Orchestration
Establishing a file integration threat analysis management system
Simplify configuration and eliminate operational complexity by completing the integrated file analysis system architecture into a single structure.
APTRCENTER
Integrated file quarantine system to respond to advanced advanced persistent threats (APTs)
APTRCENTER determines whether the original file is malicious and responds to all files distributed externally and internally. It visualizes the flow of file data by collecting files in various file transmission and reception environments and provides an integrated analysis and response system for files through integration with various dynamic/static analysis equipment.
Completion of a unified integrated file inspection architecture,
high-speed search, and comprehensive analysis system that merges various file-related information (session, meta, TI)
Visibility
Visualize file data flow
Enhanced analysis accuracy and efficiency based on rich information generated by Network Blackbox
Analytics
Increased convenience of accident analysis
Provides rapid security operations with dramatically improved search and analysis speeds
Automation
Increased incident response efficiency
Ensure unified technical support window and operational continuity
File collection channel integration
In a file transmission environment using various applications, including file transmission and reception through a network file transfer system in a network-separated environment as well as external-internal and internal-internal, file collection channels are managed in an integrated manner through support for various APIs and linkage methods.
Visualize file transfer flow
Based on the information obtained during the file collection process through various channels, the transmission and reception process of the file can be visualized, and when a problematic malicious file is discovered, the original distributor can be traced. In addition, long-term file collection and analysis logs are preserved to support retrospective analysis.
File Integration Analysis Policy
It performs resource-efficient file integration analysis functions by setting predefined file analysis policies and analysis policies that understand the business environment for intelligent persistent threat attack types using files. It shortens the analysis time of collected files and implements coordination of analysis procedures between collection channels and analysis channels with easy settings.
Analytics channel load balancing
Efficient analysis is performed through load balancing for load distribution to multiple analysis channels for collected files through the built-in load balancing engine. In addition, the status of the analysis channel is always checked and preemptive load distribution adjustment can be performed for analysis delays due to load to prevent file analysis delays.
Analytical channel parallelism
Due to the nature of intelligent persistent threat attacks, malicious files used in such threat attacks make various attempts to bypass static/dynamic analysis engines. In such cases, if analysis is performed through only one type of analysis channel, false detections may occur. APTRCENTER can perform parallel and simultaneous analysis requests of the same file through various types of static/dynamic analysis channels, and determines whether or not it is malicious by synthesizing the results from each analysis channel, thereby resolving the issues of false detections and false attempts of malicious files used in intelligent persistent threat attacks.
Integrate file-related threat intelligence
Among the publicly available security threat intelligence (OSINT) collected and refined through H LAB, our threat hunting research organization, various file-related information is updated in real time through our cloud service, Defense Center, and by supporting industry-standard threat intelligence information exchange APIs, in addition to collecting all threat intelligence information used by companies and organizations, we select and refine only file-related threat intelligence and perform preemptive threat intelligence-based identification of known malicious files before requesting analysis through static/stationary channels, enabling rapid and effective identification of file-related threats.
Super fast search engine
It supports search speeds that are more than 6 times faster than traditional database searches using the built-in Elasticsearch engine, and the search performance gets better as the amount of data increases and the search conditions become more complex. In addition, it supports simple keyword matching as well as synonyms and antonym searches, and supports indexing and inverted indexing of unstructured data, so that even if hundreds of thousands of files are collected and analyzed each day, necessary data can be searched at high speed on long-term collection and analysis information.
Intelligent Persistent Threat Attack Response Process
It supports integrated collection and analysis of malicious files used for intelligent persistent threat attacks, and transmission of individual analysis result logs and incident event transmission to the Security Operation Center (SOC), SIEM, SOAR, or XDR for the analysis results. It also supports transmission of original files that meet specific conditions upon request from other systems, thereby fully supporting the intelligent persistent threat attack response process.
Collection and Analysis Channel Integration Compatibility and Scalability
It basically supports integration with various channels using WEB, built-in API, and FTP, and supports integrated development of collection and analysis channels using APIs provided by in-house development applications and commercial 3rd party products. Since it has an open platform concept, all types of channel integration can be added using professional services depending on the environment provided.