New approach to defend against APT attacks in real time

Traditional security solutions face malware patterns with significant delays; therefore they only detect the threat after it occurred and started to spread. In most cases, APT malware attackers use email attachments to get into corporate infrastructure and focus on a zero-day vulnerability that is presumed to used by the targeted account, e.g. a specific operational system, software package, PDF reader or Java version so that the success of the attack is likely to be guaranteed.

Well-defined attack interface

Zorp Malware Detection allows organizations to detect, identify and block dynamic APT malware attacks in-real time by integrating into inbound email traffic. The solution was designed to provide a well-defined attack interface for an effective defense of email traffic. Zorp Malware Detection can support universal antivirus solutions and create defense capabilities which cannot be circumvented by malware currently exist.

Multi-layered detection

The Zorp Malware Detection solution package is part of a service that provides BalaSys-managed infrastructure with the ability to reduce resource and time-consuming dynamic analyzes by file information (configuration, hash database) collected by individual ZMD installations, and uses external databases to identify known malware threats quickly.

As a multiple technical analysis of emails and attachments, first the analytics engine runs a static scanning to detect patterns using more than 20 antivirus software's current database. All this within Zorp's Malware Detection, so that sensitive emails never leave the system. After, as part of the dynamic analysis phase, email attachments are opened in a virtual or even physical operating system environment and record all software events.

Analyzes fixed activities in contexts

As part of a detailed analysis of multiple tools, it examines not only the collected file information, but automatically analyzes the connection of the recorded activities. These can be dynamically expanded as newer malware families appear.

Custom-tailored analytics client

Personalized APT attacks can only start spread if they perceive a particular system environment, so we build custom analytics clients based on customer used systems.