Current Filter: Security>>>>>>

   

Currently the largest security company in South Korea, AhnLab now turns it gaze on the European market. Having dealt efficiently with numerous sophisticated attacks believed to originate from Asia and Russia, it has an impressive track record in dealing with the new breed of advanced persistent threats (APTs).

Deployed as rack mount appliances, its Malware Defense System (MDS) products offer a cost-effective alternative to competing solutions. AhnLab uses a more affordable subscription model, so businesses don't need to factor in potentially crippling hardware acquisition costs.

AhnLab stands out, with its concept of end-to-end security as it closely monitors file-based activity, computes hashes and uses cloud-based intelligence to check for malware. It uses powerful behavioural analysis techniques to determine risk levels of individual files and provides full forensics analysis of each one.

AhnLab offers an optional agent that extends control down to the desktop. With the agent in place, AhnLab can block access to suspicious files, scan for malware and automatically clean infections.

On review, we have the MDS 2000 appliance, which is aimed at mid-sized businesses. This well specified 2U system includes nine Gigabit ports as standard, while the enterprise-level MDS 6000 supports a mix of Gigabit and optional 10-Gigabit connections.

The MDS 2000 is simple to install, as it can sit on a switch span port or be placed inline where it transparently monitors all traffic. We opted for the latter method and had the appliance deployed behind the lab's firewall in minutes.

The intuitive web interface opens with a comprehensive status of all activity. A line graph shows detected malware over time and below this are lists of detected infections, bot command and control traffic, and the most prevalent malware.

The appliance defaults to passive monitoring, and configuration is refreshingly simple, as all detection and analysis options are accessed from a single page. General settings for malware detection include maximum file sizes and the depth to peer into nested archives, along with protocol ports to be monitored and file extensions to be analysed.

The shared folder protection feature allows you to point the appliance to a shared resource and scan it regularly for malware. This is a valuable feature, as network shares can be the source of major security issues.

AhnLab's pinpoint protection is unique, as this gives you the ability to upload suspect files to the appliance where it can scan them to determine whether they're safe. It's very easy to use and, on completion, you can check the extensive logs to see what the scan results were.

AhnLab scores for its highly detailed forensics analysis and the malware remediation services of the agent. When a file with malicious content is detected, it flags this up on the dashboard and you can then drill down into it to see what it was trying to do.

An analysis screen shows a timeline detailing when the file was opened and what it tried to do. Below the timeline is a complete description of all activities, so you can see clearly all suspicious and normal events, and what systems the malware attempted to interact with.

All infected hosts are listed and the agent really comes into its own at this stage. Select the Remediate button next to the host and it will delete all suspect files created by the malware, and clean the host up with no further intervention required.

The MDS 2000 impressed us with its combination of malware protection and detailed forensics analysis. It's very easy to deploy and AhnLab's subscription model is excellent value, as this level of sophistication normally costs a king's ransom.

Product: Malware Defense System
Supplier: AhnLab Inc.
Tel: 0800 756 6817
Web site: www.ahnlab.com
Price: Starts from £25,000