Coordinated Protection from Malware and Advance Persistent Threats
No single anti-virus solution can offer complete protection against Information Security threats including Malware and Advance Persistent Threats (APT), but attempting to deploy multiple Anti-Virus (AV) solutions typically increases your administrative burden and often results in clashes between competing tools.
PT Multiscanner is the first enterprise solution to address this challenge by combining and coordinating the AV definitions from multiple vendors in a single scan, offering increased overall protection without the need to conduct additional tests or consolidate separate results.
Optimize Malware and APT detection effortlessly
PT Multiscanner is a multi-engine, stream-based antivirus platform that provides high-performance analysis of data stored or transmitted via corporate networks including file storage, web portals, email, and network traffic.
Benefit from simultaneous protection from market-leaders such as SymantecTM, McAfeeTM, Trend MicroTM, Kaspersky Lab, ESET and Bitdefender® without the need to buy licenses separately from each vendor.
Consolidated scan results are presented in a single, user-friendly interface, giving you full visibility of threats in your network. And the sooner you find these hazards, the faster you can fix them.
Comprehensive Coverage without Compromising Privacy
PT Multiscanner is a locally-hosted solution that works from within the enterprise’s security perimeter; ensuring confidential data is never exposed to third parties. Use it to tackle a range of security challenges:
- Monitor network traffic in real time
- Protect email traffic and limit social engineering attacks
- Analyze file storage to detect infected files and block the spread of viruses and malware
- Safeguard web portals to prevent data leakage, maintain uptime and protect end-users from malware
- Perform standalone malware checks on individual files uploaded to a locally-hosted portal
- Simplify incident investigation with retrospective analysis that tracks suspect files through your infrastructure
An optional independent verification feature allows organizations to double-check scan results with VirusTotal. All private data is anonymized and hashed before upload to the cloud.
PT Multiscanner’s flexible APIs make it easy to integrate with existing systems including mail or file servers, proxy servers, IPS/IDS, monitoring and network forensic tools.
PT APPLICATION FIREWALL™
Almost every modern enterprise uses hundreds of Web, mobile or ERP applications to help run their operations. But as your number of applications grows, so does the number of security vulnerabilities within them that could be exploited to damage your business. The Verizon 2014 Data Breach Investigation Report (DBIR) shows that last year 35% of security breaches involved attacks against web applications, up by 14% since 2012. Moreover, Web app attacks were the most common cause of data breaches, followed by cyber-espionage, POS intrusion and insider misuse.
Why do these attackers succeed? The fact is that most application security threats are created by developers’ mistakes that cannot be addressed with traditional security scanners, IDS or firewalls:
- Attackers often exploit zero-day vulnerabilities, making signature analysis obsolete and confirming the need for adaptive solutions, self-learning and behavioral analysis techniques.
- Modern corporate applications use different languages, protocols and technologies, as well as customized solutions and third party code. Protection of such applications requires thorough analysis of the application structure, user interaction patterns and usage context.
- Modern firewalls deal with thousands of suspicious incidents. There is no time for security specialists to check them all manually to identify the real threats. There is an urgent need for automatic sorting, ranking and smart visualization of security events.
- Even well-known vulnerabilities cannot be fixed immediately; patching of ERP or e-banking systems can take months. An application security system should have a mechanism to mitigate breaches while developers are fixing the code.
- Secure SDL may dramatically reduce the cost of errors as long as they are fixed at the early stages of coding, but it’s hard to find effective automated solutions for code analysis.
WHY PT APPLICATION FIREWALL
PT Application Firewall, a smart protection system developed by Positive Technologies, is a serious response to the security challenges created by today’s range of web portals, ERP and mobile applications. PT AF can block 30% more network attacks than other firewalls thanks to several innovative security technologies.
- Fast adaptation to your systems: Instead of applying the classical signature method, PT AF analyzes network traffic, logs and users’ actions, constantly creating and maintaining a real-time statistical model of the application during normal operation. It then uses this model to detect abnormal system behavior. Together with other protection mechanisms, it ensures 80% of zero-day attacks are blocked without any special adjustment needed within the client.
- Focus on major threats: PT AF weeds out irrelevant attack attempts, groups similar incidents and detects attack chains — from spying to data theft or backdoor setup. Instead of thousands of potential attacks, information security specialists receive a few tens of truly important messages.
- Instant blocking: PT AF’s virtual patching techniques allow you to protect an application, even before insecure code is fixed. Together with PT Application Inspector’s exploit generation mechanism, virtual patching provides continuous and automated detection, verification and blocking of vulnerabilities.
- Protection against security bypass: PT AF handles data with regard to a protected server technology stack, analyzes XML, JSON and other protocols typically used in modern portals and mobile applications. It ensures protection from the majority of firewall bypass methods including HPC, HPP and Verb Tampering.
- Behavioral analysis against robots: The mechanisms used against automated malware include protection from brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
- SSDL support: PT Application Inspector (PT AI) and PT AF provide developers with information about incorrect code in convenient formats including exploits, thus reducing the costs associated with secure development and testing.
With more than 10 years of security research and a huge knowledge base of vulnerabilities, the experts at Positive Technologies have amassed extensive experience in protecting enterprises of all sizes across a wide range of industries. Each industry has its own unique features and requirements are crucial to practical security. Every deployment of PT Application Firewall includes configuration to meet the specific needs of each client.
Pre-configured versions of PT AF have been developed to protect:
- Banks and Financial Institutions where many critical applications used both by clients and partners have to meet the requirements of PCI DSS and other regulatory authorities, while third-party applications and 24/7/365 operations leave little scope for vulnerability fixes.
- Media portals with frequently refreshing content including online streaming, XML gateways and other integrations with a wide range of systems that are popular targets for “hacktivists”, rivals and criminals.
- Telecoms where convergence of many different technologies may lead to an “avalanche” of failures caused by a single hack, while the integration of simple mass services with payment systems raises the danger of fraud.
- ERP systems that are often maintained and supported remotely by third-party companies, leading to security mechanisms being weakened for ease of access. Developers of business-application code typically care more about functionality than security.