Advanced Persistent Threat (APT) is a new hacking technique used by cyber criminals to persistently attack target victims using various methods (e-mail, web, etc.) until their objectives are achieved. Zombie ZERO uses an agent-based behavioral detection system installed on PCs and a network-based behavioral detecting system which analyzes files from packet through virtual machines. It is designed to defend against new APT attacks and detect malware and provides information security to prevent ransomware and data exfiltration, network failures.
TWO-LEVEL APT Defense Solution
The two-level defense system of Zombie ZERO, which interworks between an agent-based behavioral defense system and a network-based behavioral detection system, can defend the infiltrating malware that bypasses a network and responds with lower false-positive rates quickly and accurately.
• Accurate detection with minimal false-positive rates through interworking between agent-based and network-based analysis.
• Independent behavioral analysis on agent-based and network-based systems.
• Malware detection and blocking from bypassing the network security systems such as encrypted traffic, and other hidden threats.
• Blocking harmful outbound traffic.
• TWO-LEVEL Defense : Firstly, network-based behavioral engines respond to the incoming files and secondly, agent-based behavioral engines respond to them at end-point.
• Multiple Analysis : A signature-based anti-virus engine detects known malware and behavior-based engines detect unknown malware.
Network-based Detection and Analysis
Zombie ZERO Inspector
• Malware detection through file analysis from network traffic
• Behavioral analysis through virtual systems
• Pattern generation for detected malware
Agent-based Analysis and Quarantine
Zombie ZERO Agent
• Detection and blocking based on behavioral analysis for malware
• Process management and detection / blocking of malicious changes
• Detection and quarantine for data exfiltration
System Management and Monitoring
Zombie ZERO ESM
• System operation and monitoring, dashboard
• Generation of detailed logs and reports
• Centralized and policy-based management