Why WSS?

SECURE YOUR WEB SERVER

Uninterrupted,
real-time web security

UMV’s solutions provide real-time detection and response to web server malware and malicious file changes

Smart security is more than just playing defense;
it’s knowing, reacting, and resolving—instantly.

Watch the intro video

Today’s cybersecurity challenges

Ever-increasing
attack variety

Continuously refined malware to exploit new vulnerabilities in network systems

Internal and
external threats

Attacks both inside and outside the organization

Diverse intrusion methods

Further risk posed by malware that’s parsed, hidden, and/or encrypted

Cloud/hybrid environments

Adapting to cloud-containing environments

System burden

Increasing number of cyber components overload system resources

Alert fatigue

High noise and notification overload

WSS defends against:

web shells

malicious URLs

unintended file changes

Consistent use of web-based malware by Advanced Persistent Threat (APT) groups has led to significant cyber incidents in recent years

Fact Sheet

Web Shells

MITRE ATT&CK: T1505.003

Purpose: Persistence

Form: script (variable length) that establishes backdoor access to server OS; client-side command-line interface or GUI

Well-Known Instances: China Chopper, Godzilla, ASPXSpy

How are webshells used?

Data and credential harvesting

Uploading of malicious URLs, malware (e.g. ransomware)

Website defacement and forgery

Element in command-and-control (C2) infrastructure

Read more about web shells

How web shells often go undetected:

SMALL

web shell code can be just one line long, and can be hidden inside legitimate files

BUILT FOR STEALTH

web shells are encoded, segmented, and even equipped with self-destruct functions TO disappear without a trace

INNOCUOUS

web shell traffic closely resembles normal HTTP/HTTPS traffic, RENDERING TRAFFIC ANALYSIS MOOT

How UMV keeps your web server safe

UMV’s flagship product, WSS defends web servers from a variety of web attacks, including: APT attacks, ransomware threats, website spoofing, and more. Using functions such as detection, monitoring, quarantine, and reporting, WSS stops web shell threats before they can do any damage.

WARSS prevents website defacement, source code forgery, and content forgery. Detecting changes to your homepage and restoring them to their original state in real-time, WARSS ensures you can maintain business continuity, even under attack.

Web shell detection

  • detect web shell uploads
  • automatic quarantine
  • real-time notifications
  • thorough reports
  • mitigation

Real-time detection

  • web shells uploads
  • unauthorized file changes

Personal information detection

  • files
  • documents
  • databases

Source file integrity

  • source file change detection
  • automatic recovery
  • real-time notifications
  • thorough reports
  • mitigation

Malicious URLs

  • detection
  • quarantine
  • exception management

Configuration file recovery

  • web server configuration file change detection
  • automatic recovery
  • attacker IP report

WSS Detection Methods

To improve detection, unknown malicious code is detected and quarantined through WSS’s dedicated obfuscation analysis engine, SCR Parser.

  • Pattern
  • Algorithm
  • Hash Value

Pattern-Based Detection

WSS detects web shell patterns stored in the DB via comparison with well-known web shells

Algorithm-Based Detection

WSS deploys a dedicated algorithm to detect web-shell like patterns in obfuscated scripts

Hash Value-Based Detection

WSS regularly saves and updates web shell hash values as published on VirusTotal to detect web shell scripts

WSS Detection Methods

To improve detection, unknown malicious code is detected and quarantined through WSS’s dedicated obfuscation analysis engine, SCR Parser.

WSS detects web shell patterns stored in the DB via comparison with well-known web shells

WSS deploys a dedicated algorithm to detect web-shell like patterns in obfuscated scripts

WSS regularly saves and update web shell hash values as published on VirusTotal to detect web shell scripts

Site Menu
Products
Language
Sign up to receive updates on blog posts and UMV news!

Go back

Thank you for subscribing to our mailing list.