- Dozens of anti-virus engines, one interface
Files are scanned in parallel by multiple engines from the most popular developers. All anti-virus engines and definitions are kept up to date via a local server.
Figure out which systems have been attacked by malware, even before anti-virus software was able to detect it. Incident investigation becomes much easier as a result.
The master knowledge base and reputation-based lists are constantly updated, catching what anti-virus engines may miss.
Because anti-virus components are updated without requiring Internet access, PT MultiScanner works on isolated network segments and prevents possible data leaks, without ever sending scanned files outside of the system infrastructure.
Standard interfaces (Rest API, SMTP, ICAP, syslog) are supported. Options for monitoring of file resources and network traffic simplify integration with client infrastructure.
Multilayer Protection from Malicious Software
Malware threats are increasing in both number and diversity. Infected files, emails, and websites are inflicting more and more damage on businesses, governments, and individuals, in spite of active use of anti-virus programs. Why does anti-virus protection fail? Anti-virus companies are often late in adding the latest threats to their malware databases, and therefore cannot ensure 100% protection.
In addition, advanced persistent threats (APTs) target weaknesses in anti-virus software to bypass protection entirely. As a result, in order to maximize detection of malware threats, large companies are forced to use cloud-based services that combine multiple anti-virus scanners. But sending data to cloud services increases the risk of data leaks.
The solution to the problem, then, is to use a local system (installed within the network perimeter) to monitor files, with support for automatically scanning files in parallel with multiple anti-virus engines and reputation services. This is what PT MultiScanner does.
As a multithreaded malware detection system, PT MultiScanner finds threats with dramatically increased precision and speed by combining multiple anti-virus engines and supplementing them with other detection methods, including retrospective analysis of malicious files and reputation services.
Uses of PT MultiScanner
- Corporate traffic monitoring: Scan files and links from captured network traffic in real time, identify bots on the internal network, block threats on the fly, quickly react to and investigate incidents, and get enriched protection system events (IPS/IDS, SIEM).
- Email protection: Perform online scanning of mail messages and detect malicious attachments, links, and senders. Scan mail archives (including password-protected and multipart archives). Protect against social engineering-based malware attacks.
- Web portal protection: Active protection of web applications and users from malicious content. Detect information leaks and web bots. Monitor the content that users download.
- File storage monitoring: Detect malware as well as infected binaries and documents. Block malware from spreading. Perform retrospective analysis and detection of threats without rescanning of the original file.
- Perimeter protection: Increase the protection level of the network perimeter with automatic detection of malicious content in files downloaded from external subnets (including HTTPS).
- Separate scan-on-demand service: Analyze manually downloaded files or visited websites, keep a knowledge base and statistics on downloaded objects and verdicts, and alert users when malware is detected in previously downloaded files.
- Targeted deep analysis
- Perform manual in-depth analysis of web browser behavior when suspicious web links are clicked. Monitor specific executable files or installed legitimate applications when specific documents are opened in them.
- Linear scalability
- As scanning needs grow, simply add to the system to maintain maximum PT MultiScanner performance.