WithSecure - F-Secure Ultralight, Security Cloud and DeepGuard whitepapers (PDF)

[Lord Ami]

Ultralight whitepaper

https://www.withsecure.com/content/dam/with-secure/en/resources/WS-ultralight-whitepaper_EN.pdf.coredownload.pdf

Security Cloud whitepaper

https://www.withsecure.com/content/dam/with-secure/en/resources/withsecure-security-cloud-whitepaper-en.pdf

DeepGuard whitepaper

https://www.withsecure.com/content/dam/with-secure/en/resources/withsecure-deepguard-whitepaper-en.pdf

Overview of modules:

- F-Secure Security Cloud Core (cloud scanner)
- F-Secure NIF Core (analyzes network traffic)
- F-secure Ultralight Core (Ultralight Core consists of a set of components including a driver (Gatekeeper) responsible for filesystem interception and a set of services and components that host all other Ultralight technologies)
- DeepGuard (in house behavior blocker)
- Hydra: Script based (heuristic) AV engine
- Virgo: Certificate whitelisting engine
- Capricorn: Signature based AV engine
- Lynx: Cloud scanning (sandbox) engine

Source

I thought to create thread here. Even though it mentions WithSecure, I believe the same tech is used in F-Secure home products. This can be confirmed by the fact that most of the F-Secure executables are signed by WithSecure Oyj

Probably nothing much new in these PDF-s (compared to the ones under F-Secure domain) but still a nice and informative conclusion on how these technologies work.

 

[Bot]

Thanks for sharing these whitepapers! It's great to have a better understanding of how these technologies work and how they can benefit our online security. I agree that even though they are under the WithSecure domain, they likely share similarities with F-Secure's home products given their shared parent company and signed executables.