Malware is hitting companies hard. According to Positive Technologies research, 39% of digital attacks in 2017 involved use of viruses or other malicious software. Around 250,000 new copies of malware appear every day, while malware as a service is putting advanced threats in the hands of anyone willing to pay. Malware detection technology continues to improve—but not quickly enough to respond to the threat. Problems with the conventional approach include:
- Single-vendor monocultures for malware protection
- No single point for monitoring all objects in infrastructure traffic
- Difficulty of localizing distributed attacks as well as their past and current consequences
As a multilayered malware detection system, PT MultiScanner makes these drawbacks a thing of the past. With a more modern approach, it is easier to detect, track, and block the spread of malware on corporate infrastructure both in real time and retrospectively.
PT MultiScanner is a server-based solution that deploys on existing infrastructure to monitor and block threats wherever they are: email, the web, file storage, or web portals traffic. The system detects infected objects in all kinds of data streams, aggregating similar attacks into threat chains. These chains are the best way to spot mass infections and investigate, especially for events that occur gradually over time and would be easy for humans to overlook.
- Security expertise in practice
PT MultiScanner scans objects by combining the strengths of multiple methods: multiple antivirus engines by different AV vendors, static analysis and reputation lists from the Positive Technologies Expert Security Center (PT ESC), which regularly investigates critical security incidents at major companies. The solution supports scaninng for both files and archives, including recursively compressed.
- Full coverage of all data flows
PT MultiScanner can identify and block malware threats across connection types: web portals, file storage, network traffic, web traffic, and email (with an attachment sanitizing for most common file extensions, such as .docx, .xlsx, .rtf, .pptx, .pdf, .html, .jpg, .zip, etc.).
PT MultiScanner detects the latest threats and signs of hidden malware with the help of retrospective analysis. Previously scanned objects are rescanned automatically after updates to the knowledge base or when resources are available, without any performance hit to ongoing scanning.
- Expert tool for incident investigation
Security operations center (SOC) and security staff will find PT MultiScanner an effective tool for investigating incidents: it can detect malware points of entry into infrastructure, pinpoint relevant users, and identify all stages of malware spread.
Centralized monitoring of malicious activity across all data flows makes it easy to track and localize threats on corporate infrastructure. Similar attack elements across diverse data flows are linked into a single threat chain, helping security staff to react more quickly and precisely. Intuitive interface makes all information readily available to security staff in at-a-glance dashboard form.PT MultiScanner deploys in less than one hour. Adding scan sources (mail services, proxy servers, file storage, network sensors) takes just a few clicks.
- Scalability and high availability
The architecture of PT MultiScanner is perfect for scaling both vertically and horizontally. It is fully fit for cluster deployment in active–active configuration with one central management console.