NetGuard Endpoint Security
Network based malware detection
Nokia’s NetGuard Endpoint Security (NES) is an end-to-end, consumer-facing network based malware detection, notification, and remediation solution. Leveraging Nokia’s Threat Intelligence Center and network based malware sensors. It monitors consumer, enterprise, and critical infrastructure network traffic for malware and attack activity. NES identifies infected end-point devices (phones, IoT, tablets, computers) and takes immediate action to notify or block malware and prevent security breaches. The system enables the service provider’s security operations team to collect live threat intelligence on malware activity in their network. This allows them to protect their network infrastructure from attack and offer revenue-generating malware protection services to their customers.
Key benefits of NetGuard Endpoint Security
Please visit the Features and Benefits tab for more information on the above benefits.
System Components of network based malware detection
The below figure illustrates a system architecture for network based malware detection. Sensors in the carrier network monitor the network traffic between user endpoints and the Internet, looking for evidence of malware infection. This includes malware command-and-control (C&C) traffic, exploit attempts, hacking activity, suspicious behavior, and DDoS activity. Alerts are sent to a central alert reporting cluster, where they are analyzed and stored. Interfaces provide real-time information feeds to SOAR (Security Orchestration, Analytics and Response), SIEM (security information and event management), firewalls and policy enforcement systems. The system also includes a fully automated end-user notification system and a self-serve remediation portal.
Network Based Malware Sensors
Network sensors are deployed at key locations in the carrier network to monitor the network traffic for malware activity. These are deployed on network taps and have no impact on network performance. They use a combination of behavioral and signature-based technology to identify malware activity with a high degree of accuracy. These also host Nokia’s IoT device profiling and anomaly detection algorithms.
Alert Reporting Cluster
The Alert Reporting Cluster (ARC) is a cluster of virtual machines that run in the carrier’s data center to aggregate malware events from the sensors. This also hosts the system’s database, interfaces with third-party security operation systems (SIEM, Firewalls, PCRF, SOAR etc) and provides a platform for analytics and reporting.
The Analytics Portal provides the main user interface for the security operations team. It provides a dashboard summary of malware activity and the ability to drill down to individual malware events. It provides detailed reports on which devices are infected by which malware and allows the operator to view the individual malware activity history for each device on the network.
The subscriber portal provides a self-serve remediation portal that consumer or enterprise customers use to eliminate malware problems on their devices. It is an integral part of the malware notification and remediation service and provides online scan & clean services and up to date anti-malware software for smartphones, tablets, PCs and laptops.
"M1’s Mobile Guard (NetGuard EndPoint Security) is the only solution in our market to offer always-on, end-to-end network-driven malware protection – helping customers perform a device health assessment, detecting and alerting customers to a threat, and helping them eliminate any threat found."