AhnLab MDS

Ultimate Threat Response with Powerful Visibility

  • An advanced threat protection solution that delivers fast, truly comprehensive endpoint and network protection against known and unknown malware
  • Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediate infected systems
  • Blocks outbound traffic to Internet Relay Chat (IRC), C&C servers & harmful URLs
 

TẢI XUỐNG: Brochure Whitepaper

 

A complete advanced threat protection solution that delivers fast, truly comprehensive endpoint and network protection against known and unknown malware, zero-day exploits, and targeted attacks

More recent and sophisticated cyber-attacks have targeted organizations by injecting malware or files into web applications and email. The attacks initiate the distribution of malware that passes undetected through conventional security solutions; hence, these are so-called Advanced Persistent Threats(APTs).

However, the response to the ever-evolving malware-based threats has been via ordinary security methods like antivirus, firewall, and intrusion prevention products. Because of this, many organizations remain vulnerable to Advanced Persistent Threats. It’s no secret that these attacks cost a company via lost intellectual property, stolen information assets, damage to equipment, and network downtime.

One thing is common to all Advanced Persistent Threats scenarios; although the methods are diverse, all are triggered by malware.

AhnLab MDS (Malware Defense System) is a complete APT protection solution that combines on-premise and cloud-based analytics to defeat advanced targeted threats anywhere across the organization. It provides rapid malware recognition and remediation with real-time blocking of malicious network traffic and dynamic disruption of active security breaches.

AhnLab MDS delivers such comprehensive protection through its complete defense process of “Detect-Analyze-Respond-Prevent”.

 

Threat Detection and Analysis

  • Inspects and analyzes various Internet service protocols (HTTP, SMTP, SMB/CIFS and FTP)
  • Monitors two-way traffic for inbound and outbound file transmission
  • Analyzes new and unknown malware in virtual machine
  • Provides PCAP-based packet capture and PCAP file download for VM analysis process and C&C detection
  • Detects and blocks access when an infected PC connects to harmful websites or C&C server

Email-based Threat Prevention (MTA mode)

  • Automatically detects and quarantines malicious or suspicious emails
  • Conducts VM-based dynamic analysis for email attachment
  • Conducts multi-dimensional analysis for suspicious URLs and x-scripts contained in email body
  • Quarantined emails can be released by administrator

* MTA mode is available when applying the MTA license.

Threat Response and Repair

  • Automatically or manually repairs (malware removal) and isolates infection-suspicious host systems
  • Conducts ‘Execution Holding’ of a suspicious file (PE file) until analysis is completed and confirmed safe
  • Extracts suspicious files from suspicious host systems

Integrated Monitoring and Log Management  

  • Provides security status and events information on dashboard
  • Provides malware introduction and abnormal traffic occurrence status in real-time
  • Provides detailed logs on event type, IP address and behaviors on file, process, registry and network
  • Provides various analysis report templates
  • Expandable server farm for flexible application by increasing/decreasing agents
  • Interoperates with AD(Active Directory) to provide user information
  • Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediate infected systems
  • Provides an advanced hybrid approach with assembly-level analysis—a hybrid technology of static analysis and dynamic analysis—to identify zero-day exploits of applications such as MS Office and Adobe Acrobat Reader
  • Observes OS changes by malware in Virtual Machine
  • Blocks outbound traffic to Internet Relay Chat (IRC), C&C servers & harmful URLs
  • Remove malware (automatically & manually) & checks on abnormal network activity with minimal impact on normal business operations
  • Prevents the execution of suspicious files that attempt to run on endpoint PCs
  • Combats email-based threats that use spear phishing tactics and evade anti-spam filters

AhnLab provides a full lineup of MDS products that supports all networks ranging from small and medium to enterprise-class.

AhnLab MDS

AhnLab MDS 4000 AhnLab MDS 8000 AhnLab MDS 10000
Analysis Performance 35,000 files per day 90,000 files per day 200,000 files per day
User Count 700 2,000 5,000
Traffic Throughput 800 Mbps 1.5 Gbps 4 Gbps
HDD 2 TB 4 TB 8 TB
Interface 1G Copper * 4 EA
1G/10G Fiber * 4 EA
1G Copper * 4 EA
1G/10G Fiber * 4 EA
1G Copper * 2 EA
1G/10G Copper * 4 EA
1G/10G Fiber * 6 EA
Power Supply 550W Redundant Power (dual) 550W Redundant Power (dual) 750W Redundant Power (dual)
Enclosure 1U, 19 inch 1U, 19 inch 2U, 19 inch
Chassis Dimensions
(WxDxH,mm)
482.4 x 676.9 x 42.8 482.4 x 676.9 x 42.8 482.4 x 723.0 x 87.3

AhnLab MDS Manager

MDS Manager 5000AR MDS Manager 10000AR
User Count Combined Type (DV + HC) 2,000 5,000
Dedicated Type 5,000 10,000
(Host Controller)
HDD 6 TB 12 TB
RAID RAID 1 RAID 1
Interface 2 x 1GbE Ports (Copper) 2 x 1GbE Ports (Copper)
Power Supply 500W Redundant Power 740W Redundant Power
Rack Mount 1U, 19 inch 2U, 19 inch
Chassis Dimensions (WxDxH,mm) 437 x 508 x 43 427 x 648 x 89
Deployment Options Host Controller + Data Viewer
Data Viewer
Host Controller
  • MPS : Message Per Second
  • DV: Data Viewer – Integrated monitoring and log management
  • HC: Host Controller – Agent repair and management

※ Note: Performance values vary depending on the system configuration and network environment

System Requriements for AhnLab MDS Agent

Client PC Server
OS Support Windows XP SP2 or higher / 7 / 8(8.1) / 10 Windows Server 2003 / 2008 / 2012
  • Vietnamese
  • English