AhnLab Products & Services

Search

AhnLab MDS

AhnLab MDS

Ultimate Threat Response with Powerful Visibility

A complete advanced threat protection solution that delivers fast, truly comprehensive protection against known and unknown malware, zero-day exploits, and targeted attacks​

 

More recent and sophisticated cyber-attacks have targeted organizations by injecting malware or files into web applications and email. The attacks initiate the distribution of malware that passes undetected through conventional security solutions; hence, these are so-called Advanced Persistent Threats(APTs).

 

However, the response to the ever-evolving malware-based threats has been via ordinary security methods like antivirus, firewall, and intrusion prevention products.
Because of this, many organizations remain vulnerable to Advanced Persistent Threats. It’s no secret that these attacks cost a company via lost intellectual property, stolen information assets, damage to equipment, and network downtime.

 

One thing is common to all Advanced Persistent Threats scenarios; although the methods are diverse, all are triggered by malware.

 

AhnLab MDS (Malware Defense System) is a network sandbox based APT (Advanced Persistent Threat) protection solution that combines on-premise and cloud-based analytics to defeat advanced targeted threats anywhere across the organization.

 

AhnLab MDS employs multi-engines that provide signature-based detection, reputation-feed based detection, and signature-less detection, thereby accurately identifying traditional threats as well as unknown threats and variants that infiltrate via email, the web, and endpoints. It provides rapid malware detection and remediation with real-time blocking of malicious network traffic and dynamic disruption of active security breaches. ​ 

 

- A network sandbox and multi-engine based threat detection

- Threat visibility empowered by machine learning based analysis

- Layered response at both networks and endpoints

- Simplified management and rapid response to known and unknown threats

- Automated malware removal and targeted disruption of malware network activity

- Certified by ICSA Labs for Advanced Threat Defense (ATD) ​ 

- Achieved Common Criteria (CC) certification from NIAP​ 


  • ㆍ[Insight] Acknowledged Unknown Threat Detection Effectiveness by ICSA Labs Read More
  • ㆍ[White Paper] Best Practical Response against Ransomware PDF Download
  • ㆍ[White Paper] Invasion of Malware Evading the Behavior-based Analysis PDF Download

Today’s advanced targeted malware evades typical security defenses – but not AhnLab MDS.


MDS: Detects and analyzes traffic anomalies

- Inspects and analyzes various Internet service protocols (HTTP, SMTP, SMB/CIFS, and FTP)

- Monitors two-way traffic for inbound and outbound file transmission (IPv4/IPv6)

- Detects and quarantines malicious emails and attached files (available when MTA license is applied)

- Identifies new and unknown malware through sandbox-based dynamic analysis and static detection based on signature and machine learning

- Adopts its exclusive engine for non-PE malware analysis (MS Office, Adobe and Hancom Office)

- Provides PCAP-based packet capture and PCAP file download for VM analysis process and C&C detection

- Detects and blocks access when an infected PC connects to suspicious websites or C&C server

- Shares behavior analysis results of MDS appliances on the network through MDS Manager and cloud-feed

 

MDS Manager: Centrally monitors and manages logs from MDS appliances as well as MDS agents

- Provides threat status and events information on dashboardt

- Displays the detected malware and traffic anomalies 

- Provides detailed logs on event type, IP address and behaviors on file, process, registry, and network

- Integrates and manages events and logs detected by MDS appliances deployed on network segment, email segment, network shared folder segment, etc. 

- Distributes behavior analysis results of MDS appliances, thereby preventing analysis duplication among deployed MDS appliances

- Sends alerts and notices to the individual or all host systems that MDS agent installed

- Configures policies and sends command to collect suspicious files to MDS agent

- Interoperates with HR database and AD (Active Directory) to confirm detection and response status on host systems

- Forwards syslog in CEF and LEEF format 

- Interoperates and manages YARA rules

- Provides automatic and manual backup for logs and settings

- Provides various analysis report templates

 

MDS Agent: Collects and responds to suspicious files in endpoints

- Extracts suspicious files from host systems – Machine-learning technology adopted

- Responds to suspected infected host systems including malware removal, system isolation, etc.

- Detects abnormal process and conducts Execution Holding on suspicious files

- Restores removed files if necessary

- Provides an integrated agent with V3, AhnLab’s anti-virus product, to enhance endpoint protection

AhnLab MDS delivers comprehensive protection through its complete defense process of “Detect-Analyze-Respond-Prevent.”​

 

Cyber Kill Chain-based Response

The latest cyber threats originate from outside networks and exploit known vulnerabilities. It also has become more difficult to identify such malware. AhnLab MDS proactively detects and responds to threats at each stage of the advanced threat lifecycle.

Holistic Response on Both Networks and Endpoints
AhnLab MDS provides a comprehensive approach to combat the advanced threats across networks and endpoints. 
This advanced security system protects endpoints and networks within a single architectural framework and in an integrated management environment.

​- Provides an advanced hybrid approach with assembly-level analysis—a hybrid technology of static analysis and dynamic analysis—to detect exploitation

- Blocks harmful URLs and outbound traffic to Internet Relay Chat (IRC) and Command & Control (C&C) servers

- Prevents the execution of suspicious files that attempt to run on endpoint and blocks or permits the execution depending on the analysis result

- Combats email-based threats that use spear phishing tactics and evade anti-spam filters

 

Reduced Burdens of Security Operation and Cost
AhnLab MDS also eases the burden of security operation and offers long-term value for your organization through a low total cost of ownership and exceptionally rapid return on investment (ROI).

- Combines on-premise malware behavior and signature engine with AhnLab’s cloud-based analysis resources to stop zero-day threats, remediates infected systems, and provides ongoing intelligence that benefits all AhnLab customers

- Automatic and manual malware removal and precise checks on abnormal network activity without affecting normal business operations​

AhnLab provides a full lineup of MDS products that supports all networks ranging from small and medium to enterprise-class.

 

AhnLab MDS

MDS 4000A
Analysis
Capacity
35,000 samples per day
Agent Count 700
Traffic
Throughput
1 Gbps​
HDD 1.2TB x 2ea.
RAID
Configuration
RAID 1
Network
Interface
  • 1GbE 4 Ports (Copper)
  • 10G SFP+ 4 Ports (Optical)
Power Supply 750W Redundant Power
Form Factor 1U Rack-Mount (19”)
Chassis
Dimensions
(WxDxH,mm)
482 x 721.91 x 42.8 mm
MDS 8000A
Analysis
Capacity
90,000 samples per day
Agent Count 2,000
Traffic
Throughput
2 Gbps
HDD 1.2TB x 4ea.
RAID
Configuration
RAID 10
Network
Interface
  • 1GbE 4 Ports (Copper)
  • 10G SFP+ 4 Ports (Optical)
Power Supply 750W Redundant Power
Form Factor 1U Rack-Mount (19”)
Chassis
Dimensions
(WxDxH,mm)
482 x 721.91 x 42.8 mm
MDS 10000A
Analysis
Capacity
200,000 samples per day
Agent Count 5,000
Traffic
Throughput
5 Gbps
HDD 1.2TB x 8ea.
RAID
Configuration
RAID 10
Network
Interface
<Default>
1GbE 2 Ports (Copper)
1/10G Base-T 2 Ports (Copper)
1/10G SFP+ 4 Ports (Optical)
<Option>
1GbE 2 Ports (Copper)
1/10G Base-T 4 Ports (Copper)
1/10G SFP+ 6 Ports (Optical)
Power Supply 750W Redundant Power
Form Factor 2U Rack-Mount (19”)
Chassis
Dimensions
(WxDxH,mm)
482.4 x 715.5 x 86.8 mm

* Note: Performance values vary depending on the system configuration and network environment

 

AhnLab MDS Manager

 

 

AhnLab MDS Manager 5000BR

Agent

Count

 Combined Type

(Host Controller + Data Viewer)

 2,000

Dedicated Type

(Host Controller-dedicated)

 5,000

CPU​​ 

 1 * 3.30GHZ, 6Core​ 

RAM

 32GB​ 

HDD​ 

 1TB x 2ea., 2TB x 2ea

RAID 

Configuration​ 

 RAID 1

Network 

Interface 

 2 x 1GbE Ports (Copper)

Power  Supply

 400W Redundant Power

Form  Factor

 1U Rack-Mount, 19 inch

Chassis 

Dimensions 

(WxDxH,mm) 

 437 x 503 x 43

 

 

AhnLab MDS Manager 10000BR

Agent

Count

 Combined Type

(Host Controller + Data Viewer)

 5,000

Dedicated Type

(Host Controller-dedicated)

 10,000

CPU​​ 

 1 * 3.40GHz, 8Core​

RAM 

 64GB

HDD​ 

 2TB x 2ea., 4TB x 2ea​

RAID 

Configuration​ 

 RAID 1

Network

Interface 

 2 x 1GbE Ports (Copper) 

 Power Supply 

 800W Redundant Power

 Form Factor 

 2U Rack-Mount, 19 inch

Chassis 

Dimensions 

(WxDxH,mm)

 437 x 647 x 89

 

System Requirements for AhnLab MDS Agent

 

OS Support
Client PC Windows XP SP3 or higher / 7 / 8(8.1) / 10 / 11
Server Windows Server 2003 SP2 or higher / 2008 / 2012 / 2016 / 2022

* Both 32 and 64 bit are supported for the above OS

top