection & Analysis Based on Virtual Machine
    ·
    Detects and blocks malware based on a virtual machine instead of the signature for more effective response against Zero-Day attacks
    ·
    Blocks illegal actions through the endpoint behavior-based engine
  • System Stability and Interconnection
    ·
    It is installed on the kernel driver end instead of at the application level to prevent collision with other programs for system stability and to minimize the use of computer resources.
    ·
    It can be interconnected with other security products (vaccine, etc.) installed at the endpoint to set up a dual defense system.
    ·
    It is capable of responding to malware attacks targeting the vulnerabilities of document editing programs such as MS Office and Adobe Reader, web browsers such as Internet Explorer, Firefox and Chrome and other major programs such as media players and messengers.
  • Execution-pending
    ·
    Files transmitted via SSL and encrypted communication are requested to be analyzed via execution-pending process.
    ·
    It is capable of analyzing downloaded files with or without any actions taken by the user (runs only safe files).
    ·
    It is possible to look up the analysis/blocked status of files whose execution has been pending.
  • Data Backup
    ·
    The user data are backed up on the local drive or NAS/Cloud.
    ·
    Back up data (real-time/schedule management) and support a variety of features (such as instant backup, version management, etc.)
    ·
    Cloud environment support: It is possible for the user to access the data using various devices anytime, anywhere to load the backed-up data (optional).
  • Whitelisting
    ·
    It provides a greylisting function to continually track and manage even normal data.
    ·
    It provides an execution-pending function for malware in a portable executable (PE) file under analysis.
    ·
    It controls file execution based on the whitelist policy.
    ·
    A policy optimized for the user can be established through group management.

Characteristics

Diverse User Notification Features
-
Sends a message to the user upon malware detection, blocking, isolation or restoration
-
Can configure backup and exclusion criteria settings with the administrator’s approval
Enhanced Detection Capability Based on Virtual Machine
-
Real-time detection and blocking of malware and suspicious files
-
Capable of responding to suspicious scripts, privilege escalation and code injection, and other attempts to exploit vulnerabilities.
Integrated Threat Intelligence Service
-
Capable of identifying and classifying malware based on AI analysis and multi-dimensional analysis and providing detailed threat intelligence
Endpoint Security Solution Management with a Single Integrated Manager
-
Capable of collecting and analyzing information on threats occurring at the endpoint in a stable and efficient manner

Configuration

·
Detects and blocks malware and APT in user segments such as computers and servers
·
Can add new functions such as vaccine and backup and operate with various other security solutions

※ ZombieZERO EDR can be set up and operated in two ways: on-premise or cloud

Data Backup Methods (2 Types)

·
Choose between storing the backed-up data on a local drive or on the central storage server


TOP