By automating the monitoring of critical paths, combining regular libraries, similarity matching, sandboxing and other detection methods, real-time file change detection, so that web backdoors can be detected in a timely manner and the affected part of the backdoor can be clearly labelled.
Through real-time monitoring of user process behaviour, combined with behavioural identification methods, it can timely detect the bounce shell behaviour generated by illegal shell connection operations, effectively sense the behavioural traces of 0day vulnerability exploitation, and provide a detailed process tree of the bounce shell.
Through real-time monitoring of the user's process behaviour, combined with behavioural recognition technology, we are able to detect and notify the user of a process's privilege escalation operation in a timely manner and provide detailed information about the privilege escalation operation.
Through the analysis of process association information, combined with pattern recognition and behavioural detection, it provides an automated system backdoor detection method that does not rely on Hash, and achieves multi-dimensional, highly accurate and fast backdoor discovery in multiple systems.
The dual detection mode of Cloud-side&Client-side allows every feature and behaviour of the mining program to be detected and reported alerts in real time. It supports a variety of processing methods such as segmenting, deleting, repairing and verifying mining, and also provides the power of high degree of customisation of the detection rules, which conveniently for users to quickly respond to and prevent mining Trojans.
By analysing common Remote Command Execution Vulnerability Exploitation and using Pattern Recognition, we can monitor the characteristics of user process execution in real time, accurately matches the execution behaviours and execution nameing contents of process anomalies in workloads, so that we can effectively detect the traces of commands executed by hackers using vulnerabilities, and timely alerts.
In-depth monitoring of each node of the attack path, and provides Comprehensive and High Real-time attack monitoring on Multiple Platforms and Systems, achieved all-round real-time monitoring.
With the support of Agent capability, combined with IoC, Big Data, Machine Learning and other analysis methods, Real-time monitoring and notification of intrusion events can be achieved, so that the intrusion of ‘high’ real-time.
Based on in-depth analysis of the time and dimension of the attack, we can sort out the ins and outs of the intrusion event, so that the intrusion analysis can be seen from the bottom.
Provides a variety of response capabilities, including automatic blocking, manual segmentation, blacklist/whitelist and custom processing tasks, makes the response efficient and diverse.
