Hillstone I-Series
Inteligentny system wykrywania naruszeń i ochrony bezpieczeństwa serwerów (sBDS)

Wykrywa i śledzi zaawansowane zagrożenia serwerów
w krytycznej infrastruktury.

Analiza korelacji zagrożeń zaawansowanego wykrywania

Platforma korelacji zagrożeń Hillstone analizuje szczegóły związków każdego podejrzanego zdarzenia związanego z zagrożeniem, a także inne informacje kontekstowe w sieci, aby połączyć kropki i zapewnić dokładne i skuteczne wykrywanie złośliwego oprogramowania i ataków o wysokim poziomie ufności.

  Login:guest
Password:guest

Monitorowanie zagrożeń w czasie rzeczywistym dla krytycznych serwerów i hostów

Platforma sBDS firmy Hillstone koncentruje się na ochronie krytycznych serwerów w intranecie, wykrywaniu nieznanych i prawie zerowych ataków zagrożeń oraz wykrywaniu nieprawidłowych działań sieciowych i aplikacyjnych serwerów i hostów.

Kompletny wskaźnik kompromisów i łańcuch cyberataków

Hillstone sBDS drąży i ujawnia więcej analiz zagrożeń i inteligencji na temat tych zdarzeń MKOl, rekonstruując łańcuch ataku na podstawie tych MKOl i korelując inne zdarzenia zagrożeń związane z tymi MKOl w spektrum czasu i przestrzeni.

Hillstone Seria I (Chroni serwery o znaczeniu krytycznym)

Hillstone Server Breach Detection System (sBDS) przyjmuje wiele technologii wykrywania zagrożeń, które obejmują zarówno tradycyjną technologię opartą na sygnaturach, jak i inteligentne modelowanie danych na dużą skalę oraz modelowanie analityki behawioralnej użytkownika, co stanowi idealne rozwiązanie do wykrywania nieznanych lub 0-dniowych ataki z zagrożeniem, aby chronić cenne, krytyczne serwery i ich wrażliwe dane przed wyciekiem lub kradzieżą. Wraz z możliwościami głębokiej analizy zagrożeń i ich widoczności, Hillstone sBDS zapewnia administratorom bezpieczeństwa skuteczne środki do wykrywania zdarzeń IOC (Wskaźników Kompromisu), przywracania łańcucha zabójstw ataków z wykorzystaniem zagrożeń oraz zapewnienia szerokiego wglądu w analizę i ograniczanie zagrożeń

Informacje kryminalistyczne i zapobiegawcze

Platforma sBDS firmy Hillstone przeprowadza ograniczanie zagrożeń w połączeniu z urządzeniami HillFW serii E NGFW i TN serii T iNGFW, które są umieszczone na obwodzie sieci.

Specyfikacje modeli:

Case Studies:

Dashboard

121

System

122111222

Łańcuch włamania

12121

Monitor

a1a1

Systemy ochrony i usługi

Cloud-Sandbox
  • Upload malicious files to cloud sandbox for analysis
  • Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP
  • Support file types including PE,ZIP, RAR, Office, PDF, APK, JAR and SWF
  • File transfer direction and file size control
  • Provide complete behavior analysis report for malicious files
  • Global threat intelligence sharing, real-time threat blocking
  • Support detection only mode without uploading files
Threat Correlation Analytics
  • Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks
  • Multi-dimension correlation rules, automatic daily update from the cloud
Advanced Threat Detection
  • Behavior-based advanced malware detection
  • Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Overflow etc.
  • Real-time, online, malware behavior model database update
Abnormal Behavior Detect
  • Behavior modeling based on L3-L7 baseline traffic to reveal anomalous network behavior, such as HTTP scanning, Spider, SPAM, SSH/FTP weak password
  • Detection of DDoS including Flood, Sockstress, zip of death, reflect, DNS query, SSL DDos and application DDoS
    Supports inspection of encrypted tunneling traffic for unknown applications
  • Real-time, online, abnormal behavior model database update
Deception Threat Detection
  • Local deception engine with regular deception models update
  • Simulate to Web, Doc or Database Servers, support protocols including FTP, HTTP, MYSQL, SSH and TELNET
Intrusion Detection
  • 8,000+ signatures, protocol anomaly detection and rate-based detection
  • Custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia
  • Over 20 types of protocols anomaly detection, including HTTP, SMTP, IMAP, POP3, VOIP, NETBIOS, etc.
  • Support for buffer overflow, SQL injection and cross-site scripting attack detection
Virus Scan
  • 4 million virus signature database
  • Online real-time updates
  • Compressed file scans
Anti-Spam
  • Real-time Spam Classification and Prevention
  • Confirmed Spam, Suspected Spam, Bulk Spam, Valid Bulk
  • Protection Regardless of the language, format, or content of the message
  • Support both SMTP and POP3 email protocols
  • Whitelists to allow emails from trusted domain/email addresses
Cloud-Sandbox
  • Upload malicious files to cloud sandbox for analysis
  • Support protocols including HTTP, SMTP, POP3, IMAP4 and FTP
  • Support file types including PE, APK, JAR, MS-Office, PDF, SWF, RAR, ZIP
  • Provide complete behavior analysis report for malicious files
  • Global threat intelligence sharing, real-time threat blocking
  • Multiple static detection engines quickly filter normal files and known threats
  • Unknown threat visualization based on logs, reports, monitoring information, file behavior reports
Botnet C&C Prevention
  • Discover intranet botnet host by monitoring C&C connections and block further advanced threats such as botnet and ransomware
  • Regularly update the botnet server addresses
  • prevention for C&C IP and domain
  • Support TCP, HTTP, and DNS traffic detection
  • IP and domain whitelists
Attack Detection
  • Abnormal protocol attack detection
  • DoS/DDoS detection, including SYN Flood, DNS Query Flood etc.
  • ARP attack detection
Application identification
  • Over 3,000 applications that can be filtered by name, category, subcategory, technology and risk
  • Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference
  • Actions: block, reset session, monitor, traffic shaping
  • Identify and control applications in the cloud
  • Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics
Threat Mitigation
  • Admin actions to change threat events status, open, false positive, fixed, ignore, confirmed
  • Threat events whitelist, including threat name, source/destination IP, hit count etc.
  • Conjunction with Hillstone firewall platforms to block threat
Monitoring
  • Dynamic, real-time dashboard status and drill-in monitoring widgets
  • Overview of internal network risk status, including critical assets risk status, host risk status, threat severity and type, external attack geo-locations, etc.
  • Visual details of threat status for critical assets and other risky host, including risk level, risk certainty, attack geo-location, kill chain mapping and other statistical information
  • Visual details of network threat events, including name, type, threat severity and certainty, threat analysis, knowledge base and history
  • Send alarm via Email and Trap
  • Cloud-based threat intelligence push service
Administration
  • Management access: HTTP/HTTPS, SSH, telnet, console
  • Central management: Hillstone Security Manager (HSM), web service APIs
  • System integration: SNMP, syslog, alliance partnerships
  • Rapid deployment: USB auto-install, local and remote script execution
  • Dynamic real-time dashboard status and drill-in monitoring widgets
  • Language support: English
Logs & reporting
  • Logging facilities: local memory and storage (if available), multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms
  • Encrypted logging and log integrity with HSA scheduled batch log uploading
  • Reliable logging using TCP option (RFC 3195)
  • Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets
  • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events
  • IP and service port name resolution option
  • Brief traffic log format option
  • Three predefined reports: Security, Flow and network reports
  • User defined reporting
  • Reports can be exported in PDF, Word and HTML via Email and FTP
CloudView
  • Cloud-Bases security management
  • 7/24 access from Web or mobile application
  • Device, traffic and threat monitoring