Flame Threat Detection System (TopFLAME)

Product Service

Special Topics in Security

Security Research

About Us

About Topsec

Learn about Topsec

Company Profile

Contact Us

Intelligent Computing Cloud

Rapid and Secure Deployment of Large Model Applications

Flame Threat Detection Overview

Topsec Flame Threat Detection System (TopFLAME) is a new-generation probe-type threat detection system primarily designed for high-precision threat detection in small to medium traffic scenarios. Its application scenarios include: serving as the detection engine for XDR, acting as a high-precision detection tool for cybersecurity exercises (HW), functioning as the detection engine for the Topsec AI model, and complementing the threat detection capabilities of firewalls. The product integrates multiple threat detection databases, including threat intelligence libraries, advanced threat libraries, botnet host rule databases, attack detection rule databases, web security detection rule databases, virus rule databases, application identification libraries, geographic information libraries, URL classification libraries, and asset identification libraries. By combining these ten intelligent rule databases, TopFLAME establishes a new paradigm for proactive defense, ensuring that no threat can evade detection.

Activity & Announcement

Hot Products Intelligent Computing Cloud Platform
New Products Ask Large Model
New Products Large Model Data Security Monitoring
Typical cases CNCC security construction project

Advantages

Ten-Dimensional Matrix Detection

TopFLAME integrates multiple rule libraries, including threat intelligence libraries, advanced threat libraries, botnet host rule libraries, attack detection rule libraries, and asset identification libraries. These ten dimensions do not exist in isolation but are interwoven and operate synergistically, forming a rigorous detection matrix that enables comprehensive monitoring of network threats.

AI-Powered Security Analysis

The system supports AI assistant capabilities, enabling AI-based analysis of massive environmental data and intelligent AI interaction. Utilizing NLP algorithms and embedding model technologies, it semantically interprets user inquiries. Through interactive dialogue, it intelligently analyzes user intent and provides rapid graphical and textual responses to user needs. When security personnel query data, they can input natural language to quickly obtain answers to current issues, significantly simplifying manual operations and empowering security analysis through the integration of data and intelligence.

Multi-Perspective Risk Insight

The Topsec Flame Threat Detection System conducts in-depth analysis of logs and sample data related to security incidents such as attack behaviors, malicious program transmissions, abnormal traffic, and data leaks, examining them from multiple perspectives including the attacker, victim, and data breach. Key information such as network attack distribution, risk levels, attack paths, and virus propagation trajectories is visually presented in chart formats, empowering security personnel to quickly grasp the network landscape and respond effectively to security threats.

Advanced Threat Detection

The Flame system leverages an advanced threat library that integrates the long-term practical experience of professional security service personnel and continuously optimizes its rules based on real-world attack scenarios. This threat library covers eight major categories, including APTs, HTTP anomalies, malware, command and control, and lateral movement, significantly enhancing the efficiency and accuracy of threat detection.

Asset Discovery and Inventory

The system employs a combination of active scanning and passive discovery to comprehensively map online assets within the network. The types of assets scanned and discovered include database assets, web application assets, and various IT hardware assets, among others. These two asset discovery methods—active scanning and passive traffic analysis—work synergistically. This approach generates a detailed and accurate network asset inventory, providing robust support for a thorough understanding of the network asset landscape and helping users better manage and maintain network resources.

Cloud Environment Detection

Traditional security detection relies on auditing traffic via bypass mirroring. However, as traffic within cloud platforms is often difficult to mirror to security devices, addressing the increasingly complex cloud environment requires adaptive measures. In addition to auditing traffic by installing agents on application servers for traffic redirection, the Flame system also features a reverse proxy capability. By leveraging built-in reverse proxy policies, it captures operational traffic between clients and cloud servers, enabling the detection of traffic-based threats within cloud platforms.

Application

Scenario Description

Bypass deployment is the most common deployment method. TopFLAME is deployed in bypass mode within the target network to listen to mirrored traffic, enabling comprehensive detection through parsing and analysis. This deployment topology is simple, does not alter the existing network structure, and allows for quick and convenient system deployment. Threat detection is achieved by passively monitoring the mirrored traffic.

Issues Addressed

Simple bypass topology that does not modify the original network structure.
Quick and convenient deployment, with threat detection achieved through passive monitoring of mirrored traffic.
No impact on original business interactions.

Scenario Description

As cloud-based business technologies mature and market acceptance grows, virtualization scenarios have become increasingly common. To address the growing complexity of business environments, TopFLAME supports the Agent probe traffic redirection mode. This involves installing the Agent probe plugin on the operating system of target application servers to capture network interface interaction traffic and relay it back to TopFLAME for analysis.

Issues Addressed

Inability to mirror traffic within cloud environments.
Insufficient mirroring ports on upper-layer routing and switching devices, preventing traffic collection via bypass mirroring methods.
Resolving issues such as the inability to mirror internal traffic in cloud environments and other related challenges.

Value to Customers

Real-Time Threat Awareness in Business Traffic

By collecting and analyzing business traffic in real time, malicious attacks and other threats can be swiftly detected. Leveraging real-time monitoring and intelligent analysis of traffic data, the system can promptly identify abnormal traffic behaviors and potential attack indicators. This breaks the "traffic black box," prevents threats from lurking and spreading, and provides reliable security assurance for the stable and continuous operation of business activities.

Deep Mining and Analysis of Critical-Period Traffic

Focusing on the scenario of cybersecurity exercises (HW), the system dissects data such as traffic sources and anomalous requests, performing in-depth analysis of attack paths and abnormal characteristics within the traffic. This enables timely resolution of issues affecting business operations and ensures service continuity. Simultaneously, it provides a basis for optimizing protection strategies and addressing defense gaps, thereby enhancing the overall defensive capabilities for cybersecurity exercises.

Providing Strong Support for Traceability and Attribution

In the event of incidents such as data breaches or malicious attacks, TopFLAME leverages complete retention, precise parsing, and correlation analysis of business traffic data to clearly reconstruct the timeline, attack paths, involved entities, and operational behaviors of the incident. This facilitates rapid problem identification and the implementation of remedial measures, while also offering effective data evidence for accountability determination and legal recourse.

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation