Messageware Z-Day Guard for Microsoft Servers |
Messageware Z-Day offers next generation threat hunting. Protect Microsoft Windows Servers, Exchange Servers, and Azure Servers against zero day attacks. Z-Day detects changes to the environment that indicate the dropping of Command and Control (C&C) web shells. C&C web shells commonly reach out to the internet, enabling remote access to your network.
Z-Day is a server protection solution focused on detection, alerting, and response (MDR/MDAR) to zero-day attacks and server penetrations. Messageware Z-Day actively protects servers using embedded monitoring technology that cannot be turned off by malicious software.
Protecting:
- Microsoft Exchange Servers 2019 2016 2013
- Windows Servers and VMs
- Azure Servers and VMs
Time to React
Security analysts suggest compromised servers are leveraged in under 90 minutes. Z-Day catches changes to your server baseline instantly, and sends you alerts to respond long before this threat window closes.
File Integrity Monitoring (FIM)
Z-Day understands the server’s file system and establishes a trusted baseline of the system. When files on the server are unexpectedly changed, added, or removed, Z-Day detects the threats, unlocking a new level of threat hunting.
Virtual Directory (vDir) Integrity Monitoring
Microsoft Servers use virtual directories (vDirs) in Windows IIS to allow access to web applications like Outlook, ActiveSync, and Autodiscover, and to provide service communications between servers.
Z-Day understands vDirs and establishes a trusted state, which forms the basis of monitoring for deviations from the baseline.
Windows Task Scheduler Integrity Monitoring
Windows Task Scheduler is often exploited in cyberattacks to allow malware to run automatically and evade detection. By using Windows Tasks to execute malicious code, attackers can maintain control over compromised systems.
Z-Day monitors Task Scheduler to establish normal baselines and alerts SecOps teams to any unexpected activities.
Ready-to-Use Server Templates
Select from a range of preconfigured templates to instantly configure Z-Day for monitoring different types of Windows servers. These ready-to-use templates make setting up the software quick and easy with a common set of protections that can easily be customized further. Enjoy efficient and streamlined installation and configuration that ensures the software is up and running with minimal effort.
Maintenance Mode
Z-Day understands your team’s need to update server environments with regular security updates (SUs) and cumulative updates (CUs) published by Microsoft.
Z-Day can be put in maintenance mode enabling fast updating of your servers and quickly re-establishing trusted baselines.
Notifications and Daily Digests
No SIEM? Set up near-real time notifications of threat data and enable daily health summary reports to stay up-to-date with your server status.
SecOps SIEM? Z-Day pushes threat data directly to SIEMs. Easily add additional near-real time notifications of threat data and enable daily health summary reports to easily inform non-SIEM teams of the health of Windows Servers.
Detailed Threat Data and Visualizations
Easily identify hot spots and trends by displaying historical threat data in bubble chart.
Expand directly into detailed incidents using a tree-view to see system changes over time.
SYSLOG and SIEM Server Integration
Z-Day pushes threat data to existing SYSLOG and SIEM Servers in the network, providing new visibility to and rapid response from the corporate security team.
Z-Day sends standardized RFC 3164 and RFC 5424 data messages enabling the existing solutions to be easily setup with display and threat action rules. Operating as an endpoint, there is no need to implement additional systems or manual processes (eg. Splunk, QRadar, Solarwinds, …).
Certified PPL ELAM Mode
PPL (Protected Process Light) and ELAM (Early Launch Antimalware) technology work together ensuring that Windows Server only loads trusted services and processes. This is done first, before other software and drivers are initialized.
Messageware Z-Day is a certified PPL ELAM driver, ensuring that it is monitoring your system from startup to shutdown.