Professional Documents
Culture Documents
AhnLab MDS (Malware Defense System) is a complete security solution that combines on-
premise and cloud-based analytics to stop advanced targeted threats anywhere across the
organization. AhnLab MDS delivers truly comprehensive threat protection, applying rapid
malware recognition and remediation with real-time blocking of malicious network traffic
and dynamic disruption of active security breaches.
Prevent Detect
Pre-
Inspection
Conceal-
Penetration
ment
AhnLab MDS delivers advanced protection
against known and unknown malware, and
Data Advanced
Infection
Leakage Threats zero-day exploits through the complete
defense process of
Internal
Proliferation
C&C
Connection “Detect-Analyze-Respond-Prevent.”
Secondary
Infection
Respond Analyze
Highlights AhnLab MDS provides a truly unified and comprehensive approach to defeat advanced
targeted threats across networks and endpoints.
• Detects and analyzes threats with behavior and signature engines and its exclusive
machine learning based analysis technology
• Automatically and manually removes malware and checks precisely on abnormal
network activity
• Combats email-based threats that use spear phishing tactics and evade anti-spam filters
What Makes Exceptional Visibility
AhnLab MDS AhnLab MDS delivers intuitive threat visibility on threat type, infected path, number of
detections, and threat analysis status; Detailed “attack flow” enables Administrators to take
Different
immediate and practical actions according to attack phase.
Also, Dynamic Intelligent Content Analysis (DICA) provides detailed and visualized reports
on assembly code and memory analysis.
Web File Server Mail Other Shared Folder 3rd Party Collect Suspicious Files Delay File Execution Pinpoint Detection
6280 0 912 0 0 0 17 35 26
Total Detections
Number of
analysis
7619
0 0 0
File C&C URL
Known Known Known
0 899 281
0 984 281
0 85 0
Hybrid Analysis
AhnLab MDS analyzes unknown and sophisticated malware-based threats through its
hybrid analysis technology, combining static and dynamic analysis technology. It accurately
detects and identifies threats in the pre-exploitation stage with its behavior analysis and
DICA(content analysis) technology according to the types of threats.
Regardless of any environment or execution conditions, AhnLab MDS detects malware at the
assembly-level, and thereby it can effectively respond to advanced and sophisticated threats.
02 AhnLab MDS
Holistic Response AhnLab MDS detects and blocks traffic anomalies that attempt to connect to C&C servers
on Both Networks and access malicious websites. Also, it collects and analyzes suspicious files and elusive
malware that infiltrate the endpoint via various routes. With its powerful but light-weight
and Endpoints
agent, MDS automatically or manually removes malware from the endpoint system, and
provides Execution Holding(EH) function that prevents potential damages and proliferation
of malware by holding off the execution of suspicious files.
MDS
(MTA license applied)
1 1 1 Encrypted traffic
4 4 4 5
5 EH EH
3 3 6 3 7
1. File (unknown malware) introduced 1. File (unknown malware) introduced 1. File (malware) introduced via encrypted traffic
2. Mirrors traffic and starts analysis 2. Mirrors traffic and starts analysis 2. Mirrors traffic (*unable to analyze)
3. File (unknown malware) downloaded to a PC 3. File (unknown malware) downloaded to a PC 3. File (malware) downloaded to a PC
4. Analysis completed: identified malware 4. Execution Holding feature activated until the 4. Execution Holding feature activated when the
5. Isolates the host system and removes malware analysis result confirmed file runs
5. Analysis completed: identified malware 5. Sends the file to MDS for analysis
6. Isolates the host system and removes malware 6. Analysis completed: identified malware
7. Isolates the host system and removes malware
AhnLab MDS 03
Specifications AhnLab MDS
Analysis Performance 35,000 files per day 90,000 files per day 200,000 files per day
HDD 2 TB 4 TB 8 TB
1G Copper * 2 ea.
1G Copper * 4 ea. 1G Copper * 4 ea.
Interface 1G/10G Copper * 4 ea.
1G/10G Fiber * 4 ea. 1G/10G Fiber * 4 ea.
1G/10G Fiber * 6 ea.
Chassis Dimensions
482.4 x 676.9 x 42.8 482.4 x 676.9 x 42.8 482.4 x 723.0 x 87.3
(WxDxH, mm)
Combined Type
2,000 5,000
Agent (Host Controller + Data Viewer)
Count Dedicated Type
5,000 10,000
(Host Controller-dedicated)
HDD 6 TB 12 TB
* Note: Performance values vary depending on the system configuration and network environment
OS Support Windows XP SP2 or higher / 7 / 8(8.1) / 10 Windows Server 2003 / 2008 / 2012
AhnLab, Inc.
220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, 13493, South Korea
www.ahnlab.com / global.sales@ahnlab.com