CN
“Daden” is an ‘unknown threat protection’ product developed by Surfilter for organizations that possess important sensitive information and data, such as the party, government and military departments, important information units, enterprises and scientific research institutes that are targeted by hackers and cyber criminals. Based on the leading domestic network threat intelligence, network sandbox technology and abnormal behavior analysis technology, this product adopts a front and back-end combined dynamic and static mode, to discover and intercept various customized confusion detection, curve penetration, social worker fraud, special Trojan attacks, etc.
Product Advantages
Abnormal Behavior Analysis: The network traffic is analyzed continuously at the network’s exits and important internal nodes. The network behavior of each user is modeled separately based on in-depth learning technology, and the context of the network session is monitored continuously, to respond the abnormal behavior when detected.
Abnormal Code Analysis: After sample files are initially screened based on black-and-white list technology, unknown samples are dynamically analyzed locally in real-time and linked to the cloud monitoring system, to accurately detect the penetration of unknown malicious code.
Powerful Cloud Analysis Capabilities: Based on cloud computing architecture, Surfilter's cloud platform supports flexible scalability and release of computing resources. It provides a completely independent virtual environment, enabling a large amount of computing resources to be used for virtualized malware analysis.
Quickly Update Signature Library: The ‘unknown threat’ monitoring platform distributes the malware information identified in one terminal to all users by transmitting the information to the ‘unknown threat’ cloud platform within 15 minutes. The security system includes security export devices, private clouds, and public clouds. In addition to being used malware signature updates, it is also used to update DNS signatures, URL signatures, and command and control signatures.
Product Advantages
Traffic Visualization: The in-depth DPI monitoring for applications supports traffic-based data tagging and accurate identification.
Intrusion Monitoring and Defense: The intranet traffic can be monitored in the data center, and the product supports service monitoring and protection in the virtual system. Threat analysis and blocking can also be implemented for the existing signature library.
Unknown Threat File Analysis: The ‘unknown threat’ cloud platform can eliminate and eradicate the impact of APT attacks by monitoring files such as Java, pe, office, all, pdf as well as mobile app malware.
Detailed Log Report: Through threat analysis, the product can provide a detailed start and end point for known threats and attacks; in case of unknown threats, the product can provide a detailed sandbox analysis report, to clarify the attack method.
