VB100 Certification 6 times in a row

Malware – The threats of all shapes and sizes

Malware or Viruses have been a danger which stalks computer users for long time ago. A whole system of a firm or even a group of companies can be destroyed because of only one infected computer.

To be survivals, malware have been constantly changed making them difficult to be discovered. This is a challenge to traditional solution which focuses on signatures or significant behaviors. At this moment, a various of malware are silently doing harm to users without any notice. In some cases, malware can be identified but forensic investigation and infection cannot be found.

Whitewhizard EDR Solution

Whitewhizard EDR (whitewhizard Endpoint Detection and Response) is the comprehensive next-gen antivirus which has ability to constantly monitor whole system, early detect potential threats; therefore, it sends warning and solve related issues. Finally, whitewhizard EDR collects relevant information to forensic analysis and infection reason.

Whitewhizard EDR applies Big Data, Machine Learning, Sandbox… and works in model of client/server or known as unified centralized management. There is a server in center and clients which was installed whitewhizard EDR Endpoint.

Whitewhizard EDR Server

Whitewhizard EDR Server is the centralized management giving warnings, policies and orders for whitewhizard EDR Endpoint. Through reports of log traffic and infection process, admin can evaluate and handling the issue.

Whitewhizard EDR Endpoint

Whitewhizard EDR Endpoint in clients auto protects malware including trojan, spyware, adware as soon as they try to enter the computer. whitewhizard EDR Endpoint deals with malicious code spread via USB, website, files, trojan and sends report to whitewhizard EDR Server.

Comparison

Antivirus

Traditional antivirus solution

  • Malwares detection bases primarily on Signature Files
  • Only detection of already malwares
  • Basic computer protection (isolation, file deleting)
  • Incomplete information about malwares
  • Passive operation, only detection appeared malwares

Whitewhizard EDR

Whitewhizard EDR Solution

  • Malwares detection bases on Signatures and intelligent identification technology
  • Ability to detect all malwares including newest ones, APTs, Fileless …
  • All process: Identify, prevent and fix
  • Provide complete information about malwares used for investigation
  • Constantly monitoring all process to early malicious code detection

How it works

EDR works by installing an agent on the end user device (whitewhizard EDR Endpoint), which is used to continually monitor network events. These events are recorded to a central database (whitewhizard EDR Server). EDR tools can then analyze the data to either investigate and identify a past incident or use the data to look for similar threats.

The data and analysis results on the server are confidential according to the configuration of the operating user. Depending on needs, the user can share this malicious analysis data to other centralized sources according to a certain protocol. In the case of data sharing protocols that have specific characteristics, but with specific structural specifications, whitewhizard can fully support the development of integration of such protocols according to customer requirements.

Main components

1. Detection

Synthesis of small modules to serve the monitoring, forecasting and early detection of risks

2. Processing

Based on the analysis results, the program performs appropriate and integrity handling (warning, prevention, isolation, removal). The removal step will be done thoroughly, completely removing the remnants of malicious code from the machine (Delete files, startup components, registry …)

3. Investigation

Summarizing and sequencing related event information, visualizing event flows, helping users easily identify the route of infection as well as the time when malware enters the machine

Outstanding features

1. Advanced persistent threat prevention (APT)

Not only identify and handling signatures virus, whitewhizard EDR also applies AI; Malware Graph to early detect APT

2. Quick response

Combining innovative technology (Machine Learning, Sandboxing…) whitewhizard EDR provides an organization with endpoint visibility through collecting data from endpoint devices, and then uses that data to detect and respond to potential outside threats

3. Forensic Analysis

Summarizing and sequencing related event information to provide objective overview as well as easier specify infected way

4. 24/7 Support Services

Whitewhizard’s support service is available 24/7

5. Report

Periodical report, real-time report and potential risk report

Screen shot