【奇安信】新一代威胁感知系统_天眼.pdf

小小亮

3125

2页

20次

2021-06-07

免费下载

SkyEye

New Generation Threat Perception System

Product Overview

System Components

SkyEye

SkyEye is to establish a security analysis platform centered on protecting against APT attacks. With advanced threat detection and data

analysis as its core, it provides security operation system for online assets protection, safe operation and maintenance, cyber threat

detection, vulnerability discovering, analysis and traceability, response disposal, situation awareness and presentation.

Components

Traﬃc Sensor

Email Threat Evaluator

Analysis Platform

File Threat Evaluator

(Sandbox)

The Honey Pot

Description

The trap for attacks. Intentionally attracts

access from attackers to collect attacker

info for attack tracing.

Focusing on malicious mails detection

including attachment examination,

phishing mail detection.

Analyze network logs and oﬀer: threat

summarizing, behavior analysis, threat

hunting, assets management etc.

Execute static and dynamic detection for

the ﬁles transferred from traﬃc sensor.

Retrieve and detect threats from original

network traﬃc. Restore ﬁles from

network traﬃc. Generate and output

network logs.

Advantages

Leading Threat Intelligence

Oﬀering Threat Intelligence with extremely high accuracy by

using multi-dimensional global data collection and

cloud-based big data automated processing with auditing from

top security research teams.

Machine Learning Algorithm

Enabling machine learning on detection of speciﬁc types of

threats. Trained with massive data, machine learning

algorithms provides highly eﬃcient and accurate detection for

the threats that can easily escape from rule checking.

Core Values

Accurate Advanced Threat Detection

Rapid Response on Major Security Incidents

Retrospect and Analysis of Cyber Attacks

Cross-Device Synergy

Rapidly locating infected hosts and malware, SkyEye eliminates

threats by co-working with terminal EDR, ﬁrewall NDR, and

SOAR technology.

More than 40 domestic and global APT organization have been

detected by Our Threat Intelligence Center.

Leading APT Detection and Tracking Ability

Massive Data Retrieval and Computing

Oﬀering eﬃcient retrieval ability for terabyte-level of data with

solid technical support for local large-scale data retention,

attack evidence retention, and real-time correlation analysis.

Rich Industry Cases

1000+ customer cases in over every industry.

SkyEye

Hardware Speciﬁcations

Product

Model

Interface Modules

Storage

Memory

Performance

Sensor

4Gbps

2MGT+2*10/100/1000

M Base-T+2*10G SFP

4TB

32G

TSS10000-S53

Sandbox Analysis

8Gbps

2MGT+2*10/100/1000

M Base-T+2*10G SFP

4TB

64G

TSS10000-S56

Motion detection: 2w ﬁles per day

Static detection: 100w ﬁles per hour

4*10/100/1000M Base

4TB

128G

TSS10000-D57

1G of traﬃc can be kept for 3

months

A58E for Extension only

4*10/100/1000M Base

4TB*12

256G

TSS10000-A58/A58E

Note: the above contents are for reference only, subject to the actual product

Typical Deployment

SANDBOX

Static detection

Dynamic detection

Threat Sensitive System

Log Retrieval

Data Engine

ANALYZER

Data Engine

Analyzer Expansions

Probe 1 Probe 2

SENSOR

·DI IS resolution

·TCP/UDP traﬃc

·Network and Web access

·File transfer

·LDAP behavior

·Login action

·Email behavior

·DB operation

·SSL encrpytion

·Threat Logs

·USB logs

·Email logs

·IM ﬁle transfer

·Proceedings

·Passive DNS

NDR

NGFW

Firewall

NGFW

Firewall

NDR

SkyEye

New Generation Threat Perception System

Product Overview

System Components

SkyEye

SkyEye is to establish a security analysis platform centered on protecting against APT attacks. With advanced threat detection and data

analysis as its core, it provides security operation system for online assets protection, safe operation and maintenance, cyber threat

detection, vulnerability discovering, analysis and traceability, response disposal, situation awareness and presentation.

Components

Traﬃc Sensor

Email Threat Evaluator

Analysis Platform

File Threat Evaluator

(Sandbox)

The Honey Pot

Description

The trap for attacks. Intentionally attracts

access from attackers to collect attacker

info for attack tracing.

Focusing on malicious mails detection

including attachment examination,

phishing mail detection.

Analyze network logs and oﬀer: threat

summarizing, behavior analysis, threat

hunting, assets management etc.

Execute static and dynamic detection for

the ﬁles transferred from traﬃc sensor.

Retrieve and detect threats from original

network traﬃc. Restore ﬁles from

network traﬃc. Generate and output

network logs.

Advantages

Leading Threat Intelligence

Oﬀering Threat Intelligence with extremely high accuracy by

using multi-dimensional global data collection and

cloud-based big data automated processing with auditing from

top security research teams.

Machine Learning Algorithm

Enabling machine learning on detection of speciﬁc types of

threats. Trained with massive data, machine learning

algorithms provides highly eﬃcient and accurate detection for

the threats that can easily escape from rule checking.

Core Values

Accurate Advanced Threat Detection

Rapid Response on Major Security Incidents

Retrospect and Analysis of Cyber Attacks

Cross-Device Synergy

Rapidly locating infected hosts and malware, SkyEye eliminates

threats by co-working with terminal EDR, ﬁrewall NDR, and

SOAR technology.

More than 40 domestic and global APT organization have been

detected by Our Threat Intelligence Center.

Leading APT Detection and Tracking Ability

Massive Data Retrieval and Computing

Oﬀering eﬃcient retrieval ability for terabyte-level of data with

solid technical support for local large-scale data retention,

attack evidence retention, and real-time correlation analysis.

Rich Industry Cases

1000+ customer cases in over every industry.

of 2

免费下载

奇安信

关注

评论