escan cloud

Cloud Protection Vs Traditional Security

www.escanav.com

Anti-Virus & Content Security

Cloud Protection




2

2


2

2



eScan Research Team

Signature Release every 2 hour Signature Release every 2 hour

Signature

Creation

Signature

Creation

33

4

Good Files

Bad Files

ESN

Infected File Info shared on real-time1

Third party Subscribed Services

Live Internet

Connection Required

21 1

4

2

3

We at eScan have developed a technology called eScan Security Network

(ESN). This technology can automatically analyze, classify, detect and

quarantine 99.99% of new malware that are discovered every day, keeping our

clients protected on a real time basis. When it comes to detecting new

malware, ESN ensures a prompt response and an advanced level of detection

that provides superior protection. eScan Security Network is not only capable

of detecting and blocking unknown threats but can also prevent zero-day

threats and phishing attempts.

This cloud-based eScan Security Network ensures protection against current

threats, such as viruses, worms, Trojans and identifies and blocks new threats

before they become widespread

This interaction includes 4 different phases. Information on the newly


Live Internet

Connection Required

Infected file Info shared on real-time by third

party services and eScan research team with ESN1Information is updated to all the users world wide

through ESN on real time 2

Virus Signature is created 3 Signature is released by eScan every 2 hours4

executed or downloaded applications is sent by third party subscription

services and eScan research team to eScan Security Network Servers.


The files are checked and added to the eScan database if they are

found to be malicious either by eScan research team or by third party

services subscribed by eScan. Legitimate files are added to the

Whitelisting database.

Information about newly discovered malicious and legitimate files

becomes available to all users of relevant eScan products minutes after

the initial detection.

Local database of application whitelisting is built and updated for

legitimate applications.

eScan with Cloud Security is specially designed security solution that provides

real-time protection to computers from objectionable content and security

threats, such as Viruses, Spyware, Adware, Key loggers, Rootkits, Botnets,

Hackers, Spam, and Phishing.

Dependency on internet has no limits and this is proved by the increasing

number of Internet users that spend quite a chunk of their time online. This

has also led to an array of cyber threats that are persistent, sophisticated and

targeted increasing the risk to your confidential information.

Hence, in such situation detecting them before they cause harm to your

computing activities is very important. eScan is equipped with a combination

of advance technologies that are based on malware detection through

Signature, heuristics, as well as behavioral analysis. With its advanced Web

Protection and Anti-Spam Modules eScan is fully capable of blocking

malicious websites and hacking attempts that can steal banking credentials or

private data from user computer, facilitating safe banking experience for the

user. Virus signature are created and updated to the user every two hours.

How it Works ? Signature creation and release

At eScan, experienced team of virus analysts and developers work round the

clock gathering information, evaluating new threats and rapidly responding to

any incidence of virus outbreak in any part of the world. Use of advanced

technologies complemented with skilled and experienced team of analysts

and developers enables us to analyze harmful computer viruses of today's

world and create its signature and release the update instantly to our millions

of users all over the world. With years of experience we have devised a strong

methodical process of capturing virus incidents and responding to combat


Resultant Payload It can be any kind of Malicious Java script which loads Java

Applet or a JAR file

CVE It is a dictionary of publicly known information security vulnerabilities and

exposures.

EK Exploit Kit - Do it yourself Malware Kits which are available in underground

forums and are used to deploy / manage malware botnets.

Samples Received

A) Check for CVE / EK which is being exploited

B) Encryption / Obfuscation Routines, if any, has been used.

C) Other Files which are used as Payloads.

Decrypt and Grab the resultant Payload

All the resultant payloads are collected and then normal file algorithm is used

Obfuscation A type of recursive programming to hide the original source code

within itself.

Sandbox Analysis - Automated method to analyze applications / exe/ binaries /

URLs in a controlled environment

Sources From where Samples are Received

* Signatures are Created

URL

eScan Users Research Team eScan

Updated to all eScan Customers

File

Sandbox Analysis

A) Which Registry Keys are added / modified

B) Which Hosts and IP are connected to

C) API Calls and other methods used to infect

The Process

eScan received samples from various sources that includes Samples received

from eScan users, virus information gathered by our in house dedicated team

of analysts and eScan Security Network (eScan Cloud). The above chart gives

you a detailed overview of the process of receiving, analyzing, creating and

releasing of Virus signatures at eScan. Whenever a Sample is received from

any of the sources it is either in form of a File or a URL, there are different

procedures that are followed to analyze the received samples and then create

a signature for releasing updates to our users.


Whenever a malicious URL is received or captured Its content is in

encrypted format which is then decrypted by our malware analysts, the

Resultant Payload is then grabbed out of it.

It is then checked for the CVE or EK which is being exploited.

At Next Level it is checked for any kind of encryption or obfuscation

routine that may have been used.

Checked for other files that are used as payloads.

All the resultant Payloads are then collected and Then normal file

algorithm (File Analysis) is used for further analysis and creation of

Signature.

Whenever a malicious File is received as a sample or Extracted from a URL it is

then analyzed using Sandboxing and other procedures for creation of

Signature. File is checked on the following criteria using Tools and processes.

Actual file execution is done on a computer.

As a result of the execution Modifications made in system files or

registry are checked.

The File Connects to which IP is checked. It also Checks if other files are

download from that IP checked for the type of connection used for file

Download (FTP or HTTP).

such deadly virus outbreaks of today's world as and when it happens, thus

securing computers of all eScan users. With our fast and robust system for

delivering updates that consists of over ninety thousand update servers

located throughout the world user computer are updated within a very short

span of time from the actual release.

*Signature

This is the manual procedure which is used whenever a sample escapes the

detection. Otherwise, all the URLs and the files are processed using the

signatures which were created previously.


*Signature is created on the basis of the entire analysis and Updates are

released to the users every two hours.

Binary Analysis of file is done using in- house tools that includes dynamic

or static analysis based on the file. File structure and Code is analyzed. API

being called is checked along with the methods used for calling the API.

escan cloud

Documents