SOLUTIONS

Anchiva SWG Anti-malware

  •  

    Anchiva SWG Anti-malware Solution Chart

     
     
      
     
    Solutions value:
    •  Three filtering engines provide real-time proactive prevention to virus, Trojan horses, spyware, malware from intruding business internal network.
    •  Prevent spyware passing back.
    •  Prevent phishing
    •  Filter malware downloaded with partition
    •  Prevent zero-day attacks
    •  Quickly identify infected internal hosts to prevent outbreaks
    •  Prevent internal mail and FTP servers from malware infection
     
    Anchiva web SWG Anti-malware Flow Chat
     
      
    Deployed at the internet gateway, Anchiva’s SWG provides real-time inspection of inbound and outbound internet traffic. As internet traffic passes through the SWG, the data passes through multiple layers of security inspection starting with the identification of the application and then matching a policy to the traffic.
     
    The "DCI and Signature Matching Engine" performs deep content inspection (DCI) and malware pattern matching for HTTP, HTTPS, FTP, POP3 and SMTP traffic. After file reassembly, the files are identified based on their file type (PE file, TXT file or Bin files) before sending to the pattern matching engine. Files whose content matches a signature of known malware will be blocked or quarantined according to the policy actions. Traffic not matching a signature are then subjected to heuristic analysis for a further inspection.
     
    The "Heuristic Engine" classifies suspicious files according to the risk levels detected by the heuristic rules, which are grouped into high, medium and low suspicious file levels. At the same time, suspicious files are sent to Anchiva RapidRx Threat Processing Center as feedback for further analysis and classification. If submitted files are found to have malicious content, Anchiva’s RapidRx research center will update the ASDN servers with newly-produced signatures and distribute them to Anchiva SWG deployed at customers networks, providing the SWG with the latest signature database to detect the latest malware threats.
     
    HTTP, HTTPS traffic are subjected to multiple URL filters (malicious sites, google, application sites, URL category). If no URL match is made to any of the malicious or categorized URL databases, the data is then forwarded to the malware detection engine. FTP, SMTP and POP3 traffic are forwarded to the "DCI and Signature Matching Engine". Emails are reconstructed before final analysis is performed on the email and any attachments the message may contain.
     
    Updated malware signatures are distributed through Anchiva’s ASDN network which are deployed at data centers in Asia-Pacific, USA and Europe. Anchiva’s RapidRx research teams process tens of thousands of new malware samples daily to provide multiple daily signature updates that provide the defense to detect and prevent the latest malware threats and updates to the latest malicious website database.

     
Copyright© 2005-2008 Anchiva Systems Ltd. All rights reserved worldwide. Privacy