Ultimate Threat Response with Powerful Visibility

Integrated endpoint and network

protection against advanced threats
and zero-day attacks DETECT ANALYZE RESPOND PREVENT

AhnLab MDS (Malware Defense System) is a complete security solution that combines on-
premise and cloud-based analytics to stop advanced targeted threats anywhere across the
organization. AhnLab MDS delivers truly comprehensive threat protection, applying rapid
malware recognition and remediation with real-time blocking of malicious network traffic
and dynamic disruption of active security breaches.

Prevent Detect

Pre-
Inspection
Conceal-
Penetration
ment
AhnLab MDS delivers advanced protection
against known and unknown malware, and
Data Advanced
Infection
Leakage Threats zero-day exploits through the complete
defense process of
Internal
Proliferation
C&C
Connection “Detect-Analyze-Respond-Prevent.”
Secondary
Infection

Respond Analyze

Highlights AhnLab MDS provides a truly unified and comprehensive approach to defeat advanced
targeted threats across networks and endpoints.
• Detects and analyzes threats with behavior and signature engines and its exclusive
machine learning based analysis technology
• Automatically and manually removes malware and checks precisely on abnormal  

network activity
• Combats email-based threats that use spear phishing tactics and evade anti-spam filters
What Makes Exceptional Visibility
AhnLab MDS AhnLab MDS delivers intuitive threat visibility on threat type, infected path, number of
detections, and threat analysis status; Detailed “attack flow” enables Administrators to take
Different
immediate and practical actions according to attack phase.
Also, Dynamic Intelligent Content Analysis (DICA) provides detailed and visualized reports
on assembly code and memory analysis.

Web File Server Mail Other Shared Folder 3rd Party Collect Suspicious Files Delay File Execution Pinpoint Detection
6280 0 912 0 0 0 17 35 26

Total Detections

Dynamic Analysis Engine Static Analysis Engine User-Defined Blacklist

7270
6299 1315 5

Number of
analysis
7619

0 0 0
File C&C URL
Known Known Known
0 899 281
0 984 281
0 85 0

Grey Malicious 165 Malicious 0 Malicious 0

2717 3582 Unknown
3414 1021 Unknown
37 299 Unknown
0
3582 37 18
3 0 18

Respond Not Respond Respond Not Respond Respond Not Respond

0 3582 1021 0 299 0

AhnLab MDS delivers intuitive threat visibility via its dashboard

Hybrid Analysis
AhnLab MDS analyzes unknown and sophisticated malware-based threats through its
hybrid analysis technology, combining static and dynamic analysis technology. It accurately
detects and identifies threats in the pre-exploitation stage with its behavior analysis and
DICA(content analysis) technology according to the types of threats.
Regardless of any environment or execution conditions, AhnLab MDS detects malware at the
assembly-level, and thereby it can effectively respond to advanced and sophisticated threats.

Before Malware Malware Malicious/

Execution Execution Suspicious Activity

Pre-exploitation phase Exploitation phase Post-exploitation phase

Exploit

Dynamic Intelligent Content Analysis Dynamic Behavior Analysis

Virtual Machine Malicious

Assembly Shellcode Memory Registry Network

Memory
Code Visualiza- Suspicious
Analysis Analysis
Analysis tion

File Process API

Normal

02 AhnLab MDS
Holistic Response AhnLab MDS detects and blocks traffic anomalies that attempt to connect to C&C servers
on Both Networks and access malicious websites. Also, it collects and analyzes suspicious files and elusive
malware that infiltrate the endpoint via various routes. With its powerful but light-weight
and Endpoints
agent, MDS automatically or manually removes malware from the endpoint system, and
provides Execution Holding(EH) function that prevents potential damages and proliferation
of malware by holding off the execution of suspicious files.

Response at Network Level

Detects and Blocks Traffic Anomalies

Reset Internet Reset

User C&C Server

Mal-site
Sends reset packet to user PC, C&C server, and malicious site
MDS

Detects and Quarantines Email-based Attacks (*MTA Mode)

MDS
(MTA license applied)

Attacker Emails delivering unknown malware Email Server User

Anti-spam Solution
or containing suspicious URLs (Recipient)

Quarantine inside of MDS

Response at Endpoint Level

Isolation / Removal Execution Holding File Upload for Analysis

1 1 1 Encrypted traffic

AhnLab MDS AhnLab MDS AhnLab MDS

2 2 2
5 6

4 4 4 5

5 EH EH
3 3 6 3 7

AhnLab MDS AhnLab MDS AhnLab MDS

agent agent agent

1. File (unknown malware) introduced
2. Mirrors traffic and starts analysis
3. File (unknown malware) downloaded to a PC
4. Analysis completed: identified malware
5. Isolates the host system and removes malware
1. File (unknown malware) introduced
2. Mirrors traffic and starts analysis
3. File (unknown malware) downloaded to a PC
4. Execution Holding feature activated until the
analysis result confirmed
5. Analysis completed: identified malware
6. Isolates the host system and removes malware
1. File (malware) introduced via encrypted traffic
2. Mirrors traffic (*unable to analyze)
3. File (malware) downloaded to a PC
4. Execution Holding feature activated when the
file runs
5. Sends the file to MDS for analysis
6. Analysis completed: identified malware
7. Isolates the host system and removes malware

AhnLab MDS 03
Specifications AhnLab MDS

MDS 4000 MDS 8000 MDS 10000

Analysis Performance 35,000 files per day 90,000 files per day 200,000 files per day

Agent Count 700 2,000 5,000

Traffic Throughput 800Mbps 1.5Gbps 4Gbps

HDD 2 TB 4 TB 8 TB

1G Copper * 4 ea.
Interface
1G/10G Fiber * 4 ea.
1G Copper * 2 ea.
1G Copper * 4 ea.
1G/10G Copper * 4 ea.
1G/10G Fiber * 4 ea.
1G/10G Fiber * 6 ea.

550W Redundant Power 550W Redundant Power 750W Redundant Power

Power Supply
(dual) (dual) (dual)

Enclosure 1U, 19 inch 1U, 19 inch 2U, 19 inch

Chassis Dimensions
482.4 x 676.9 x 42.8 482.4 x 676.9 x 42.8 482.4 x 723.0 x 87.3
(WxDxH, mm)

AhnLab MDS Manager

MDS Manager 5000AR MDS Manager 10000AR

Combined Type
2,000 5,000
Agent (Host Controller + Data Viewer)
Count Dedicated Type
5,000 10,000
(Host Controller-dedicated)

HDD 6 TB 12 TB

RAID RAID 1 RAID 1

Interface 2 * 1GbE Port (Copper) 2 * 1GbE Port (Copper)

Power Supply 500W Redundant Power 740W Redundant Power

Enclosure 1U, 19 inch 2U, 19 inch

Chassis Dimensions (WxDxH,mm) 437 x 508 x 43 427 x 648 x 89

Host Controller + Data Viewer

Deployment Option •Data Viewer: Integrated monitoring and log management
•Host Controller: Agent system repair and management

* Note: Performance values vary depending on the system configuration and network environment

System AhnLab MDS Agent

Requirements Client PC Server

OS Support Windows XP SP2 or higher / 7 / 8(8.1) / 10 Windows Server 2003 / 2008 / 2012

* Both 32 and 64 bit are supported for the above OS

AhnLab, Inc.
220, Pangyoyeok-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, 13493, South Korea
www.ahnlab.com / global.sales@ahnlab.com

© 2018 AhnLab, Inc. All rights reserved.