한국정보통신 로고

sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual sub visual

Zombie PC Prevention

AhnLab TrusWatcher

Advanced Malware Response Solution

* Maximize accuracy of malicious file diagnosis, minimize false positive rates

* All-in-one APT response solution of Collection - Analysis - Monitoring - Response

* With AhnLab’s proved know-how and expertise!

AhnLab TrusWatcher effectively protects APT(Advanced Persistent Threat) via an integrated process of malicious file collection-analysis-monitoring-response based on the malware analysis cloud ASD(AhnLab Smart Defense).
APT (Advanced Persistent Threat) is an advanced and intelligent attack continuously to attack a specific target with a variety of ways. In Korea, APT attacks referred to ‘Security Breach” can cause downgrade of a company’s credibility & image by seizing the important information, as well as disorders of corporate IT infrastructure. However, APT is hard to response with single security software or security equipment unlike traditional treats, so the response based on ‘process’ is surely required. Accordingly, AhnLab provides specialized and integrated APT response via AhnLab TrusWatcher, which is APT proactive platform converging distinctive malware analysis & detection ability and network technology. AhnLab, recognized with its abilities and technologies through the responses to 7.7 DDoS crisis & 3.4 DDoS attacks, commercialized AhnLab TrusWatcher that implements a comprehensive and proactive APT response organizationally combining proactive detection & analysis for malicious files causing zombie PC with network-based defense technologies. In particular, as accuracy of malware analysis & malicious file diagnosis is maximized and the false positive rate is minimized by utilizing AhnLab’s cloud-based malware analysis system ASD(AhnLab Smart Defense), it responses to malicious codes most effectively and accurately, which are the gateway of threats becoming advanced day by day. In addition, malignancy diagnosis about files flowed internally/externally contributes to the defense for the next generation threats.

AhnLab TrusWatcher is comprised of appliance-based analysis system, AhnLab TrusWatcher ZPX(Zombie Prevention eXpress) as basic, and TrusAnalyzer providing comprehensive and efficient management & monitoring, and TrusWatcher Controller & Agent performing deletion of malicious files. Therefore, it provides an integrated APT response process as ‘file collecting→analysis→ real-time monitoring→ removal of malicious files’.

AhnLab TrusWatcher ZPX(Zombie Prevention eXpress
- virtual machine-based unknown malicious file analysis (up to 20 files concurrency)
- Embedded with ASD-based analysis engine and malicious file diagnosis engine together : accurate analysis of collected files and implementation of minimizing false positives
- Two-way traffic monitoring of file inflow/outflow
- Detection & blocking of internal PC’s harmful site access and Bot traffic
- DDoS attack traffic detection of internal PC
- Various network interfaces supported (1G Copper/1G Fiber/10G Fiber)
AhnLab TrusAnalyzer
- Internally suspicious PC monitoring & response through convergence of the information about zombie PC causing & infecting traffic and the information about malicious file inflow/outflow
- Provide integrated monitoring on commands of measures(automatically/manually) about detected malicious files and corresponding results
- TrusWatcher ZPX’s integrated management & monitoring
AhnLab TrusWatcher Controller
- Transmit deletion/restoration commands to TrusWatcher Agent depending on TrusAnalyzer’s analysis results
- TrusWatcher Agent management & monitoring for deletion/restoration response
- Transmission of TrusWatcher Agent’s deletion/restoration result logs
AhnLab TrusWatcher Agent
- Measures for malicious files flowed into internal PC
- Transmit executions & results of measures/restoration commands interlocking with TrusWatcher Controller
AhnLab TrusWatcher utilizes integrated threat analysis system, ACCESS (AhnLab Cloud Computing E-Security Service) based on cloud-based malware analysis system ASD(AhnLab Smart Defense). With them together, it provides maximized analysis accuracy and minimized misdiagnosis rate.
AhnLab TrusWatcher ZPX
Division TrusWatcher ZPX 2000 TrusWatcher ZPX 6000
Product Specifications Proposed Performance 2Gbps class 10Gbps class
CPU Intel Core2 Quad 2.66 GHz Intel Nehalem 2.53Ghz
Memory 8GB 32GB
HDD 320GB 1TB
SSD 128GB 128GB
OS OS built-in OS OS built-in OS
Interface (Basic ) 1G Copper x 5 EA, 1G Fiber x 2 EA 1G Copper x 10 EA, 1G Copper x 8 EA
Interface (Option) 1G Fiber x 4 EA 1G Copper x 8 EA /
 1G Fiber x 8 EA
10G Fiber x 2 EA
Number of VM Basic/Max 5 EA Basic 5 EA /Max 20 EA
Product Characteristics Key Technology - Malicious file behavior analysis based on Virtual Machine
- Embedded with ASD engine using more than 400 million information and file diagnosis engine together
- Outbound url traffic detection of internal Bot
- Outbound DDoS traffic detection of internal PC

TrusAnalyzer
Division TrusAnalyzer 2000 TrusAnalyzer 5000 TrusAnalyzer 10000
Product Specifications Proposed Performance SMB (10,000 MPS) Middle (25,000 MPS) High-End 
(50,000 MPS)
CPU Intel i3-2100  Intel Xeon E3-1230 Intel Xeon E3-1270 (3.4Ghz)
(3.1Ghz)  (3.2Ghz)
Memory 2G 8GB 16GB
HDD 500GB 2TB (500GB x 4 EA) 4TB (1TB x 4)
RAID not support Option Built-in
OS OS : Windowsall version OS : Windowsall version OS : Windowsall version
Interface 1G Copper x 2 EA 1G Copper x 2 EA 1G Copper x 2 EA

TrusWatcher Controller
Division TrusWatcher Controller
2000
TrusWatcher Controller
5000
TrusWatcher Controller
10000
Product Specifications Proposed Performance SMB (2,000 user) Middle (5,000 user) High-End (10,000 user)
CPU Intel i3-2100 (3.1Ghz) Intel Xeon E3-1230 (3.2Ghz) Intel Xeon E3-1270 (3.4Ghz)
Memory 2G 8GB 16GB
HDD 500GB 2TB (500GB x 4 EA) 4TB (1TB x 4)
RAID not support Option Built-in
OS OS built-in OS OS built-in OS OS built-in OS
Interface 1G Copper x 2 EA 1G Copper x 2 EA 1G Copper x 2 EA

TrusWatcher Agent
Division Installation Environment
TrusWatcher Agent - Client PC OS : Windows 2000 / XP / Vista / 7
- Server OS : Windows Server 2000 / 2003 / 2008
* 64 Bit Compatibility mode support 
Experience the same effects of AhnLab’s powerful DDoS & Zombie PC proactive response platform inside of your company, which was proven through a series of large scale of DDoS attack responses.
AhnLab TrusWatcher is an APT proactive platform that provides AhnLab’s expert services and guidance as customized process depending on each customer’s environment, with the product together. In order to actively respond to various security threats and malicious codes advanced daily, the response based on ‘process’, but not ‘product’ is surely required, because the existing individual protection equipment & its operation is able to respond to the short-term security threats only.
A proactive solution for highly advanced intelligent target-attack APT, AhnLab TrusWatcher, reflecting AhnLab’s know-how & process, implements extraction & analysis of malicious files, storage and extraction of malicious files and deleting malicious files in emergency, based on the network traffic.

한국정보시스템 로고

22, Gukhoe-daero 70-gil, Yeongdeungpo-gu, Seoul(150-871 Geumgang Bldg. 8F, Yeouido-gu)  TEL : +82-2-2162-1000  FAX : +82-2-2162-1009
Branch Address : 66,210 Dunsanjung-ro, Seo-gu, Daejeon  Branch Tel : +82-42-485-0788  Branch Fax : +82-42-485-0784
www.kis.co.kr  CEO : Won Bae Jeon   Main Businessman registered number: 107-88-02893  Branch Businessman registered number : 314-85-51763
Copyright (C) 2014 KIS All Right Reserved.