Aggregation, statistics, analysis, and mining of massive security logs and alarms

Full local security logs can be collected and stored in a centralized manner, including host security baseline logs, network device logs, middleware and application logs, and security device alarms。Based on the data merging engine and attack chain model, it merges and analyzes the massive network intrusion events, and analyzes them with assets to realize the extraction of high-risk events。At the same time, it provides low-level data support for security situation analysis, compliance audit, and attack traceability。

Full traffic data analysis, trusted network behavior monitoring, network security situation visualization

The XFLOW or Full traffic mirroring network traffic analysis technology helps users comprehensively detect suspicious network access behaviors and understand the running health status of networks and applications to achieve trusted management of enterprise network environments。Rich network traffic visualization visually displays network security situation to users from multiple dimensions, enabling managers to have a clear view of the network security situation in the organization and effectively assist decision-making。

Enterprise Intranet threat Intelligence Center

The original enterprise Intranet threat intelligence center has changed the traditional security mode of passive defense. Based on intrusion deception technology, it effectively solves the problems such as the high false positive rate of existing security products and the inability to accurately discover Intranet attack behaviors through the highly simulated honeynet technology。Combined with the extensive external threat intelligence information of the cloud, it can provide highly credible intelligence information for the association analysis of Intranet multi-source logs, and effectively improve the identification accuracy of APT attacks and horizontal mobile attacks。At the same time, it is used as Intranet threat intelligence to share with existing security devices to improve the in-depth defense system of the current network。

Threat intelligent detection and security situation presentation

As new threats and attack methods become more sophisticated and stealthy，The traditional security defense means of the enterprise appear to be inadequate;The variety of devices and applications in the network is increasing，The data and logs generated by devices and applications are increasing，Enterprises can not dig potential security problems from massive data;The detection device generates tens of thousands of alarms every day，The vast majority of them are also false positives，Unable to deal with;The system is based on big security data such as threat intelligence and enterprise local logs, traffic, and IT baseline monitoring，Multi-dimensional, fast, automated correlation analysis of massive data to discover local threats and abnormal behavior。At the same time, the system can display the overall security situation of these security threats and exceptions to users in the most intuitive way through graphical and visual technologies, which helps service managers to make judgments and decisions quickly。