Cloud Protection Vs Traditional Security
www.escanav.com
Anti-Virus & Content Security
Cloud Protection
Anti-Virus & Content Security
Anti-Virus & Content Security
Anti-Virus & Content Security
2
2
Anti-Virus & Content Security
2
2
Anti-Virus & Content Security
Anti-Virus & Content Security
eScan Research Team
Signature Release every 2 hour Signature Release every 2 hour
Signature
Creation
Signature
Creation
33
4
Good Files
Bad Files
ESN
Infected File Info shared on real-time1
Third party Subscribed Services
Live Internet
Connection Required
21 1
4
2
3
We at eScan have developed a technology called eScan Security Network
(ESN). This technology can automatically analyze, classify, detect and
quarantine 99.99% of new malware that are discovered every day, keeping our
clients protected on a real time basis. When it comes to detecting new
malware, ESN ensures a prompt response and an advanced level of detection
that provides superior protection. eScan Security Network is not only capable
of detecting and blocking unknown threats but can also prevent zero-day
threats and phishing attempts.
This cloud-based eScan Security Network ensures protection against current
threats, such as viruses, worms, Trojans and identifies and blocks new threats
before they become widespread
This interaction includes 4 different phases. Information on the newly
Anti-Virus & Content Security
Live Internet
Connection Required
Infected file Info shared on real-time by third
party services and eScan research team with ESN1Information is updated to all the users world wide
through ESN on real time 2
Virus Signature is created 3 Signature is released by eScan every 2 hours4
executed or downloaded applications is sent by third party subscription
services and eScan research team to eScan Security Network Servers.
Anti-Virus & Content Security
The files are checked and added to the eScan database if they are
found to be malicious either by eScan research team or by third party
services subscribed by eScan. Legitimate files are added to the
Whitelisting database.
Information about newly discovered malicious and legitimate files
becomes available to all users of relevant eScan products minutes after
the initial detection.
Local database of application whitelisting is built and updated for
legitimate applications.
eScan with Cloud Security is specially designed security solution that provides
real-time protection to computers from objectionable content and security
threats, such as Viruses, Spyware, Adware, Key loggers, Rootkits, Botnets,
Hackers, Spam, and Phishing.
Dependency on internet has no limits and this is proved by the increasing
number of Internet users that spend quite a chunk of their time online. This
has also led to an array of cyber threats that are persistent, sophisticated and
targeted increasing the risk to your confidential information.
Hence, in such situation detecting them before they cause harm to your
computing activities is very important. eScan is equipped with a combination
of advance technologies that are based on malware detection through
Signature, heuristics, as well as behavioral analysis. With its advanced Web
Protection and Anti-Spam Modules eScan is fully capable of blocking
malicious websites and hacking attempts that can steal banking credentials or
private data from user computer, facilitating safe banking experience for the
user. Virus signature are created and updated to the user every two hours.
How it Works ? Signature creation and release
At eScan, experienced team of virus analysts and developers work round the
clock gathering information, evaluating new threats and rapidly responding to
any incidence of virus outbreak in any part of the world. Use of advanced
technologies complemented with skilled and experienced team of analysts
and developers enables us to analyze harmful computer viruses of today's
world and create its signature and release the update instantly to our millions
of users all over the world. With years of experience we have devised a strong
methodical process of capturing virus incidents and responding to combat
Anti-Virus & Content Security
Resultant Payload It can be any kind of Malicious Java script which loads Java
Applet or a JAR file
CVE It is a dictionary of publicly known information security vulnerabilities and
exposures.
EK Exploit Kit - Do it yourself Malware Kits which are available in underground
forums and are used to deploy / manage malware botnets.
Samples Received
A) Check for CVE / EK which is being exploited
B) Encryption / Obfuscation Routines, if any, has been used.
C) Other Files which are used as Payloads.
Decrypt and Grab the resultant Payload
All the resultant payloads are collected and then normal file algorithm is used
Obfuscation A type of recursive programming to hide the original source code
within itself.
Sandbox Analysis - Automated method to analyze applications / exe/ binaries /
URLs in a controlled environment
Sources From where Samples are Received
* Signatures are Created
URL
eScan Users Research Team eScan
Updated to all eScan Customers
File
Sandbox Analysis
A) Which Registry Keys are added / modified
B) Which Hosts and IP are connected to
C) API Calls and other methods used to infect
The Process
eScan received samples from various sources that includes Samples received
from eScan users, virus information gathered by our in house dedicated team
of analysts and eScan Security Network (eScan Cloud). The above chart gives
you a detailed overview of the process of receiving, analyzing, creating and
releasing of Virus signatures at eScan. Whenever a Sample is received from
any of the sources it is either in form of a File or a URL, there are different
procedures that are followed to analyze the received samples and then create
a signature for releasing updates to our users.
Anti-Virus & Content Security
Whenever a malicious URL is received or captured Its content is in
encrypted format which is then decrypted by our malware analysts, the
Resultant Payload is then grabbed out of it.
It is then checked for the CVE or EK which is being exploited.
At Next Level it is checked for any kind of encryption or obfuscation
routine that may have been used.
Checked for other files that are used as payloads.
All the resultant Payloads are then collected and Then normal file
algorithm (File Analysis) is used for further analysis and creation of
Signature.
Whenever a malicious File is received as a sample or Extracted from a URL it is
then analyzed using Sandboxing and other procedures for creation of
Signature. File is checked on the following criteria using Tools and processes.
Actual file execution is done on a computer.
As a result of the execution Modifications made in system files or
registry are checked.
The File Connects to which IP is checked. It also Checks if other files are
download from that IP checked for the type of connection used for file
Download (FTP or HTTP).
such deadly virus outbreaks of today's world as and when it happens, thus
securing computers of all eScan users. With our fast and robust system for
delivering updates that consists of over ninety thousand update servers
located throughout the world user computer are updated within a very short
span of time from the actual release.
*Signature
This is the manual procedure which is used whenever a sample escapes the
detection. Otherwise, all the URLs and the files are processed using the
signatures which were created previously.
Anti-Virus & Content Security
*Signature is created on the basis of the entire analysis and Updates are
released to the users every two hours.
Binary Analysis of file is done using in- house tools that includes dynamic
or static analysis based on the file. File structure and Code is analyzed. API
being called is checked along with the methods used for calling the API.
Top Related