회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

Notice

Title Date
National Univ. Hospital Introduced Anti-APT Solution by NPCore
  • Protect hospital’s network and endpoint from advanced cyberattacks
NPCore (CEO Seung-chul Han) announced that it provided the APT(Advanced Persistent Threat) attack response solution to the national university hospital to defend against recently increasing cyberattacks targeting hospitals and medical institutions. This year, there were a lot of cybersecurity incidents where the weaknesses of information security of domestic medical institutions were revealed. In April, medical institutions including famous university hospital were attacked by Deface, and earlier in January, Cryptojacking (malware for cryptocurrency mining) was carried to the hospital. Photo by rawpixel on Unsplash

Photo by rawpixel on Unsplash

On the other hand, APT attack and Ransomware solution 'ZombieZERO Inspector' delivered by NPCore to university hospital can cope with new and variant malware which is difficult to cope with vaccine and prevent damage due to intelligent attack. ZombieZERO Inspector configures the same sandbox environment as user PC environment to provide detection results after malicious behavior monitoring and analysis. It collects packets on the network and performs analysis of four stages of signature and behavior based analysis. It supports analysis of various document formats such as PE file (DLL, EXE), compressed file, MS-Office, HWP and PDF. It also analyzes the outbound and inbound URLs and IP access patterns to double detect and block C&C server and malware access. The malware detection rate can be further improved by additionally introducing ZombieZERO EDR(Endpoint Detection & Response), an endpoint APT attack defense solution. ZombieZERO products link and analyze network information with agent analysis information of endpoint. Last year, the National Hospital introduced 'ZombieZERO EDR for Server' to protect the server. It holds the execution of malware and detects it through a behavior-based engine in the sandbox, preventing infection in advance, and responding to encryption and latent malware attacks that bypass the network security system. Interworking with new Ministry of Education Cyber Security Center (ECSC) is one of the main reasons why NPCore's APT solution has been adopted. ZombieZERO Inspector is an integrated hardware that passes the ECSC "MTM / ETM Standard Interoperability Specification" test. "Through this project, we have blocked the influx of new malware into the university hospital system and established an active defense system that can detect and block zero-day attacks and existing security system bypass attacks in real time," said CEO of NPCore.
2018.12.21

A broadcasting station decided to install 'EDR for Server', security product for server of NPCore.

Author
admin
Date
2017-08-25 18:48
Views
951

Korean broadcasting station A, a comprehensive programming channel, decided to adopt ZombieZERO EDR for Server, a cyber security product for server of NPCore (CEO. Han, Seung Chul) on August 14.


In June, Korean hosting company's servers were attacked by 'Erebus' Ransomware, so the company paid for the biggest damage in Korea, 1.3 billion won, to restore the encrypted data, but some data of the damaged hosting servers is not restored.

'Erebus' Ransomware is a variant malware that combines APT (targeting malware) and Ransomware attacking server.

Due to the large-scale incident that Ransomware attacked the server, the Korean companies operating the server had sense of crisis and and felt keenly the necessity of countermeasures.

The Korean broadcasting station A was considering this countermeasure, and recently its server was attacked by Ransomware. Fortunately they reponded properly in the early stages, so the damage did not spread, but they rushed to take measures to protect their servers from Ransomware in earnest.

The broadcasting station A proposed PoC (Proof of Concept, Pre-test of performance) to some companies that can perform the required function (whitelist-based cyber security solutions for server). Finally, three companies(NPCore, A and C company) participated in the first and second PoC. The first PoC was held on July 13 and the second PoC was held on August 2.

As a result, the performance of the "ZombieZERO EDR for Server" product of NPCore was selected as the top priority negotiator by winning the highest score in the first and second PoC.

"ZombieZERO EDR for Server" is installed on the Windows Server and blocks the execution of new/variant malwares in real time through the whitelist-based execution holding function. And it analyzes/detects known and unknown malwares through the central analyzer (ZombieZERO Inspector) to make the system execute only secure file.

Image : System Block Diagram of “ZombieZERO EDR for Server”