In an exclusive interview with Anxinsec’s Chief Executive Officer Alex Jiang and Chief Security Officer Roger Wang, we discover the benefits of Anxinsec’s memory detection and protection system (MDPS) and how its innovative and cutting-edge technologies provide multi-dimensional protection.
Anxinsec’s product operates within the kernel layer of a system, allowing them to supervise CPU and programme memory access behaviour, providing real-time identification of malicious activities. Unlike traditional security products, Anxinsec’s product uses behavioural analysis technology to identify both unknown and known threats, making it more reliable and efficient in protecting systems.
Below, Jiang and Wang explain how MDPS helps customers around the world detect newly emerged attacks, including file-less attacks and zero-day vulnerability exploits, precisely. The system is designed to protect the core business systems from interruption or data breaches, ensuring that sensitive data remains secure.
How does the Anxinsec’s MDPS provide multi-dimensional protection?
Our product operates within the Kernel layer, allowing us to monitor CPU and programme memory access behaviour. This means that we can supervise everything. By building our core technology after analysing malicious samples, we have developed a monitoring model that enables us to identify malicious behaviour in real time.
Secondly, the ACDR (represents Attack-Chain Detection and Response) technology blocks unknown malware and provides an illustration of a behavioural chain for an attack or incident. It can effectively detect a rootkit, boopkit this kind of kernel-level threats.
At the application layer, MDPS employs RASP technology to provide an immune system for web applications.
How does the MDPS differ from conventional security products?
As opposed to conventional security products, we don’t rely on definition or signature files. Anxinsec uses behavioural analysis technology to analyse the behaviour of programmes instead of their features. Therefore, we can identify and detect unknown or known threats. Since we don’t rely on definition files, there are no lags compared to conventional products, which download the signature file from the server resulting in lags as well as the possibility of allowing malware to crack in.
Moreover, our product is proficient in detecting zero-day vulnerabilities. Since our system is based on behaviour, it can also identify and detect these attacks. Additionally, our behaviour analysis and memory monitoring is based on machine learning and can prevent a large number of enterprise-level threat vulnerabilities.
What is the role of machine learning and automation in your MDPS?
We have over 1 PB of malicious samples and a powerful analytical engine that analyses and learns from this data, identifying patterns and natural behaviours of malware. We researched more than 20 effective analytic models, and finally came up with a detection mechanism with multiple analytic models, such as attacking scenarios combination, dynamic weighting, machine learning model and compound decision-making, which greatly improved the detection accuracy and can block malicious behaviours in real-time.
Furthermore, while it can summarise the pattern and constantly analyse, it is also learning every day to anticipate as well.
Why is the MDPS termed as “born for host security”?
Our company’s core technical team, including our CTO and other members in China and worldwide, are kernel-level experts, who understand the behaviour inside the OS, including Windows, Linux, etc. Our expertise and research into kernel-level threats for over 15 years, which means that our product can detect kernel-level, application-level, and system-level threats, to provide endpoint and workload protection. We have deployed more than 1 million seats worldwide and serve over 200 customers, including Fortune 500 clients, making our product a reliable solution. Given that we are a four-year-old company, our achievements are remarkable.
