Products & Services

EDR (ZombieZERO EDR)

Home

Products & Services

EDR (ZombieZERO EDR)

EDR (ZombieZERO EDR)

APT Response Solution for Detecting/Blocking Malware Entering through
User Segments like PCs and Servers
  • img

    Innovative Product Certification

The ZombieZERO EDR product is an agent-based security solution designed to detect, analyze,
and block ransomware and new variant malware attacks occurring in user segments (endpoints)
such as PCs and servers.

Installed in client/server segments to detect, analyze, and block attacks infiltrating via network, email,
and network interconnection bypasses (USB/WIFI/Build/Share Folder/Encrypted Compression).

※ Provides various options such as Anti-Virus, Execution Pending, Instant Backup, Only Ransomware, etc.
※ Integrates and extends with existing APT response solutions for comprehensive security coverage.

Product Brochure

img
img
Key Features
  • img

    Virtual Machine-Based Malware Detection and Analysis

  • img

    System Stability and Integration

  • img

    The "Execution Pending" Feature

  • img

    Data Backup

  • img

    Whitelist (Whitelist Policy)

  • Detection and blocking of malware using a virtual analysis machine rather than relying on signatures, enabling effective defense against network-evading malware and zero-day attacks.
  • Behavior-based engine on endpoints for blocking illegal activities.
  • Installed at the kernel driver level, preventing conflicts with other programs and ensuring system stability while minimizing PC resource usage.
  • Supports integration with other security products (e.g., antivirus), allowing the creation of a dual-defense system.
  • Addresses malware attacks targeting vulnerabilities in major programs such as MS Office, Adobe Reader, web browsers (IE, Firefox, Chrome), media players, messengers, and more.
  • Files transmitted through encrypted communication and SSL are subject to analysis requests through the "Execution Pending" feature.
  • Analysis of files downloaded without any user action or intent, ensuring that only safe files are executed.
  • Users can check the analysis/blocking status of files that have been put on hold using the "Execution Pending" feature.
  • It provides real-time and scheduled data backup, including version management.
  • Supports data backup to local drives, NAS, or cloud storage.
  • Suitable for cloud-based work environments, allowing access to backed-up data from various devices at any time.
  • Offers a Graylist function to continuously manage even benignly analyzed data.
  • Allows for "Execution Pending" functionality for executable (PE) files under analysis.
  • Enforces file execution control based on whitelist policies.
  • Enables optimized policy creation for users based on group management.
Special Features
  • img
    Various User Notification Functions

    Provides user-specific messages for malware detection, blocking, isolation, and restoration.

    Allows users to configure backup and exception settings with administrator approval.

  • img
    Enhanced Detection with Virtual Machine

    Real-time monitoring and detection of malware.

    Blocking of suspicious files.

    Detection of suspicious scripts, vulnerabilities (exploits), privilege escalation attacks, and code injections.

  • img
    Integrated Threat Intelligence Service

    Utilizes AI analysis and multidimensional analysis results to identify, classify, and provide detailed threat intelligence information on malware.

  • img
    Unified Management of Endpoint Security Solutions

    Efficiently manage various endpoint security solutions with a single unified manager.

    Enables stable and efficient information collection and analysis for threats originating from endpoints.

Architecture
Able to detect and block malicious code and APT attacks in user segments such as PCs and servers.
Additional antivirus functionality.
Supports expansion and operation with various security solutions.
img

※ ZombieZERO EDR can be deployed and operated in two ways: on-premises and in the cloud.

Adoption Benefits
  • 01

    Unknown Malware Response

    Detecting Emerging Threats Without Relying on Known Virus Patterns

    Detecting unknown malicious threats (emerging malware) based on behavior to respond and take action (isolation and deletion, etc.) in real-time.

    Enhancing protection against Zero-day attacks and new threats.

    Detecting and blocking data breaches in advance to prevent the loss and leakage of sensitive data.

  • 02

    Enhanced Visibility

    Providing Visibility and Automated Response to Detected Threats, Reducing Incident Response Time, and Enabling Rapid Response to Security Incidents

    Detailed monitoring of the progress of cyberattacks occurring internally.

    Strengthening internal security in vulnerable areas through the identification of malicious entry paths and integration checks.

  • 03

    Evidence-Based Response to Threats Using Threat Intelligence

    Real-time updates and alerts regarding threats allow for better security responses and information sharing among various organizations.

    Official integration with the Ministry of Education's Cyber Security Center (ECSC).

    Official integration with Yara Rule.

    Real-time updates of patterns at both domestic and global levels.

  • 04

    Security Management and Forensic Analysis Support

    The system generates and stores records of security events and attack activities, providing support for forensic analysis and incident investigation.

    Provides information on the security status of managed targets, the current state of malicious file analysis, significant events, and overall status.

    Supports the identification of intrusion processes based on Indicators of Compromise (IOC).

    Integrates with the MITRE ATT&CK framework to categorize attack tactics, techniques, and procedures.

Product Lineup
Model EDR Manger Series
300M 500M 1000M 2000M 5000M 10000M
Chassis Type 1U 2U 2U 2U 2U 2U
CPU Bronze 3204
1.9GHz (6Core)*2 		Silver 4310
2.1GHz (12Core) 		Silver 4310
2.1GHz (12Core)*2 		Gold 6326
2.9GHz (16Core)*2 		Gold 6330
2.0GHz (28Core)*2 		Gold 6348
2.6GHz (28Core)*2
Memory 48GB 64GB 96GB 160GB 320GB 576GB
SSD 960GB(Raid1) 960GB(Raid1) 960GB(Raid1) 960GB(Raid1) 960GB(Raid1) 1.92TB(Raid1)
Storage 960GB 960GB 960GB 1.92TB 1.92TB*2 1.92TB*6
Management Port 1GbE 2port (Copper) 1GbE 2port (Copper) 1GbE 2port (Copper) 1GbE 2port (Copper) 1GbE 2port (Copper) 1GbE 2port (Copper)
Power Supply Redundant 1300W Redundant 1300W Redundant 1300W Redundant 1300W Redundant 1300W Redundant 1300W
* Performance metrics may vary depending on the specific environment and system configuration.