- Print
- PDF
Webshell Behavior Detector overview
- Print
- PDF
Available in VPC
Webshell Behavior Detector is a service that allows for a quick response to suspicious web shell behaviors by detecting them in real time and providing notifications.
A web shell is malware created intentionally for the purpose of performing malicious behaviors such as system destruction and data breaches. It is code for server side-scripting that allows the attacker to use the features of a shell, which can execute system commands, on a website.
Webshell Behavior Detector's features
The Webshell Behavior Detector service has the following features.
Powerful detection feature: Web shell has various concealment technologies applied to avoid being detected, such as new patterns, types, obfuscation, encrypted communication, etc. It is one of the attacks that are very difficult to detect. However, Webshell Behavior Detector uses a powerful behavior-based detection technique to disable such concealment technologies, enabling detection of both existing and new types of web shells.
Real-time detection and notification transmission: Instead of detecting at a regular interval, it detects web shell behaviors in real time and sends notifications to the designated contacts to respond quickly. You can set notification intervals to prevent excessive notifications from being sent out.
Simple settings: Other than the rules set by default, users can set exception rules manually. In addition to detailed settings, you can also easily customize settings based on detection history.
Easy and convenient response: When users receive notifications about suspicious web shell behaviors that have been detected, they can isolate suspicious web shell files easily and quickly on the console page of NAVER Cloud Platform without having to directly access the server.
Adaptation to server environment: Certain intentional tasks such as batch work by WAS or operations by CI software may be flagged as suspicious as they are similar to web shells although they are being executed in the server environment. These behaviors could be detected in the early stage of using the service. You can set the service to exclude them from detection using the exception handling feature. Through the adaptation period by setting exceptions, it becomes customized to your server environment to only detect web shell behaviors.
Various features provided by Webshell Behavior Detector
Webshell Behavior Detector provides a variety of features as described below.
- Real-time detection of web shells based on behavior: It can analyze various data in web servers and assess the web shell behaviors in real time.
- Detection of unknown web shells: It has overcome the limitations of existing web shell detection solutions, which couldn't effectively detect web shells with slight edits such as function names or argument values, with encrypted packets, or in SSL-applied environments. It is even able to detect completely new types of web shells.
- Management of information and history regarding suspicious web shell behaviors: It provides various information, such as the server where web shell was detected, time, command executed, path of the web shell, and the attacker's IP. Customers can establish more detailed response strategies by referring to the information, and can manage their history easily by adding information such as response methods.
- File isolation/restoration: You can isolate or restore suspected web shell files with a click in NAVER Cloud Platform's console without directly accessing the server.
- Provision of a list of suspicious web shell files: It provides a list of suspicious files to enable quick response upon detection of web shell behaviors. Also, it provides additional information on files suspected to be web shells, such as creation time, file permissions, owners, groups, file paths, and size.
- Provision of a list of suspicious attacker's IPs: It provides the information of suspicious attacker IPs and their country so you can analyze the behaviors attempted by the attacker and block their IPs.
- Exception rule settings: It provides detailed exception rule settings for you to customize the service for various web service environments.
- Notification feature: When it detects a web shell behavior, it sends a notification to notification recipients using the selected method (via email or text message). In addition, a notification interval settings feature is provided to prevent it from sending too many notifications.
- Remote management of agent: It provides a remote control feature to easily enable and disable the agent's detection process from NAVER Cloud Platform's console without accessing the server.
- Server group settings: If you have many web servers to apply detection for, then the server group settings feature is provided for you to use the service more conveniently.
Webshell Behavior Detector Guide information
Webshell Behavior Detector Guide has a total of 9 topics. The content that readers can view in each topic are as follows.
- Webshell Behavior Detector overview: introduction to Webshell Behavior Detector and its advantages, useful guides for using Webshell Behavior Detector, related resources
- Webshell Behavior Detector concepts: service structure and use cases of the Webshell Behavior Detector service
- Prepare to use Webshell Behavior Detector: preparations needed before using Webshell Behavior Detector
- Get started with Webshell Behavior Detector: methods to request subscription and set the Webshell Behavior Detector service from the NAVER Cloud Platform console
- How to use Webshell Behavior Detector: usage methods of Webshell Behavior Detector's features available for users
- Troubleshooting for Webshell Behavior Detector: solutions for errors that may happen while using Webshell Behavior Detector
- Install and execute Webshell Behavior Detector agent: installation of and controls for server agents required to use Webshell Behavior Detector
- Webshell Behavior Detector Sub Account: management of Webshell Behavior Detector's Sub Account and policy information
- Webshell Behavior Detector release notes: update history of Webshell Behavior Detector Guides
Related resources for Webshell Behavior Detector
NAVER Cloud Platform provides a variety of related resources as well as guides to help customers better understand Webshell Behavior Detector. If you are a developer or marketer in need of detailed information while you are considering adopting Webshell Behavior Detector for your company or establishing data related policies, then please make good use of the resources below.
- API Guide: instructions for using Webshell Behavior Detector
- Pricing information, characteristics, detailed features: summary of Webshell Behavior Detector's pricing systems, characteristics, and detailed features
- Latest service news: the latest news related to Webshell Behavior Detector
- FAQ: frequently asked questions from Webshell Behavior Detector users
- Contact Us: direct inquiry in case of unresolved questions that aren't answered by guides