Product Overview

Detection/React Solution

Anti-Webshell" is a webshell detection/response solution systematically and stably developed with accumulated know-how on MSS by understanding the environment of client’s services that provides core capabilities such as Non-Agent platform, various analysis methods, reliable constant pattern creation/analysis and obfuscation techniques.
WebShell is the top incident and has high risk of damage when an incident occurs as it is easy to use and has powerful hacking functions. Moreover, it is difficult to detect its attack technique with conventional security solutions because obfuscation techniques are applied to evade detection. Anti-Webshell is a solution that effectively detects and reacts to webshell attacks. Regular webshell monitoring can prevent incidents and vulnerabilities of webshell detection can be identified and complemented. As Non-Agent platform, we guarantee customer service continuity by multilateral/diverse webshell detection and blockage without compromising with service availability of corresponding servers.

Risk

Webshell is a Script consisted of Web Programming language. It is a powerful hacking tool that can execute remote command after uploading through vulnerabilities of the Web Server and causes secondary damage such as leakage of Web Server data and internal (personal) information.
WebShell Risk
Webpage Defacement :If a Web Shell changes the appearance of a webpage, it can badly damage the image of a company/organization
Backdoor Uploading : Installs a backdoor for APT attacks, etc. to prepare for and execute constant various attacks.
Account Activation/Root Admin Authorization : Powerful attacks such as disabling and destroying an internal system by obtaining the highest admin authorization of the system
Scanning/Attack on weakness of other systems : Expands scope of attack and executes continuous attacks by obtaining data on internal infra
Leakage of DB information/internal(personal) data : causes secondary damage to client by constant internal (personal) data leakage

Key Functions

Anti-Webshell sends new/modified Web Contents to the administrative server when they occur by extracting hash of web contents with new/modified Non-Agent platform W-Script. And detects and reacts to Web Shell through analysis of client’s WebShell patterns and obfuscation.
W-Agent
Supports real-time Webshell analysis
Can monitor the status of agent resources
Supports an automatic quarantine feature when any Webshell file is detected
Supports a Webshell file deletion feature
W-Script
Supports Server Side Script Type (Non-Agent) Minimizes usage of server resources Supports Script by Application (ASP/PHP/JSP) Transfers all Web Contents to administrative server Can select period/location of inspection Can configure search specific extensions * Supporting Environment DB : Postgresql OS : Cent OS
Anti-Webshell Analysis Server
dashboard to display total status of Web Shell detection Built-in obfuscation detection module (Embedded Decoder/Novelty Detection Logic) Supports Web Shell detection pattern management/update Can add user definition patterns Manages new creation/change of Web Contents Highlights Web Shell detection script Provides alert and action command when detected (SMS/E-mail) Can manage detection and false detection Administrator management (Add/Change/Delete) Manages group/department of server subjected to inspection Can develop reports ESM synchronization and management * Support Environment Irrelevant to ASP / PHP / JSP OS Type

Features & Strengths

W-Shield Anti-Webshell is the optimal solution for Web Shell detection by integrating nation best monitoring know-how and technology of forensic specialist group Top Cert.
Lightweight Agent
Easy installation and maintenance
Minimizes resource of system subjected to MSS
Secures availability of system subjected to MSS
Minimizes impact of error (associated page)
Unifies detection and analysis (Manager)
Various Analytical Methodologies
Checks data integrity and detects stable changes by utilizing 4 types of data besides hashing
Comparative Analysis of Web Shell Patterns
Anomaly Inspection Analysis
Specialized Top Cert Analysis and Forensics (option) through 24-hour MSS
Pattern Creation and Analysis Capability
Nation largest MSS
450 security monitor experts
Possesses about 400 patterns → the most pattern sources
Updates new/undetected patterns through incident response
Obfuscation and Techniques
Has the most obfuscation techniques (Base64 / VbEncode / Gzip / Zend)
Has Obfuscation analysis capability utilizing the biggest Cert workforce
Obfuscation and Anomaly Analysis Skills
Capability to analyze cause and respond to incidents
Applied for and obtained domestic/global patent on Script Base
‘Obtained patent on Script Based, Web Shell detection and solution techniques’ !
A method to detect webshell after Hash data of a file is collected through script and integrity is checked at the designated server, technique which prevents lack of system resource or performance degradation issues found in traditional agent inspection methods

SK Shieldus 4th&5th fl. 23, 227-gil, Pangyo-ro, Bundang-gu, Seongnam-si, Gyeonggido 13486
Business registration number : 120-86-07747 TEL : +82-2-6361-9114 FAX : +82-2-6361-9998

COPYRIGHT © 2019 SK Shieldus. All Rights Reserved