The Ultimate Threat Defense

Integrated endpoint and network

protection against advanced threats

and zero-day attacks

AhnLab MDS (Malware Defense System) is a complete security solution that combines on-

premise and cloud-based analytics to stop advanced targeted threats anywhere across the

organization. AhnLab MDS delivers truly comprehensive threat protection, applying rapid

malware recognition and remediation with real-time blocking of malicious network traffic

and dynamic disruption of active security breaches.

AhnLab MDS is a truly unified and comprehensive approach to defeat advanced targeted

threats across networks and endpoints.

• Combination of on-premise malware behavior and signature engines and AhnLab’s cloud-

based threat intelligence

• Automatic and manual malware removal and precise checks on abnormal network activity

• Combats email-based threats that use spear phishing tactics and evade anti-spam filters

Highlights

AhnLab MDS delivers advanced

protection against known and unknown

malware, and zero-day exploits through

the complete defense process of “Detect-

Analyze-Respond-Prevent.”

Prevent Detect

AnalyzeRespond

Pre-Inspection

Penetration

ThreatsInfection

C&C

Connection

S econdary

Infection

Data AdvancedLeakage

Concealment

Internal

Proliferation

DETECT ANALYZE RESPOND PREVENT

02

What Makes

AhnLab MDS

Different

AhnLab MDS analyzes unknown and sophisticated malware-based threats through its

hybrid analysis technology, combining static and dynamic malware analysis technology.

It accurately detects and identifies threats in the pre-exploitation stage with its behavior

analysis and Dynamic Intelligent Content Analysis technology according to the types of

threats.

Regardless of any environment or execution conditions, AhnLab MDS detects malware

with its automated analysis technology at the assembly-level, and thereby it can effectively

respond to advanced sophisticated threats.

Ultimate Malware Defense System

Powerful

Prevention against

Email-based

Threats

By simply applying the MTA (Mail Transfer Agent) license, you can implement a complete

protection system against advanced email-based attacks. AhnLab MDS detects malware

in email attachments through VM-based dynamic analysis and automatically quarantines

malicious emails in real-time. Also, it conducts multi-dimensional analysis for suspicious

URLs and scripts contained in emails.

In addition, AhnLab MDS complements existing anti-spam solutions, thereby contributing to

building a more powerful multi-layered protection against sophisticated email-based threats.

※ Note: MTA mode is available on MDS 6000 and MDS 10000 appliances by applying the MTAlicense.

Before Malware

Execution

Malware

Execution

Malicious/

SuspiciousActivity

Pre-exploitation phase

Dynamic Intelligent ContentAnalysis

Exploitation phase Post-exploitation phase

Dynamic Behavior Analysis

Malicious

Registry Network

File Process API

Suspicious

Exploit

Virtual Machine

Normal

Mem

ory

An

alysis

Asse

mb

ly Co

de

An

alysis

She

llcod

eA

nalysis

Mem

ory

Visu

alization

Emailbody

Attached file

EmailServerQuarantines

maliciousemailsMulti-dimensionalAnalysis forURLs

containedin email body

Anti-spamSolution

Email Parser

Normal email

DynamicContent Analysis

Dynamic BehaviorAnalysis

03

Holistic Response

on Both Networks

and Endpoints

AhnLab MDS blocks and analyzes elusive malware or variants that infiltrate the endpoint via

encrypted traffic such as SSL, a USB drive or through the trustworthy internal network. It

also has a powerful but light-weight agent. With this agent, AhnLab MDS automatically or

manually removes malware from the endpoint system, and provides its “Execution Holding”

function that prevents potential damages and proliferation of malware by holding off the

execution of suspicious files.

AhnLab MDS

Blocks C&C communication

Blocks sources of malware distribution

Interoperates with a 3rd party network forensicssolution

TCPreset

TCPreset

User C&C Server Mal-site

Internet

Unknown

Threat

Analysis

Dynamic Behavior

Analysis

Dynamic Intelligent

Content Analysis

AhnLab MDS

· Threat infiltrates · Sends command

· Secondary infection

· Data leakage

· Waits for command

· C&C Connection

· Data leakage

01010101

01010101

Takes measures against files trespassing through

encrypted sessions

SSH/SFTP

User

Encrypted State

Decrypted State

Web BrowserSSH, SFTP

clientHacker’sown

client

SSL/TLS Hacker’sown encryption

Execution Holding

1

5

4

6

2

Remediation (Removal)

1

3

4

5

2

File Uploadfor Analysis

1

3

4 5

7

2

AhnLab MDS

Encrypted traffic

AhnLabMDS agent

6

AhnLab MDS agent

Web EmailFile

sharingtransferFile

ring C&C Server

Protect &

Respond

Detect

&

Analyze

Ne

two

rkLaye

rE

nd

po

int

Layer

AhnLab MDS

AhnLab MDS

AhnLabMDS agent

AhnLabMDS agent

Extracts suspicious files

Endpoint forensics

3 EH EH

Specifications

WorldStar International JSCSecure Your Business

Hanoi: 6th Floor, Viglacera Tower, No. 1 Thang Long, Nam Tu Liem Dist., Hanoi, Vietnam

HCM Rep. Office: Room A1, 1st Fl., Y Ban Bldg., 69-71 Thach Thi Thanh, Tan Dinh Ward, Dist. 1, HCMC

T: (+84) 24 7306 8338 | Toll-free: (+84) 1800 6021

AhnLab MDS 2000 AhnLab MDS 6000 AhnLab MDS 10000

Analysis Performance 20,000 files per day 35,000 files per day 200,000 files per day

User Count 500 1,000 5,000

Memory 16 GB 32 GB 512 GB

HDD 1 TB 1 TB 8 TB

SSD 256 GB 512 GB 2.4 TB

Interface (Default)

1G Copper * 5 ea.

1G Copper/Fiber(Combo)

* 4 ea.

1G Copper * 2 ea.

1G Fiber * 8 ea. (or Copper)

1G Copper * 2 ea.

1G/10G Copper * 4 ea.

1G/10G Fiber * 6 ea.

Interface (Optional) - 10 G Fiber * 2 ea. -

Power Supply300W Redundant

Power(dual)

500W Redundant

Power(dual)

750W Redundant

Power(dual)

Enclosure 2U, 19 inch 2U, 19 inch 2U, 19 inch

Chassis Dimensions

(WxDxH, mm)482 x 450 x 88 450 x 580 x 88 444 x 740 x 88

AhnLab MDS

Client PC Server

OS Support Windows XP / Vista / 7 / 8(8.1) / 10 Windows Server 2003 / 2008 / 2012

AhnLab MDS AgentSystem

Requirements

MDS Manager 2000 MDS Manager 5000R MDS Manager 10000R

Combined Type

(*DV+**HC)

Logging: 5,000 MPS

Agent Count: 500

Logging: 12,500 MPS

Agent Count: 1,500

Logging: 25,000 MPS

Agent Count: 3,000

Dedicated Type A

(*DV-dedicated)Logging: 10,000 MPS Logging: 25,000 MPS Logging: 50,000 MPS

Dedicated Type B

(**HC-dedicated)Agent Count: 2,000 Agent Count: 5,000 Agent Count: 10,000

Memory 4 GB 8 GB 16 GB

HDD 500 GB 2 TB (500 GB * 4 ea.) 4 TB (1 TB * 4 ea.)

RAID Not supported RAID 5 RAID 5

Interface 1 G Copper * 2 ea. 1 G Copper * 2 ea. 1 G Copper * 2 ea.

Power Supply 260W Single Power 600W Single Power1200W Redundant

Power(dual)

Enclosure 1U, 19 inch 1U, 19 inch 2U, 19 inch

Chassis Dimensions

(WxDxH,mm)426 x 574 x 43 437 x 503 x 43 437 x 648 x 89

※ Note: Performance values vary depending on the system configuration and network environment

AhnLab MDS Manager

* Data Viewer: Integrated monitoring and log management

** Host Controller: Agent system repair and management