Webshell Behavior Detector concepts

Available in VPC

Learn to understand how Webshell Behavior Detector works and refer to user scenarios to make better use of Webshell Behavior Detector.

Webshell Behavior Detector's service structure

The Webshell Behavior Detector service collects information in real time using agents installed on the customer's servers and sends it to analysis servers. If it is judged to be a web shell behavior based on the information collected, then it sends notifications to customers so that they can respond quickly. It also provides behaviors and files suspected to be web shells, and suspicious attacker IPs that can be used for web shell analysis and response in the console.

Webshell Behavior Detector scenarios

Refer to the following use cases of the Webshell Behavior Detector service.

1. You request subscription to the Webshell Behavior Detector service to run your web service more securely.
2. You receive a notification about a behavior suspected to be web shell while on a local business trip.
3. You access the console, and check the command that seemed to have been executed by the web shell and the file suspected to be web shell. You find that an intrusion incident caused by the web shell is occurring in real time.
4. You isolate the files suspected to be web shells using the console's file isolation feature, thus preventing damage temporarily.
5. When responding to the vulnerability which allowed the web shell to be uploaded, you can first buy some time by blocking the suspicious attacker IP provided.
6. Using NAVER Cloud Platform's Web Security Checker, you can find the vulnerability which allowed the web shell to be uploaded to the web service. Then, you can take measures to minimize the damage from the intrusion.