Malware is hitting companies hard. According to Positive Technologies research, 39% of digital attacks in 2017 involved use of viruses or other malicious software. Around 250,000 new copies of malware appear every day, while malware as a service is putting advanced threats in the hands of anyone willing to pay. Malware detection technology continues to improve—but not quickly enough to respond to the threat. Problems with the conventional approach include:
- Single-vendor monocultures for malware protection
- No single point for monitoring all objects in infrastructure traffic
- Difficulty of localizing distributed attacks as well as their past and current consequences
As a multilayered malware detection system, PT MultiScanner makes these drawbacks a thing of the past. With a more modern approach, it is easier to detect, track, and block the spread of malware on corporate infrastructure both in real time and retrospectively.
PT MultiScanner is a server-based solution that deploys on existing infrastructure to monitor and block threats wherever they are: email, the web, file storage, or web portals traffic. The system detects infected objects in all kinds of data streams, aggregating similar attacks into threat chains. These chains are the best way to spot mass infections and investigate, especially for events that occur gradually over time and would be easy for humans to overlook.
Detect malware by combining the strengths of multiple methods: multiple antivirus engines, static analysis, and blacklists provided by Positive Technologies. Update knowledge bases either online or offline.
Rest assured as verdicts are made based on the knowledge base and classification developed specially by Positive Technologies.
Control everything from the intuitive web interface. Get information needed for day-today security analyst work from dashboards at a glance.
Deploy rapidly—in less than one hour—with support for standard interfaces (SPAN, MTA, ICAP, REST API) for smooth integration of PT MultiScanner with your existing infrastructure.
More traffic to scan? No problem—just add more components to keep up.
- Prevention of virus attacks
Detect and block malware across all infrastructure components: email, network traffic, users web traffic, file storage, and web portals.
Centrally store and analyze objects across all traffic flows for ease of investigation.
Pinpoint who is sending and spreading malware in order to investigate and react to threats.
- Detection of advanced persistent threats (APTs)
With PT MultiScanner, gain an additional layer of protection for reacting to complex multistage attacks. Use retrospective analysis to spot incidents caused by zeroday vulnerabilities, and uncover malware hidden on network infrastructure.
- Corporate traffic (monitoring). Scanning of files via SPAN mirroring of network traffic in real time. Enriched event context in protection systems (IPS/IDS, SIEM). Rapid incident reaction and investigation.
- Mail traffic (monitoring and blocking). Online verification of email messages. Detection of malicious attachments and senders. Scanning of mail archives (including multipart and password-protected ones). Protection against malware infection attempts involving social engineering.
- Users web traffic (monitoring and blocking). Strengthened perimeter security thanks to detection of malicious content in files downloaded from external subnets.
- Web portals (monitoring and blocking). Active protection of sites against malicious content. Verification of user-originated content.
- File storage (monitoring and blocking). Detection of malicious content, infected executables and documents. Rapid blocking to prevent spread of malicious files. Retrospective scanning and re-scanning of potential threats when knowledge bases are updated.
- Internal service. Manual scanning of files. Knowledge base. Statistics about verdicts and downloaded objects. User alerts if malware is detected in previously downloaded files.
- Incident investigation. Tools and information needed to support the investigation process. Retrospective identification of attacked hosts and analysis of vectors used for attack spread.