7.14. RTMD Web

RTMD Web is a service that detects unauthorized malware intrusions, makes unknown threats and latent risks visible, and reports them. Principally, it provides a file analysis feature and a traffic analysis feature.
It not only performs signature-based analysis on the Customer traffic that passes through vFirewall/Integrated Network Appliance by mirroring it, but also it actually reproduces suspicious traffic in the RTMD Web virtual environment, and analyzes malware dynamically.

Note

  • You can use one RTMD Web for every Data Center.

Important

  • The following specification is Japan DC version. For specification of other Data Centers, please contact each NTT Communications affiliate.

7.14.1. Available Features

You can use the following features with RTMD Web.
Feature Overview
File Analysis A feature that inspects Web content that is sent and received by Web access (HTTP communication), and analyzes the content suspected of containing malware and determines whether it is malware inside the virtual environment.
Traffic Analysis A feature that detects access to fraudulent websites, and Web access (HTTP communication) to C & C servers that is executed by malware.
Report A feature that provides the assessment results of the file analysis and traffic analysis as daily and monthly reports.

Analysis Capacity
The traffic volume that can be analyzed by RTMD Web is shown below.
Item Performance (maximum value) Remarks
Traffic Processing Capacity 20 Mbps The total value of uplink and downlink.

7.14.2. File Analysis Feature

It mirrors customer traffic that passes through vFirewall/Integrated Network Appliance, and detects suspicious communication that might trigger an attack, such as downloads of obfuscated Java Script and executable files.
The detected communication is actually reproduced in the RTMD Web virtual environment. The content of changes generated inside the virtual environment (such as file opening, closing, creating, changing and deleting, registry changes, and API and addresses that are called) is recorded. Whether it is malware or not is determined by those results.
The Virtual Environment that Analyzes Malware
By installing operating systems (OS), Web browsers and Microsoft Office in the Malware Detection (Web) virtual environment, you can reproduce the attacks aimed at the vulnerabilities of each application, and detect malware.

7.14.3. Traffic Analysis Feature

It mirrors customer traffic that passes through vFirewall/Integrated Network Appliance, detects access to fraudulent websites and Web access (HTTP communication) to C & C servers that is executed by malware.

Note

  • Notification of detection status is made by Email etc.

7.14.4. Report Feature

The assessment results of the file analysis and traffic analysis features are provided as daily and monthly reports. You can download the reports from the security Web portal as password-protected ZIP files.
Note that the date when downloading can start depends on the report type.
Report Type Details Date when downloading can start
Daily report One day’s worth of assessment results from the file analysis feature From the afternoon of the day after the report target date.
Monthly report One month’s worth of assessment results from the file analysis feature From 11 business days into the month following the report target month

Note

  • You can set a password for the ZIP files in advance.

7.14.5. Important Points

  • The following files are not targeted for analysis.
    • Encrypted files
    • Files set with passwords
  • Analysis may be overdue when the device limit of throughput is exceeded.
  • RTMD Web cannot always be provided because it is to be inserted into the target communication route. Thus network design consideration is required before application.
  • The devices that make up RTMD Web are provided in a single configuration. If the devices fail, you cannot use the RTMD Web feature. Note that there will be no effect on your usual communication.
  • RTMD Web does not guarantee that the RTMD Web feature has integrity or accuracy, or is suitable for your use. Furthermore, the suitability of the signatures (algorithms that assess the degree of danger and malware) provided by the developers or distributors of the devices making up the RTMD Web feature is not guaranteed.
  • The following information might be provided to the developers or distributors of the devices making up the RTMD Web feature.
    • Configuration information obtained from providing RTMD Web
    • Configuration information obtained from RTMD Web detection, etc.
  • We cannot guarantee recovery from failures that might occur due to incompatibility between the RTMD Web and your environment, or failures that occur due to your operations other than those specified by NTT Communications.
  • There may be times when the customer’s environment is affected by maintenance services. An advance notice will be sent when there are possible effects to the customer’s environment. This is not applied when we judge the maintenance work urgent to continue service.