What is a webshell?

Webshell is a malware that allows a vulnerability in web source code to illegally upload to a web server and then execute various commands on the system.
When a web shell is inserted into a web server source, administrator privileges are seized, resulting in not only web page tampering, but also leaking personal information.

Webshells are the number one incidence in recent security incidents, and the application of obfuscation technology can bypass detection of existing security solutions (such as web firewalls), so robust webshell detection and defense tools are needed to solve this problem.

Handling products and product features

WSS ShellMonitor (Shell Monitor)

The web server is immediately checked for malware and malware dissemination URL, which is inserted by real-time recognition of the changes in the web server file system, and alerts the administrator to quarantine.

Shell Monitor Behavior Overview

  • Web shell and malware dissemination URL real-time detection / quarantine measures
  • Centralized management support and automatic update support for large web servers
  • Detection of web server settings file changes corresponding to malicious permission changes

Need for shell monitors

Responding to various web attacks using web application vulnerabilities and more

Complementing network security solutions

    • The limitations of network defense sit down as the intrusion method diversifies (the need for detection/quarantine of web server malware within the system)
    • Increased information security incidents by users inside the organization as well as external hacking
    • Web server malware detected in the web server that penetrated before setting up web firewall
    • Increased penetration by network bypass techniques
    • Overload for Full Inspection
    • Risks for handling encryption/encoding traffic and security policy exceptions

Shell Monitor Key Features – Detection Performance

Supports unknown malware detection through obfuscation-only analysis engine (SCR Parser)

Collecting malware to improve detection performance
    • Analysis of detection history of 15,000 application agents
    • Malware collection and analysis expertise
    • Sophisticated pattern ing and exception handling support for minimal false positives

Shell Monitor Key Features – Convenience

Supports pattern customization for web server/WAS-specific environment
Support for efficient detection
    • Support for automatic quarantine of known web shells and malicious URLs
    • Unknown malware risk and behavior

Convenient update support

    • Supports automatic updates of patterns and detection agents

R&R (Role and Responsibility) support

    • Support for one-click reporting in quarantine
    • Auto-find the directory to be detected
    • Automatic backup support for the latest detections to the management server
    • Detailed permission management support for business situations such as manager/control/management personnel
    • Automatic setting and detection of detectable directories that are added during operation

Shell monitor main functions

Service charges