Product Service

Special Topics in Security

Security Research

About Us

About Topsec

China's leading cyber security, big data and cloud service provider

Learn about Topsec

Company Profile

Contact Us

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference.

Threat Intelligence Service

Multi-source intelligence convergence, security threat analysis and tracing, active defense against network attacks

Overview

Topsec Threat Intelligence Service (Top-TI) adopts the generation and application of threat intelligence as the core, and integrates the internally generated threat intelligence with the intelligence externally obtained from third parties, and can accumulate and generate dynamic threat intelligence data based on the capacity of Topsec security devices. In addition, it's also built with an integrated cybersecurity threat intelligence security system, and can realize a closed loop of analysis and processing that integrates the collection, generation and application of threat intelligence. The platform provides customers with effective data support based on the high-quality threat intelligence database of Topsec, and can timely find unknown threats and strengthen the overall defense.

Activity & Announcement

Hot products Next Generation Firewall
Typical cases CNCC security construction project

Advantages

Wide source and full range of intelligence

Topsec threat intelligence can cover over 110 sources, including the collection of open-source data, the acquisition of self-built honey jar system, business cooperation, and security operation, and there are over 20 types of intelligence, including IP, domain name, URL, sample, email, and security loopholes.

Extensive experience in the construction of intelligence system

Topsec threat intelligence experts used to participate in planning national threat intelligence platforms, building a part of core modules, and preparing threat intelligence at a national level.

Professional intelligence analysis teams

Topsec threat intelligence center, security operation center, investigation laboratory, security technology research institute and other expert teams can provide technical support for the production and analysis of threat intelligence, and can also produce threat intelligence data, study intelligence analysis technologies, and offer service supports on a regular basis.

National emergency support institutions

As CNCERT's national emergency support institution, CNCERT's 1st support institution in APT monitoring and analysis, and the technical support institution of China National Vulnerability Database (CNVD), China National Vulnerability Database of Information Security (CNNVD), and China National Industrial Cyber Security Vulnerability Database (CICSVD), Topsec is the technical support institution of national network and information security intelligence report mechanism, with extensive experience in cybersecurity threat monitoring and emergency response, etc.

Application

Scenario

Customers don't have the need or resources to build their own intelligence center, but there are some threat intelligence related business, which shall be completed by virtue of the query service of the cloud threat intelligence interface provided by security manufacturers.

Issues Resolved

Customers should check the threat risks of boundary assets (website, domain name, boundary exit IP, etc.) on a regular basis. They can log in to the cloud service platform-intelligence service by account password, and then enter the keyword of single/batched assets, to query basic asset information, threat information, relevant information and other intelligence data, evaluate asset threats based on the query result, and find them in advance.
When checking threat risks of assets on a regular basis, users don't want to enter each time when there are no big asset changes. They want to enter subsequent regular task execution in one time, and then check and download after tasks are completed. They can log in to the cloud service platform-intelligence service by account password, enter the self-owned asset data in batches, and create patrol inspection tasks. Then, the platform will implement the collision analysis of threat intelligence regularly and automatically, and then generate the analysis report of threat intelligence after completing tasks, and such reports can be downloaded by the port of the interface.
In case of unstable network, customers should upgrade their threat intelligence database of security device/system on a regular basis. They can log in to the cloud service platform-intelligence service by account password, and download the offline package of threat intelligence within the authorization, to upgrade their device/system intelligence database.

Scenario

Customers create their own security solutions, which should be supported by threat intelligence data, and in case of no local data or failing to meet the requirements, cloud intelligence data is required to enable the devices/systems in the solutions. Security solutions generally include security gateway, security inspection, logs, traffic equipment, situation awareness, risk detection system, and local threat intelligence center.

Issues Resolved

By accessing to threat intelligence data, risk detection and situation awareness systems/equipment can further analyze the threat, track down the source, sound alarms, analyze incidents and expand business on this basis.
The local threat intelligence platform is subscribed with cloud intelligence data synchronism services, which should upgrade the local threat intelligence database on a regular basis, and the upgraded data types include but are not limited to: high-precision IOC intelligence, IP, domain name, URL, sample, email and other reputation intelligence, loopholes, APT, security incidents, and analysis reports.
Loophole warning, threat monitoring, risk detection, situation awareness systems/equipment should be fast integrated and use cloud threat intelligence data to make development easier. The cloud intelligence data interface is provided with convenient development SDK, which can help fast integrate and use cloud threat intelligence data, and expand relevant intelligence business based on the SDK, such as threat analysis, alarm reminder, and incident analysis.
Traffic and blocking equipment can be used in combination with high-precision threat intelligence or reputation intelligence data, to detect threat intelligence, and then sound alarms and block threats, if any.
Log and traffic equipment can collide parsed log data and traffic data with threat intelligence data, and find the threat risks in the traffic.

Scenario

Due to the scale of organization, data privacy, industrial features, etc., large-scaled enterprises and public institutions/regulatory institutions cannot directly use the interface service and data service of cloud threat intelligence, and should set up their own threat intelligence center/platform to provide threat intelligence services for all security nodes in the cybersecurity solutions of customers.

Issues Resolved

There are sensitive and highly accurate industry-related intelligence data at the customer side, and the local threat intelligence can be managed by building the local threat intelligence platform, and then transmitted to each security device by API interface, to provide more accurate intelligence to enable the overall security solutions.
There are sensitive and accurate region-related data at regional regulatory institutions, and the regional intelligence data can be managed by the local threat intelligence platform, and then transmitted to each security device by API interface, to provide more accurate intelligence to enable the overall security solutions.
Due to sensitive information and other reasons, the security devices at the Intranet side of customers cannot be fully and directly connected to the Internet, or the cloud intelligence service cannot be directly used, and the cloud intelligence data is required to enable the local security solutions. The local threat intelligence platform should act as the agent for cloud data, and update local threat intelligence platform data regularly by offline packages, unilateral network, data ferrying, etc., and the equipment at the Intranet side of customers can obtain intelligence data services by accessing to the local threat intelligence platform.

Value to Customers

From passive defense to active protection

With high-precision intelligence data as the huge support, threat intelligence pushing services are provided to the networking equipment of customers, and once threats are found, they will be locked by collaborative equipment to form an integrated defense system, and turn passive defense into active protection.

Improvement of response for cybersecurity incidents

By applying Topsec threat intelligence based on Topsec cloud service platform, local cybersecurity threats can be timely perceived and key security incidents can be timely alarmed and notified.

Creation of corporate security intelligence system

The platform helps customers create security intelligence systems suitable for their demands by gathering external multi-source intelligence data from third parties in combination with Topsec security intelligence capacity and accumulations.

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation