✅ Threat Response through Network and Endpoint Integration -Integrated response by linking network sandbox analysis with dedicated agent-based endpoint defense -Infected hosts can be isolated from the network via a dedicated agent -Prevents internal propagation of threats -Execution Holding (EH) feature blocks execution of suspicious files -Blocks ransomware execution -Machine learning-based “Suspicious File Extraction” enables response to potential threats -Automatically collects and analyzes suspicious files on endpoints for proactive response

✅ Threat Visibility -Provides threat trends and attack flow maps through an intuitive dashboard -Threat trends: Offers information on threat types, entry points, spread level, detection, and analysis status -Attack flow maps: Presents detailed data on threat types, behaviors, attack stages, and corresponding response and mitigation strategies -Custer architecture enables handling of large-scale DDoS traffic

✅ Multi Engine-based Analysis -Threats are analyzed through a multi-engine approach including signature-based, reputation-based, and signature-less detection -Enables accurate and efficient detection and analysis of ransomware and new or variant threats -Incorporates unique memory analysis-based exploit detection technology Capable of detecting malware regardless of the type of malicious behavior or whether such behavior has occurred

✅ 4. Integrated Monitoring and Log Management -Dashboard provides real-time security status and key event information -Real-time monitoring of malware inflow and abnormal traffic occurrences -Detailed logs on event types, IP addresses, and activity (files/processes/registry/network) -Various analysis report templates provided -Agent function and patch updates managed via the controller -Notifications for individual or all hosts -Scalable server farm structure to flexibly handle changes in the number of agents -Automatic agent deployment to hosts without MDS Agent installed -Automated and manual database backup -Syslog forwarding for integration with third-party security management systems (SIEM, ESM) -Internal user information provided through Active Directory (AD) integration

✅ 1. Threat and Anomalous Traffic Detection/Analysis -Collection and analysis of major internet service protocols — HTTP, SMTP, SMB/CIFS, FTP, etc. -Bidirectional traffic monitoring for file inflow and outflow -Analysis of new malware using virtual machine (VM)-based analysis -Equipped with a dedicated engine for non-executable (non-PE) malware — including MS Office and Hangul documents -Packet capture based on PCAP during VM analysis and C&C detection; PCAP files available for download -Detection and blocking of access to malicious sites and command & control (C&C) communication from infected PCs

✅ 2. Email-Based Threat Detection and Quarantine (MTA) -Detection and automatic quarantine of emails containing malicious or suspicious attachments and URLs -Dynamic analysis of email attachments -Multi-dimensional analysis of URLs and scripts within the email body -Quarantine can be lifted via administrator commands -License-based application method -Quarantine can be lifted via administrator commands -License-based application method

✅ 3. Threat Response and Remediation -Automatic/manual malware remediation and network isolation for hosts suspected of malware infection -"Execution Holding" function for executable (PE) files under malware analysis -Extraction of suspicious files from hosts suspected of malware infection -Restoration of deleted files when needed