Multi-anchor detection capability, real-time detection of compromised workload
Effective detection of hacker attacks without understanding vulnerabilities and hacker tools
Highly automated and easy to operate
Multi-Dimensional Intrusion Sense System
Module Function Introduction
Web shell Detection
Through automatic monitoring of key paths, combined with regular library, similarity matching, sandbox and other detection methods, real-time finding file changes, so that web shell can be detected in time, and the impact of web shell can be clearly labeled.
Reverse Shell
Through the real-time monitoring of user's process behavior, combined with the analysis of behavior, the reverse shell behavior caused by illegal shell connection can be found in time, and the behavior traces exploited by 0-day vulnerability can be effectively perceived, and the detailed process operation tree of reverse shell can be provided.
Local Privilege Escalation
Through real-time monitoring of user's process behavior, combined with behavior analysis technology, we can timely discover the process privilege escalation and inform users, and provide detailed information of the process privilege escalation.
System Shell Monitoring
Through the analysis of process correlation information, combined with pattern recognition and behavior detection, we provide an automatic system shell detection method without Hash, and realize multi-dimensional, high-precision and fast shell detection in multi-system.
Micro Honeypot
It can be easily and flexibly configured to allow the workload to monitor each port, thus expanding the scope of monitoring. By using this kind of honeypot configuration with small consumption and wide coverage, the probability of discovering hacker-side attacks will be greatly increased. The so-called "micro" honeypot also has a "big" effect.
Brute-force attack monitoring
By monitoring the login behavior in real time, hackers’ attempt to brute-force attack user login passwords by using different services can be discovered in time and automatically, hacker’s IP or accounts will also be blocked automatically, so that hackers can no longer make any more attempts.
Products Characteristics
1
Comprehensive Attack Monitoring
The in-depth monitoring of each node of attack path provides multi-platform, multi-system and high real-time attack monitoring, which achieves real-time monitoring of ‘all’ angles.
2
High real-time intrusion warning
Supported by agent, combined with IoC, big data, machine learning and other analysis methods, real-time detection and notification of intrusion events are achieved, which achieves "high" real-time intrusion.
3
The Visibility of the Depth Analysis
Based on the in-depth analysis of attack time and dimension, the origin of intrusion events are sorted out to make intrusion analysis deep and visible in depth.
4
Diversified and Efficient Response
It provides a variety of response capabilities, including automatic shutdown, manual quarantine, blacklisting/whitelisting and custom processing tasks, so that the response can be "efficient and diverse".
Multi-anchor detection capability, real-time detection of compromised workload
Effective detection of hacker attacks without understanding vulnerabilities and hacker tools
Highly automated and easy to operate
