Stock Abbreviation : Topsec      Stock Code : 002212
7*24 hour service: 400-777-0777
Product Service
View all
  • Infrastructure Network
  • Data security
  • Industrial Internet Security
  • IoT
  • Safety service and operation
  • Cloud computing and cloud security
  • Zero Trust
Border Security
Application Security
Security Management
Safety Detection
Endpoint Security
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Consulting and support services
Security Operations
Red blue confrontation service
Security Cloud Service
New technology testing services
Security integration
Industry specific services
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Special Topics in Security
Security Research
About Us
About Topsec
China's leading cyber security, big data and cloud service provider
Learn about Topsec
About Us
Contact Us
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
EN

APT Security Monitoring System

Integrate nine functions into one product, apply TAI-1 smart engine + virtual sandbox technology and have an embedded threat intelligence database!

APT Security Monitoring System Overview

Topsec APT Security Monitoring System, the full traffic threat detection system of Topsec, is based on the NDR (Network Detection and Response) security system. It integrates nine functions: attack detection, zombie worm detection, DDoS detection, malicious program detection, APT detection, web security detection, virtual sandbox, metadata extraction, and traffic analysis, that is, a nine-in-one full-traffic monitoring probe. Through in-depth analysis of network traffic, combined with feature matching, abnormal behavior analysis, machine learning, virtual sandbox and other technologies, it can identify various known and unknown threats in the network, and improve customer threat monitoring and response capabilities.

Activity & Announcement
Advantages
Nine in One Detection

It integrates nine functions: attack detection, zombie worm detection, DDoS detection, malicious program detection, APT detection, web security detection, virtual sandbox, metadata extraction, and traffic analysis. A single device can handle multiple network threats. The effect of detection is to save safety construction costs and reduce the workload of operation and maintenance management.

Embedded Threat Intelligence

By embedding the threat intelligence database locally, the threat intelligence capability can be independently realized without linkage with a third-party threat intelligence platform. The intelligence source is reliable and the update speed is fast. It has various types of intelligence such as malicious IP, malicious URL, malicious domain name, and malicious files, and contains more than 8 million highly reliable threat intelligence data.

Unknown malware detection

The TAI-1 smart engine is applied, combined with the detection technology of the virtual sandbox, to realize the detection capability of malicious programs without relying on any rule base. It breaks the shackles of traditional feature matching technology, can detect known malicious programs, and can detect unknown malicious programs.

Multi-dimensional knowledge base support

It has six knowledge bases: attack detection rule base, application identification base, geographic information base, zombie host rule base, threat intelligence base, and URL classification base. The multi-dimensional and rich knowledge base is used for product threat detection, attack location, and online behavior analysis. It provides guarantee capabilities in other aspects, and the knowledge base guarantees frequent updates.

Application
Scenario

The traffic probe + situation analysis platform architecture is adopted, and the traffic probe is used to monitor the egress traffic of multiple network areas and report it to the analysis platform to realize the threat situation awareness of the whole network. In this scenario, each monitoring point deploys a traffic probe. Meet the requirements of multiple threat detection, rich reporting data, and high detection capabilities.

Issues Resolved
  • A single TopAPT probe device can meet multiple detection capabilities, reduce construction costs, and reduce the workload of operation and maintenance management.
  • The data reported by TopAPT is rich in content and multi-dimensional, including threat logs, malicious samples, traffic metadata, and forensic packets, etc., providing data support for the situational awareness platform.
  • TopAPT has rich performance and meets the traffic monitoring requirements of different bandwidths.
Scenario

Offensive and defensive combat drills have been widely carried out to improve the comprehensive capability of emergency response to security incidents. During the exercise, the defender needs to achieve real-time, active, and dynamic defense capabilities, and usually uses monitoring and protection tools to assist security analysts. Monitoring and protection tools provide capabilities such as real-time traffic analysis, threat identification, malicious code recovery and capture, and threat source tracing.

Issues Resolved
  • It runs 7*24 hours, detects network traffic in real time, helps security analysts to quickly investigate massive threats, and improves the speed of threat response.
  • With detection technologies such as feature matching, abnormal behavior analysis, machine learning, and virtual sandbox, it can accurately detect threats, reduce the rate of false positives and false negatives, and improve defense efficiency.
  • It has the ability to trace and collect evidence, and provide materials for further analysis of suspected threats.
Value to Customers
Low application cost

It integrates nine functions into one, realizes comprehensive identification of various network threats, and a single device can achieve the application effect of various detection devices, reducing procurement costs.

Application Diversity

It can be used as a professional botnet and Trojan file monitoring device and can also be used as a traffic threat probe application.

Improve security early warning capabilities

Multi-dimensional detection of threat events and detailed event records provide data support for in-depth analysis of the state-of-the-art platform and improve the security early warning capabilities of the entire network.

Improve threat hunting efficiency

It has the capabilities of event full-traffic forensics, fine-grained traffic analysis, and automatic threat analysis and judgment, helping security analysts to achieve efficient threat tracking and reduce personnel processing work.

Relevant Recommendations
RELIABLE NETWORK SAFE WORLD

Product Service

Security Research

Special Topics in Security

About Us
Hot products
Next Generation Firewall NGFW® Hyper-converged Management Emergency Response Service Data Security Management Platform
Typical cases
CNCC security construction project Loophole Scanning Project of a Communication Group Internet surface exposure detection project of a central ministry
More Recommendations
Data Security Cloud Computing Industrial Internet Internet of Vehicles
Copyright © 2022 Topsec Technologies Group. All Rights Reserved Privacy Policy