escan cloud

Upload: escanav

Post on 08-Mar-2016

2 views

Category:

Documents


0 download

DESCRIPTION

Overview on cloud protection Vs traditional security.

TRANSCRIPT

  • Cloud Protection Vs Traditional Security

    www.escanav.com

    Anti-Virus & Content Security

  • Cloud Protection

    Anti-Virus & Content Security

    Anti-Virus & Content Security

    Anti-Virus & Content Security

    2

    2

    Anti-Virus & Content Security

    2

    2

    Anti-Virus & Content Security

    Anti-Virus & Content Security

    eScan Research Team

    Signature Release every 2 hour Signature Release every 2 hour

    Signature

    Creation

    Signature

    Creation

    33

    4

    Good Files

    Bad Files

    ESN

    Infected File Info shared on real-time1

    Third party Subscribed Services

    Live Internet

    Connection Required

    21 1

    4

    2

    3

    We at eScan have developed a technology called eScan Security Network

    (ESN). This technology can automatically analyze, classify, detect and

    quarantine 99.99% of new malware that are discovered every day, keeping our

    clients protected on a real time basis. When it comes to detecting new

    malware, ESN ensures a prompt response and an advanced level of detection

    that provides superior protection. eScan Security Network is not only capable

    of detecting and blocking unknown threats but can also prevent zero-day

    threats and phishing attempts.

    This cloud-based eScan Security Network ensures protection against current

    threats, such as viruses, worms, Trojans and identifies and blocks new threats

    before they become widespread

    This interaction includes 4 different phases. Information on the newly

    Anti-Virus & Content Security

    Live Internet

    Connection Required

    Infected file Info shared on real-time by third

    party services and eScan research team with ESN1Information is updated to all the users world wide

    through ESN on real time 2

    Virus Signature is created 3 Signature is released by eScan every 2 hours4

  • executed or downloaded applications is sent by third party subscription

    services and eScan research team to eScan Security Network Servers.

    Anti-Virus & Content Security

    The files are checked and added to the eScan database if they are

    found to be malicious either by eScan research team or by third party

    services subscribed by eScan. Legitimate files are added to the

    Whitelisting database.

    Information about newly discovered malicious and legitimate files

    becomes available to all users of relevant eScan products minutes after

    the initial detection.

    Local database of application whitelisting is built and updated for

    legitimate applications.

    eScan with Cloud Security is specially designed security solution that provides

    real-time protection to computers from objectionable content and security

    threats, such as Viruses, Spyware, Adware, Key loggers, Rootkits, Botnets,

    Hackers, Spam, and Phishing.

    Dependency on internet has no limits and this is proved by the increasing

    number of Internet users that spend quite a chunk of their time online. This

    has also led to an array of cyber threats that are persistent, sophisticated and

    targeted increasing the risk to your confidential information.

    Hence, in such situation detecting them before they cause harm to your

    computing activities is very important. eScan is equipped with a combination

    of advance technologies that are based on malware detection through

    Signature, heuristics, as well as behavioral analysis. With its advanced Web

    Protection and Anti-Spam Modules eScan is fully capable of blocking

    malicious websites and hacking attempts that can steal banking credentials or

    private data from user computer, facilitating safe banking experience for the

    user. Virus signature are created and updated to the user every two hours.

  • How it Works ? Signature creation and release

    At eScan, experienced team of virus analysts and developers work round the

    clock gathering information, evaluating new threats and rapidly responding to

    any incidence of virus outbreak in any part of the world. Use of advanced

    technologies complemented with skilled and experienced team of analysts

    and developers enables us to analyze harmful computer viruses of today's

    world and create its signature and release the update instantly to our millions

    of users all over the world. With years of experience we have devised a strong

    methodical process of capturing virus incidents and responding to combat

    Anti-Virus & Content Security

    Resultant Payload It can be any kind of Malicious Java script which loads Java

    Applet or a JAR file

    CVE It is a dictionary of publicly known information security vulnerabilities and

    exposures.

    EK Exploit Kit - Do it yourself Malware Kits which are available in underground

    forums and are used to deploy / manage malware botnets.

    Samples Received

    A) Check for CVE / EK which is being exploited

    B) Encryption / Obfuscation Routines, if any, has been used.

    C) Other Files which are used as Payloads.

    Decrypt and Grab the resultant Payload

    All the resultant payloads are collected and then normal file algorithm is used

    Obfuscation A type of recursive programming to hide the original source code

    within itself.

    Sandbox Analysis - Automated method to analyze applications / exe/ binaries /

    URLs in a controlled environment

    Sources From where Samples are Received

    * Signatures are Created

    URL

    eScan Users Research Team eScan

    Updated to all eScan Customers

    File

    Sandbox Analysis

    A) Which Registry Keys are added / modified

    B) Which Hosts and IP are connected to

    C) API Calls and other methods used to infect

  • The Process

    eScan received samples from various sources that includes Samples received

    from eScan users, virus information gathered by our in house dedicated team

    of analysts and eScan Security Network (eScan Cloud). The above chart gives

    you a detailed overview of the process of receiving, analyzing, creating and

    releasing of Virus signatures at eScan. Whenever a Sample is received from

    any of the sources it is either in form of a File or a URL, there are different

    procedures that are followed to analyze the received samples and then create

    a signature for releasing updates to our users.

    Anti-Virus & Content Security

    Whenever a malicious URL is received or captured Its content is in

    encrypted format which is then decrypted by our malware analysts, the

    Resultant Payload is then grabbed out of it.

    It is then checked for the CVE or EK which is being exploited.

    At Next Level it is checked for any kind of encryption or obfuscation

    routine that may have been used.

    Checked for other files that are used as payloads.

    All the resultant Payloads are then collected and Then normal file

    algorithm (File Analysis) is used for further analysis and creation of

    Signature.

    Whenever a malicious File is received as a sample or Extracted from a URL it is

    then analyzed using Sandboxing and other procedures for creation of

    Signature. File is checked on the following criteria using Tools and processes.

    Actual file execution is done on a computer.

    As a result of the execution Modifications made in system files or

    registry are checked.

    The File Connects to which IP is checked. It also Checks if other files are

    download from that IP checked for the type of connection used for file

    Download (FTP or HTTP).

    such deadly virus outbreaks of today's world as and when it happens, thus

    securing computers of all eScan users. With our fast and robust system for

    delivering updates that consists of over ninety thousand update servers

    located throughout the world user computer are updated within a very short

    span of time from the actual release.

  • *Signature

    This is the manual procedure which is used whenever a sample escapes the

    detection. Otherwise, all the URLs and the files are processed using the

    signatures which were created previously.

    Anti-Virus & Content Security

    *Signature is created on the basis of the entire analysis and Updates are

    released to the users every two hours.

    Binary Analysis of file is done using in- house tools that includes dynamic

    or static analysis based on the file. File structure and Code is analyzed. API

    being called is checked along with the methods used for calling the API.