Skip to main content

NetGuard Endpoint Security

Network based malware detection

Nokia’s NetGuard Endpoint Security (NES) is an end-to-end, network-centric malware detection and response, for mobile, fixed infrastructure, and smartphone and IoT devices. Leveraging Nokia’s Threat Intelligence Center and network-based malware sensors allows both to protect network infrastructure from attack and offers revenue-generating malware protection services to customers.

It monitors consumer, enterprise, and critical infrastructure network traffic for malware and attack activity. NES identifies infected end-point devices and takes immediate action to notify or block malware and prevent security breaches. The system augments the service provider’s security operations teams with real-time, actionable threat intelligence to protect both the critical telecommunications infrastructure and consumer endpoints from malware activity. Being an agentless Endpoint Security solution, NES protects the whole network and is a powerful asset for the Service Provider’s security professionals independent of their role and experience level.

System Components of network-based malware detection

The below figure illustrates a system architecture for network-based malware detection. Sensors in the carrier network monitor the network traffic between user endpoints and the Internet, looking for evidence of malware infection. This includes malware command-and-control (C&C) traffic, exploit attempts, hacking activity, suspicious behavior, and DDoS activity. Alerts are sent to a central alert reporting cluster, where they are analyzed and stored. Interfaces provide real-time information feeds to SOAR (Security Orchestration, Analytics, and Response), SIEM (security information and event management), firewalls, and policy enforcement systems. The system also includes a fully automated end-user notification system and a self-serve remediation portal.

Netguard System Architecture

Network Based Malware Sensors

Network sensors are deployed at key locations in the carrier network to monitor the network traffic for malware activity. These are deployed on network taps and have no impact on network performance. They use a combination of behavioral and signature-based technology to identify malware activity with a high degree of accuracy. These also host Nokia’s IoT device profiling and anomaly detection algorithms.

Alert Reporting Cluster

The Alert Reporting Cluster (ARC) is a cluster of virtual machines that run in the carrier’s data center to aggregate malware events from the sensors. This also hosts the system’s database, interfaces with third-party security operation systems (SIEM, Firewalls, PCRF, SOAR etc) and provides a platform for analytics and reporting.

Analytics Portal

The Analytics Portal provides the main user interface for the security operations team. It provides a dashboard summary of malware activity and the ability to drill down to individual malware events. It provides detailed reports on which devices are infected by which malware and allows the operator to view the individual malware activity history for each device on the network.

Subscriber Portal

The subscriber portal provides a self-serve remediation portal that consumer or enterprise customers use to eliminate malware problems on their devices. It is an integral part of the malware notification and remediation service and provides online scan & clean services and up to date anti-malware software for smartphones, tablets, PCs and laptops.

Features and Benefits

NetGuard Endpoint Security network-based malware detection benefits:

Secure

Gathering threat intelligence for security operations

The system allows the service provider’s security operations team to collect live threat intelligence from their network. This tells them which devices are infected with malware and which malware is operational in their network. This information is used to protect the critical telecommunications network infrastructure end-point devices.

Customer-care

Consumer malware notification and remediation

The system is a turnkey malware notification and remediation service that provides network-wide protection to the service provider’s customers and enables the service provider to monetize it as an optional service for the consumer and enterprise markets. A notification is triggered when malware activity is detected and gives the subscriber the option to automatically initiate remediation measures, through the NES Subscriber Portal or other customer-facing channels.

Experience

Enterprise Malware Notification and Remediation

NES is multi-tenant capable thus enabling the service provider to address its enterprise customers with a network-based malware detection solution, customized for each enterprise. The NES Analytics Portal gives each service provider’s enterprise customer their own view of the system.

"M1’s Mobile Guard (NetGuard EndPoint Security) is the only solution in our market to offer always-on, end-to-end network-driven malware protection – helping customers perform a device health assessment, detecting and alerting customers to a threat, and helping them eliminate any threat found."
Alex Tan
Chief Innovation Officer at M1.

Ready to talk?