APT and Ransomware Defense Solutions


[INQ. NO. 1704E10] APT (Advanced Persistent Threat) is a new hacking technique used by cyber criminals to persistently attack target victims using various methods (email, web, etc.) until an objective is achieved. Zombie ZERO uses an agent-based behavioral defensive system installed on a PC and a network-based behavioral detecting system, which analyzes files from packets through virtual machines. It is designed to defend against new APT attacks and detect malware and provides information security to prevent ransomware and data exfiltration, network failures.

Key Features
– Behavior-based virtual engine that performs static / dynamic analysis complemented Anti-Virus’ Zero-day vulnerability.
– It protects against attacks of ransomware, new APT, various malware attacks at the network and end-point.
– Provides double detection / block function about file leak, DDoS attack and hacking, C & C server access.
– Installed on the NIC driver, so there is no conflict with other programs, and stability and performance are guaranteed.
– This product consists of three parts: ‘Inspector’ installed on network, ‘EDR’ installed on end-point, ‘ESM’ central management system. ‘Inspector’ is divided into ‘Network APT’, “Email APT’, ‘File APT’, ‘Real machine APT’, and ‘EDR’ is divided into ‘EDR for APT’ and ‘EDR for Ransomware’.

ZombieZERO Network APT Inspector
It’s a device that collects network packets and detects / analyzes APT attacks. It analyzes the malware in three steps and detects / blocks unknown malware with behaviorbased virtual system. It implements the same sandbox (virtual system) environment as the user PC’s, and it’s possible to restore the blocked file due to false-positive and analyze malware in the closed environment.

ZombieZERO Email APT Inspector
It provides integrated solution of spam correspondence and APT analysis equipment. It blocks in four steps (access step, SMTP step, contents step, APT step) and provides four automatic filter rules (pattern filter, AI filter, spam fingerprint filter, virus filter) and ‘Administrator registration rule’(this means an administrator can directly register various filter conditions. It provides blocking history of ransomware and APT and surveillance filter, and analyzes sender’s access information, attachment file extension, and country of transit. Its APT sandbox analyzes attachments and URLs based on behavior and blocks new and variant malwares.

ZombieZERO File APT Inspector
This is an APT response solution for transmitted files from the network separation environment to the internal network. It supports monitoring file system in various environments, and automatically isolates files confirmed as malicious from entering the internal network. It can analyze up to 1GB file size and retransmit incorrectly detected files and be operated by redundant systems. (A-A, A-S)

ZombieZERO Real machine APT Inspector
This is an APT response solution that detects / blocks malware that bypasses the sandbox with a real machine, not a virtual machine. It can be used in conjunction with a virtual machine to analyze bypassing malware. It provides a dual analysis function by transferring suspicious files of a virtual machine to a real machine.

ZombieZERO EDR for APT
This is a solution to detect / block malware on end-point based on behavior and respond new and variant malware. It analyzes based on behavior, not signature. It can execute holding function so users can analyze malware before the file execution and be operated based on whitelist policy, so it responds to ZERO DAY and malware bypassing networks effectively.
In addition, it supports process hiding detection, memory falsification detection, peeking prevention, reverse access detection, traffic’s abnormal behavior detection, file driver isolation, user behavior detection, and file transfer detection.

ZombieZERO EDR for Ransomware
This solution responds to new and variant Ransomware by detection / block based on behavior and real-time backup on end-point. In case of ransomware detection, it uploads pattern information to prevent infection / spread, and controls access to whitelist, and protects sharing folders and can specify a safe path from Ransomware. It can backup and recover data to PC / external storage media real-time, and manage the data history.

Behavioral analysis technology : Instantly responds to new Ransomware with behavior-based malware detection / treatment. When a process suspected as Ransomware is executed, it isolates the process and uploads the process pattern information to the central management server (ESM) and distributes to other PCs to prevent spread, and it is linked with security backup organically.

– Backup technology : backup in real-time, schedule backup, version management, duplicate data removal technology, virtual security drive creation on local drive of user PC by central management policy server

ZombieZERO Manager
– System management, system monitoring.
– Provides dashboards and central management, generates detailed logs and reports, deploys batch policies.
– At present, ‘NPCore Cyber Security Center (NCSC)’ detects and analyzes malware with big data analysis (machine learning) and updates rule patterns.
korean-electronics.com | Blog Magazine of korean electronics, brands and Goods

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: