[MDS] Let's learn about MDS Deployment
MDS is basically deployed as an all-in-one product that provides detection/analysis, monitoring and agent management features all together. It can also be flexibly extended with MDS and MDS manager in accordance with the corporate environment and requirements. MTA mode can be used to quarantine email.
1) Standalone MDS
Individual components featuring exclusive roles of Analysis & Detection, Remediation & Host Management, and Monitoring & Data Management are integrated into a single unified device.
2) MDS + MDS Manager Deployment
Our suggestion for such a case is to install additional MDS Manager devices like Data Viewer or Host Controller, while placing the all-in-one MDS device as a core device for malware detection. The number of MDS Manager and Host Controller devices and their deployment may be determined in compliance with the network environment or size.
※ If your switch does not support port mirroring, use a traffic mirroring device. Refer to Port Mirroring and select a mirroring method that best suits your environment.
3) MTA License Applied (Email Quarantine)
In order to prevent email-based attacks, AhnLab MDS provides Mail Transfer Agent (MTA) mode that automatically detects and quarantines malicious or suspicious emails.