How It Works
The malware protection agent registers with the Armor management portal (AMP) console, which receives scan results and activity logs in real time. These logs are entered into the cloud security platform database, where Security Operations Center teams monitor alerts 24/7/365. If a critical detection occurs, the platform will alert in near real-time. If new malware is discovered during our security operations and analytics, we work directly with the anti-virus vendor to have signatures created, and our teams create custom mitigation and/or detection techniques as threats emerge. This means an attack on one Armor customer provides protection for all others.
Armor’s Security Operations Center also leverages standard operational processes looking for indicators of new malware and viruses, working to protect our customers before the attack, not after. Not only are we using these findings to create custom protection mechanisms, but we also create triggers to alert to suspicious traffic that matches patterns observed in new malware.
Scans are performed in real time wherein all servers are scanned against the latest definitions, heuristics, and honeypot discoveries. Customers can also initiate a full scan any time through the portal.
All servers report back to the portal enabling us to manage and report on malware prevention and remediation. Detected threats are monitored and alerted by our security operations team and responded to as necessary.