Escan Cloud

Overview on cloud protection Vs traditional security.
View more...


Preview only show first 6 pages with water mark for full document please download


Anti-Virus & Content Security Cloud Protection Vs Traditional Security Anti-Virus & Content Security Cloud Protection Third party Subscribed Services 1 Infected File Info shared on real-time 2 2 Anti-Virus & Content Security Anti-Virus & Content Security ESN Anti-Virus & Content Security Live Internet Connection Required Live Internet Connection Required Good Files Anti-Virus & Content Security Bad Files 2 Anti-Virus & Content Security Anti-Virus & Content Security 2 2 1 1 4 4 Signature Signature 3 3 Creation Creation Signature Release every 2 hour Signature Release every 2 hour eScan Research Team 1 Infected file Info shared on real-time by third party services and eScan research team with ESN 2 Information is updated to all the users world wide through ESN on real – time 4 Signature is released by eScan every 2 hours 2 3 Virus Signature is created 3 We at eScan have developed a technology called eScan Security Network (ESN). This technology can automatically analyze, classify, detect and quarantine 99.99% of new malware that are discovered every day, keeping our clients protected on a real time basis. When it comes to detecting new malware, ESN ensures a prompt response and an advanced level of detection that provides superior protection. eScan Security Network is not only capable of detecting and blocking unknown threats but can also prevent zero-day threats and phishing attempts. This cloud-based eScan Security Network ensures protection against current threats, such as viruses, worms, Trojans and identifies and blocks new threats before they become widespread This interaction includes 4 different phases. Information on the newly Anti-Virus & Content Security executed or downloaded applications is sent by third party subscription services and eScan research team to eScan Security Network Servers.  The files are checked and added to the eScan database if they are found to be malicious either by eScan research team or by third party services subscribed by eScan. Legitimate files are added to the “Whitelisting” database.  Information about newly discovered malicious and legitimate files becomes available to all users of relevant eScan products minutes after the initial detection.  Local database of application whitelisting is built and updated for legitimate applications. eScan with Cloud Security is specially designed security solution that provides real-time protection to computers from objectionable content and security threats, such as Viruses, Spyware, Adware, Key loggers, Rootkits, Botnets, Hackers, Spam, and Phishing. Dependency on internet has no limits and this is proved by the increasing number of Internet users that spend quite a chunk of their time online. This has also led to an array of cyber threats that are persistent, sophisticated and targeted increasing the risk to your confidential information. Hence, in such situation detecting them before they cause harm to your computing activities is very important. eScan is equipped with a combination of advance technologies that are based on malware detection through Signature, heuristics, as well as behavioral analysis. With its advanced Web Protection and Anti-Spam Modules eScan is fully capable of blocking malicious websites and hacking attempts that can steal banking credentials or private data from user computer, facilitating safe banking experience for the user. Virus signature are created and updated to the user every two hours. Anti-Virus & Content Security How it Works ? Signature creation and release Sources From where Samples are Received Research Team eScan eScan Users Samples Received File Sandbox Analysis A) Which Registry Keys are added / modified B) Which Hosts and IP are connected to C) API Calls and other methods used to infect URL Decrypt and Grab the resultant Payload A) Check for CVE / EK which is being exploited B) Encryption / Obfuscation Routines, if any, has been used. C) Other Files which are used as Payloads. * Signatures are Created Updated to all eScan Customers All the resultant payloads are collected and then normal file algorithm is used Resultant Payload – It can be any kind of Malicious Java script which loads Java Applet or a JAR file CVE – It is a dictionary of publicly known information security vulnerabilities and exposures. EK – Exploit Kit - Do it yourself Malware Kits which are available in underground forums and are used to deploy / manage malware botnets. Obfuscation – A type of recursive programming to hide the original source code within itself. Sandbox Analysis - Automated method to analyze applications / exe/ binaries / URLs in a controlled environment At eScan, experienced team of virus analysts and developers work round the clock gathering information, evaluating new threats and rapidly responding to any incidence of virus outbreak in any part of the world. Use of advanced technologies complemented with skilled and experienced team of analysts and developers enables us to analyze harmful computer viruses of today's world and create its signature and release the update instantly to our millions of users all over the world. With years of experience we have devised a strong methodical process of capturing virus incidents and responding to combat Anti-Virus & Content Security such deadly virus outbreaks of today's world as and when it happens, thus securing computers of all eScan users. With our fast and robust system for delivering updates that consists of over ninety thousand update servers located throughout the world user computer are updated within a very short span of time from the actual release. The Process eScan received samples from various sources that includes Samples received from eScan users, virus information gathered by our in house dedicated team of analysts and eScan Security Network (eScan Cloud). The above chart gives you a detailed overview of the process of receiving, analyzing, creating and releasing of Virus signatures at eScan. Whenever a Sample is received from any of the sources it is either in form of a File or a URL, there are different procedures that are followed to analyze the received samples and then create a signature for releasing updates to our users.  Whenever a malicious URL is received or captured Its content is in encrypted format which is then decrypted by our malware analysts, the Resultant Payload is then grabbed out of it.  It is then checked for the CVE or EK which is being exploited.  At Next Level it is checked for any kind of encryption or obfuscation routine that may have been used.  Checked for other files that are used as payloads.  All the resultant Payloads are then collected and Then normal file algorithm (File Analysis) is used for further analysis and creation of Signature. Whenever a malicious File is received as a sample or Extracted from a URL it is then analyzed using Sandboxing and other procedures for creation of Signature. File is checked on the following criteria using Tools and processes.  Actual file execution is done on a computer.  As a result of the execution Modifications made in system files or registry are checked.  The File Connects to which IP is checked. It also Checks if other files are download from that IP checked for the type of connection used for file Download (FTP or HTTP). Anti-Virus & Content Security  Binary Analysis of file is done using in- house tools that includes dynamic or static analysis based on the file. File structure and Code is analyzed. API being called is checked along with the methods used for calling the API. This is the manual procedure which is used whenever a sample escapes the detection. Otherwise, all the URLs and the files are processed using the signatures which were created previously. *Signature *Signature is created on the basis of the entire analysis and Updates are released to the users every two hours.