The Ultimate Threat Defense
Integrated endpoint and network
protection against advanced threats
and zero-day attacks
AhnLab MDS (Malware Defense System) is a complete security solution that combines on-
premise and cloud-based analytics to stop advanced targeted threats anywhere across the
organization. AhnLab MDS delivers truly comprehensive threat protection, applying rapid
malware recognition and remediation with real-time blocking of malicious network traffic
and dynamic disruption of active security breaches.
AhnLab MDS is a truly unified and comprehensive approach to defeat advanced targeted
threats across networks and endpoints.
• Combination of on-premise malware behavior and signature engines and AhnLab’s cloud-
based threat intelligence
• Automatic and manual malware removal and precise checks on abnormal network activity
• Combats email-based threats that use spear phishing tactics and evade anti-spam filters
Highlights
AhnLab MDS delivers advanced
protection against known and unknown
malware, and zero-day exploits through
the complete defense process of “Detect-
Analyze-Respond-Prevent.”
Prevent Detect
AnalyzeRespond
Pre-Inspection
Penetration
ThreatsInfection
C&C
Connection
S econdary
Infection
Data AdvancedLeakage
Concealment
Internal
Proliferation
DETECT ANALYZE RESPOND PREVENT
02
What Makes
AhnLab MDS
Different
AhnLab MDS analyzes unknown and sophisticated malware-based threats through its
hybrid analysis technology, combining static and dynamic malware analysis technology.
It accurately detects and identifies threats in the pre-exploitation stage with its behavior
analysis and Dynamic Intelligent Content Analysis technology according to the types of
threats.
Regardless of any environment or execution conditions, AhnLab MDS detects malware
with its automated analysis technology at the assembly-level, and thereby it can effectively
respond to advanced sophisticated threats.
Ultimate Malware Defense System
Powerful
Prevention against
Email-based
Threats
By simply applying the MTA (Mail Transfer Agent) license, you can implement a complete
protection system against advanced email-based attacks. AhnLab MDS detects malware
in email attachments through VM-based dynamic analysis and automatically quarantines
malicious emails in real-time. Also, it conducts multi-dimensional analysis for suspicious
URLs and scripts contained in emails.
In addition, AhnLab MDS complements existing anti-spam solutions, thereby contributing to
building a more powerful multi-layered protection against sophisticated email-based threats.
※ Note: MTA mode is available on MDS 6000 and MDS 10000 appliances by applying the MTAlicense.
Before Malware
Execution
Malware
Execution
Malicious/
SuspiciousActivity
Pre-exploitation phase
Dynamic Intelligent ContentAnalysis
Exploitation phase Post-exploitation phase
Dynamic Behavior Analysis
Malicious
Registry Network
File Process API
Suspicious
Exploit
Virtual Machine
Normal
Mem
ory
An
alysis
Asse
mb
ly Co
de
An
alysis
She
llcod
eA
nalysis
Mem
ory
Visu
alization
Emailbody
Attached file
EmailServerQuarantines
maliciousemailsMulti-dimensionalAnalysis forURLs
containedin email body
Anti-spamSolution
Email Parser
Normal email
DynamicContent Analysis
Dynamic BehaviorAnalysis
03
Holistic Response
on Both Networks
and Endpoints
AhnLab MDS blocks and analyzes elusive malware or variants that infiltrate the endpoint via
encrypted traffic such as SSL, a USB drive or through the trustworthy internal network. It
also has a powerful but light-weight agent. With this agent, AhnLab MDS automatically or
manually removes malware from the endpoint system, and provides its “Execution Holding”
function that prevents potential damages and proliferation of malware by holding off the
execution of suspicious files.
AhnLab MDS
Blocks C&C communication
Blocks sources of malware distribution
Interoperates with a 3rd party network forensicssolution
TCPreset
TCPreset
User C&C Server Mal-site
Internet
Unknown
Threat
Analysis
Dynamic Behavior
Analysis
Dynamic Intelligent
Content Analysis
AhnLab MDS
· Threat infiltrates · Sends command
· Secondary infection
· Data leakage
· Waits for command
· C&C Connection
· Data leakage
01010101
01010101
Takes measures against files trespassing through
encrypted sessions
SSH/SFTP
User
Encrypted State
Decrypted State
Web BrowserSSH, SFTP
clientHacker’sown
client
SSL/TLS Hacker’sown encryption
Execution Holding
1
5
4
6
2
Remediation (Removal)
1
3
4
5
2
File Uploadfor Analysis
1
3
4 5
7
2
AhnLab MDS
Encrypted traffic
AhnLabMDS agent
6
AhnLab MDS agent
Web EmailFile
sharingtransferFile
ring C&C Server
Protect &
Respond
Detect
&
Analyze
Ne
two
rkLaye
rE
nd
po
int
Layer
AhnLab MDS
AhnLab MDS
AhnLabMDS agent
AhnLabMDS agent
Extracts suspicious files
Endpoint forensics
3 EH EH
Specifications
WorldStar International JSCSecure Your Business
Hanoi: 6th Floor, Viglacera Tower, No. 1 Thang Long, Nam Tu Liem Dist., Hanoi, Vietnam
HCM Rep. Office: Room A1, 1st Fl., Y Ban Bldg., 69-71 Thach Thi Thanh, Tan Dinh Ward, Dist. 1, HCMC
T: (+84) 24 7306 8338 | Toll-free: (+84) 1800 6021
AhnLab MDS 2000 AhnLab MDS 6000 AhnLab MDS 10000
Analysis Performance 20,000 files per day 35,000 files per day 200,000 files per day
User Count 500 1,000 5,000
Memory 16 GB 32 GB 512 GB
HDD 1 TB 1 TB 8 TB
SSD 256 GB 512 GB 2.4 TB
Interface (Default)
1G Copper * 5 ea.
1G Copper/Fiber(Combo)
* 4 ea.
1G Copper * 2 ea.
1G Fiber * 8 ea. (or Copper)
1G Copper * 2 ea.
1G/10G Copper * 4 ea.
1G/10G Fiber * 6 ea.
Interface (Optional) - 10 G Fiber * 2 ea. -
Power Supply300W Redundant
Power(dual)
500W Redundant
Power(dual)
750W Redundant
Power(dual)
Enclosure 2U, 19 inch 2U, 19 inch 2U, 19 inch
Chassis Dimensions
(WxDxH, mm)482 x 450 x 88 450 x 580 x 88 444 x 740 x 88
AhnLab MDS
Client PC Server
OS Support Windows XP / Vista / 7 / 8(8.1) / 10 Windows Server 2003 / 2008 / 2012
AhnLab MDS AgentSystem
Requirements
MDS Manager 2000 MDS Manager 5000R MDS Manager 10000R
Combined Type
(*DV+**HC)
Logging: 5,000 MPS
Agent Count: 500
Logging: 12,500 MPS
Agent Count: 1,500
Logging: 25,000 MPS
Agent Count: 3,000
Dedicated Type A
(*DV-dedicated)Logging: 10,000 MPS Logging: 25,000 MPS Logging: 50,000 MPS
Dedicated Type B
(**HC-dedicated)Agent Count: 2,000 Agent Count: 5,000 Agent Count: 10,000
Memory 4 GB 8 GB 16 GB
HDD 500 GB 2 TB (500 GB * 4 ea.) 4 TB (1 TB * 4 ea.)
RAID Not supported RAID 5 RAID 5
Interface 1 G Copper * 2 ea. 1 G Copper * 2 ea. 1 G Copper * 2 ea.
Power Supply 260W Single Power 600W Single Power1200W Redundant
Power(dual)
Enclosure 1U, 19 inch 1U, 19 inch 2U, 19 inch
Chassis Dimensions
(WxDxH,mm)426 x 574 x 43 437 x 503 x 43 437 x 648 x 89
※ Note: Performance values vary depending on the system configuration and network environment
AhnLab MDS Manager
* Data Viewer: Integrated monitoring and log management
** Host Controller: Agent system repair and management