회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

Notice

Title Date
National Univ. Hospital Introduced Anti-APT Solution by NPCore
  • Protect hospital’s network and endpoint from advanced cyberattacks
NPCore (CEO Seung-chul Han) announced that it provided the APT(Advanced Persistent Threat) attack response solution to the national university hospital to defend against recently increasing cyberattacks targeting hospitals and medical institutions. This year, there were a lot of cybersecurity incidents where the weaknesses of information security of domestic medical institutions were revealed. In April, medical institutions including famous university hospital were attacked by Deface, and earlier in January, Cryptojacking (malware for cryptocurrency mining) was carried to the hospital. Photo by rawpixel on Unsplash

Photo by rawpixel on Unsplash

On the other hand, APT attack and Ransomware solution 'ZombieZERO Inspector' delivered by NPCore to university hospital can cope with new and variant malware which is difficult to cope with vaccine and prevent damage due to intelligent attack. ZombieZERO Inspector configures the same sandbox environment as user PC environment to provide detection results after malicious behavior monitoring and analysis. It collects packets on the network and performs analysis of four stages of signature and behavior based analysis. It supports analysis of various document formats such as PE file (DLL, EXE), compressed file, MS-Office, HWP and PDF. It also analyzes the outbound and inbound URLs and IP access patterns to double detect and block C&C server and malware access. The malware detection rate can be further improved by additionally introducing ZombieZERO EDR(Endpoint Detection & Response), an endpoint APT attack defense solution. ZombieZERO products link and analyze network information with agent analysis information of endpoint. Last year, the National Hospital introduced 'ZombieZERO EDR for Server' to protect the server. It holds the execution of malware and detects it through a behavior-based engine in the sandbox, preventing infection in advance, and responding to encryption and latent malware attacks that bypass the network security system. Interworking with new Ministry of Education Cyber Security Center (ECSC) is one of the main reasons why NPCore's APT solution has been adopted. ZombieZERO Inspector is an integrated hardware that passes the ECSC "MTM / ETM Standard Interoperability Specification" test. "Through this project, we have blocked the influx of new malware into the university hospital system and established an active defense system that can detect and block zero-day attacks and existing security system bypass attacks in real time," said CEO of NPCore.
2018.12.21

NPCore participated in 'ISEC 2017' ... 'EDR for Server' was debuted and demonstrated

Author
admin
Date
2017-09-10 17:05
Views
981

[Picture : NPCore participated in 'ISEC 2017' held in COEX from Sep. 5th ~ 6th to show 'ZombieZERO EDR for Server', new product for server security. NPCore's sales manager Lee, Gun-Woong was watching the demo video and explaining new products to VIPs composed of gov. officials.]

Recently in Korea, there was the biggest security incident that the servers of Korean hosting company were attacked by the variant Ransomware.
So the sense of crisis for Ransomware has raised and security measures and security awareness of gov. agencies and enterprises have been further strengthened.
As a result, NPCore(CEO Han, S.C.) first introduced its new server security product, 'ZombieZERO EDR for Server' at the '11th International Security Conference (ISEC 2017)' held on Sep. 5 ~ 6.The 11th annual ISEC is the largest cyber security conference event in Korea.

In this event, NPCore showed and demonstrated 'ZombieZERO EDR for Server', which is the Whitelist-based APT / Ransomware response solution installed on the server and is aimed at the security manager of gov. agencies and enterprise along with Nicstech, Secucen and CoreInfra.

NPCore is specialized in defense solution against unknown APT and Ransomware and provides two-level defense on network and endpoint based on behavior.

Existing security solutions (signature-based Anti-virus) cannot respond against APT (targeting malware) and new / variant Ransomware such as WannaCry and Petya, and traditional Sandbox technology is vulnerable to malware bypassing virtual machine, new and variant Ransomware and attack through encryption section (SSL communication).
To overcome these limitations, the importance of EDR (End Point Detection & Response) technology has been highlighted.

In line with this, NPCore released 3 security products for endpoints (▲ ZombieZERO EDR for APT- Endpoint Security against APT, ▲ ZombieZERO EDR for Ransomware- Endpoint Security against Ransomware, ▲ ZombieZERO SECaaS (Security as a Service)- Cloud type Security)
And NPCore recently released 'ZombieZERO EDR for Server' due to the biggest recent server's security incident and built it up in the OO Broadcasting Station.

ZombieZERO EDR for Server is installed on the Windows server and blocks the execution of new/variant malwares in real time through the whitelist-based execution holding function. And it analyzes/detects known and unknown malwares through the central analyzer (ZombieZERO Inspector) to make the system execute only secure file.

[Operation sequence of 'Zombie Zero EDR for Server']

1) Server access → Blocking execution of processes not registered on the whitelist.
2) EXE file analysis :  Malicious file is blacklisted and isolated. / Normal file is added to Whitelist.
3) If the analysis result proved to be normal, the file is executed normally and you can check it. / If malicious file, the EXE file is blocked by EDR.



[Picture: NPCore's director Kim, Mu-Jeong was giving a speech on 'APT and Ransomware Defense System centered on endpoint utilizing advantage of Sandbox' at conference room A of COEX on Sep. 5.]

On the first day of the conference, NPCore's director Kim, Mu-Jeong gave a speech on 'APT and Ransomware Defense System centered on endpoint utilizing advantage of Sandbox'.
Mr. Kim proposed the direction of Ransomware blocking technology and proceeded real time Q & A via Facebook.
After the speech, many people came to the exhibition booth and asked many additional questions.
WannaCry Ransomware blocking demo video and demonstration were also conducted at the booth and led the response.

NPCore, CEO Han, Seung-chul said, "Many people from various companies including gov. agencies, military, media companies, and SI companies consulted and asked for a follow-up visit and proposal. So we were able to confirm positive responses to EDR products and achieve business results more than expected."