Messageware Z-Day Guard for
Messageware Z-Day offers next generation threat hunting. Protect your Microsoft Exchange servers against zero day attacks. Z-Day detects changes to the environment that indicate the dropping of Command and Control (C&C) web shells. C&C web shells commonly reach out to the internet, enabling remote access to your network.
Z-Day is a server protection solution focused on detection, alerting, and response (MDR/MDAR) to zero-day attacks and server penetrations. Messageware Z-Day actively protects servers using embedded monitoring technology that cannot be turned off by malicious software.
File Integrity Monitoring (FIM)
Z-Day understands the Microsoft Exchange Server’s file system and establishes a trusted baseline of the system. When files on the server are unexpectedly changed, added, or removed, Z-Day detects the threats, unlocking a new level of threat hunting.
Virtual Directory (vDir) Integrity Monitoring
Microsoft Exchange Servers use virtual directories (vDirs) in Windows IIS to allow access to web applications like Outlook, ActiveSync, and Autodiscover, and to provide service communications between servers.
Z-Day understands vDirs and establishes a trusted state, which forms the basis of monitoring for deviations from the baseline.
Time to React
Security analysts suggest compromised servers are leveraged in under 90 minutes. Z-Day catches changes to your server baseline instantly, and sends you alerts to respond long before this threat window closes.
Z-Day understands your team’s need to update Microsoft Exchange Servers with regular security updates (SUs) and cumulative updates (CUs) published by Microsoft. Just like Microsoft Exchange itself, Z-Day can be put in maintenance mode enabling fast updating of Exchange and quickly re-establishing trusted baselines.
Notifications and Daily Digests
No SIEM? Set up near-real time notifications of threat data and enable daily health summary reports to stay up-to-date with your server status.
SecOps SIEM? Z-Day pushes threat data directly to SIEMs. Easily add additional near-real time notifications of threat data and enable daily health summary reports to easily inform non-SIEM teams of the health of the Exchange Servers.
Detailed Threat Data and Visualizations
Easily identify hot spots and trends by displaying historical threat data in bubble chart.
Expand directly into detailed incidents using a tree-view to see system changes over time.
SYSLOG and SIEM Server Integration
Z-Day pushes threat data to existing SYSLOG and SIEM Servers in the network, providing new visibility to and rapid response from the corporate security team.
Z-Day sends standardized RFC 3164 and RFC 5424 data messages enabling the existing solutions to be easily setup with display and threat action rules. Operating as an endpoint, there is no need to implement additional systems or manual processes (eg. Splunk, QRadar, Solarwinds, …).
Certified PPL ELAM Mode
PPL (Protected Process Light) and ELAM (Early Launch Antimalware) technology work together ensuring that Windows Server only loads trusted services and processes. This is done first, before other software and drivers are initialized.
Messageware Z-Day is a certified PPL ELAM driver, ensuring that it is monitoring your system from startup to shutdown.