AhnLab MDS
Ultimate Threat Response with Powerful Visibility
A complete advanced threat protection solution that delivers fast, truly comprehensive protection against known and unknown malware, zero-day exploits, and targeted attacks
More recent and sophisticated cyber-attacks have targeted organizations by injecting malware or files into web applications and email. The attacks initiate the distribution of malware that passes undetected through conventional security solutions; hence, these are so-called Advanced Persistent Threats(APTs).
However, the response to the ever-evolving malware-based threats has been via ordinary security methods like antivirus, firewall, and intrusion prevention products. Because of this, many organizations remain vulnerable to Advanced Persistent Threats. It’s no secret that these attacks cost a company via lost intellectual property, stolen information assets, damage to equipment, and network downtime.
One thing is common to all Advanced Persistent Threats scenarios; although the methods are diverse, all are triggered by malware.
AhnLab MDS (Malware Defense System) is a network sandbox based APT (Advanced Persistent Threat) protection solution that combines on-premise and cloud-based analytics to defeat advanced targeted threats anywhere across the organization.
AhnLab MDS employs multi-engines that provide signature-based detection, reputation-feed based detection, and signature-less detection, thereby accurately identifying traditional threats as well as unknown threats and variants that infiltrate via email, the web, and endpoints. It provides rapid malware detection and remediation with real-time blocking of malicious network traffic and dynamic disruption of active security breaches.
- A network sandbox and multi-engine based threat detection
- Threat visibility empowered by machine learning based analysis
- Layered response at both networks and endpoints
- Simplified management and rapid response to known and unknown threats
- Automated malware removal and targeted disruption of malware network activity
- Certified by ICSA Labs for Advanced Threat Defense (ATD)
- Achieved Common Criteria (CC) certification from NIAP
- ㆍ[Insight] Acknowledged Unknown Threat Detection Effectiveness by ICSA Labs Read More
- ㆍ[White Paper] Best Practical Response against Ransomware PDF Download
- ㆍ[White Paper] Invasion of Malware Evading the Behavior-based Analysis PDF Download
Today’s advanced targeted malware evades typical security defenses – but not AhnLab MDS.
MDS: Detects and analyzes traffic anomalies
- Inspects and analyzes various Internet service protocols (HTTP, SMTP, SMB/CIFS, and FTP)
- Monitors two-way traffic for inbound and outbound file transmission (IPv4/IPv6)
- Detects and quarantines malicious emails and attached files (available when MTA license is applied)
- Identifies new and unknown malware through sandbox-based dynamic analysis and static detection based on signature and machine learning
- Adopts its exclusive engine for non-PE malware analysis (MS Office, Adobe and Hancom Office)
- Provides PCAP-based packet capture and PCAP file download for VM analysis process and C&C detection
- Detects and blocks access when an infected PC connects to suspicious websites or C&C server
- Shares behavior analysis results of MDS appliances on the network through MDS Manager and cloud-feed
MDS Manager: Centrally monitors and manages logs from MDS appliances as well as MDS agents
- Provides threat status and events information on dashboardt
- Displays the detected malware and traffic anomalies
- Provides detailed logs on event type, IP address and behaviors on file, process, registry, and network
- Integrates and manages events and logs detected by MDS appliances deployed on network segment, email segment, network shared folder segment, etc.
- Distributes behavior analysis results of MDS appliances, thereby preventing analysis duplication among deployed MDS appliances
- Sends alerts and notices to the individual or all host systems that MDS agent installed
- Configures policies and sends command to collect suspicious files to MDS agent
- Interoperates with HR database and AD (Active Directory) to confirm detection and response status on host systems
- Forwards syslog in CEF and LEEF format
- Interoperates and manages YARA rules
- Provides automatic and manual backup for logs and settings
- Provides various analysis report templates
MDS Agent: Collects and responds to suspicious files in endpoints
- Extracts suspicious files from host systems – Machine-learning technology adopted
- Responds to suspected infected host systems including malware removal, system isolation, etc.
- Detects abnormal process and conducts Execution Holding on suspicious files
- Restores removed files if necessary
- Provides an integrated agent with V3, AhnLab’s anti-virus product, to enhance endpoint protection
AhnLab MDS delivers comprehensive protection through its complete defense process of “Detect-Analyze-Respond-Prevent.”
Cyber Kill Chain-based Response
- Provides an advanced hybrid approach with assembly-level analysis—a hybrid technology of static analysis and dynamic analysis—to detect exploitation
- Blocks harmful URLs and outbound traffic to Internet Relay Chat (IRC) and Command & Control (C&C) servers
- Prevents the execution of suspicious files that attempt to run on endpoint and blocks or permits the execution depending on the analysis result
- Combats email-based threats that use spear phishing tactics and evade anti-spam filters
- Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediates infected systems, and provides ongoing intelligence that benefits all AhnLab customers
- Automatic and manual malware removal and precise checks on abnormal network activity without affecting normal business operations
AhnLab provides a full lineup of MDS products that supports all networks ranging from small and medium to enterprise-class.
AhnLab MDS
| MDS 5000B | |
|---|---|
| Max Throughput | 2G |
| Agent Count | 1,000 |
| Log Storage | SSD 1.92TB * 1ea. |
| RAID | Not Supported |
| NIC |
2 NICs can be installed 1GC 8Ports 1GF 4Ports 1GF 8Ports 10GF 4Ports |
| Power |
|
| Rack Size | 1U |
| MDS 10000B | |
|---|---|
| Max Throughput | 5G |
| Agent Count | 3,000 |
| Log Storage | SSD 1.92TB * 2ea. |
| RAID | Optional (Default: Not Supported, RAID 1) |
| NIC |
2 NICs can be installed 1GC 8Ports 1GF 4Ports 1GF 8Ports 10GF 4Ports |
| POWER |
|
| Rack Size | 1U |
| MDS 20000B | |
|---|---|
| Max Throughput | 10G |
| Agent Count | 6,000 |
| Log Storage | SSD 1.92TB * 4ea. |
| RAID | Optional (Default: Not Supported, RAID 10) |
| NIC | 2 NICs can be installed 1GC 8Ports 1GF 4Ports 1GF 8Ports 10GF 4Ports |
| POWER |
|
| Rack Size | 1U |
* Note: Performance values vary depending on the system configuration and network environment
AhnLab MDS Manager
|
|
AhnLab MDS Manager 5000BR |
Agent Count |
Combined Type (Host Controller + Data Viewer) |
2,000 |
Dedicated Type (Host Controller-dedicated) |
5,000 |
|
CPU |
1 * 3.30GHZ, 6Core |
|
RAM |
32GB |
|
HDD |
1TB x 2ea., 2TB x 2ea |
|
RAID Configuration |
RAID 1 |
|
Network Interface |
2 x 1GbE Ports (Copper) |
|
Power Supply |
400W Redundant Power |
|
Form Factor |
1U Rack-Mount, 19 inch |
|
Chassis Dimensions (WxDxH,mm) |
437 x 503 x 43 |
|
|
| AhnLab MDS Manager 10000BR |
Agent Count | Combined Type (Host Controller + Data Viewer) | 5,000 |
Dedicated Type (Host Controller-dedicated) | 10,000 | |
CPU | 1 * 3.40GHz, 8Core | |
RAM | 64GB | |
HDD | 2TB x 2ea., 4TB x 2ea | |
RAID Configuration | RAID 1 | |
Network Interface | 2 x 1GbE Ports (Copper) | |
Power Supply | 800W Redundant Power | |
Form Factor | 2U Rack-Mount, 19 inch | |
Chassis Dimensions (WxDxH,mm) | 437 x 647 x 89 | |
System Requirements for AhnLab MDS Agent
| OS Support | |
|---|---|
| Client PC | Windows XP SP3 or higher / 7 / 8(8.1) / 10 / 11 |
| Server | Windows Server 2003 SP2 or higher / 2008 / 2012 / 2016 / 2022 |
* Both 32 and 64 bit are supported for the above OS