Pick proactive, intelligent analytics to hold the chance you deserve to stave off unknown risks.
In 2017, the devastating ransomware “WannaCry” hit more than 100 countries and regions across the globe. Hundreds of thousands of computers in government sectors, education, hospitals, energy, communications, manufacturing, and many other industries were seriously infected.
The ever-evolving ransomware and new malware have exposed the disadvantages of legacy signature or pattern-based detection methods. Unable to be updated in time to block zero-day attacks and with low detection accuracy, they are no longer an effective means of detection and protection against emerging unknown viruses.
Raises timely alerts on new viruses by illustrating the attack process, the vulnerability that the attack attempts to exploit, and the way to tackle it. Plus assist for customers with network troubleshooting, system patching and upgrade, infection detection, and virus removal.
Use anomaly monitoring, threat intelligence, correlation analytics, and other advanced technologies to scan for unknown viruses in real time and locate them accurately to guarantee a prompt and effective virus treatment.
Leverage provenance tracking, graph analysis, and machine learning algorithms to rapidly locate the source of infection by unknown viruses and block, intercept, or clear them up using security equipment interworking and expert rule-based emergency treatment.
HanSight security analytics team raises alerts to industry customers on the latest virus attack, including the attack process, the vulnerability that the attack attempts to exploit, and the way to tackle it.
HanSight first-line security team assists customers, according to the security alerts, in network forensic, system patching and upgrade, infection detection, and virus removal.
Establish network anomaly monitoring models to monitor particular protocols and ports such as SMB, 445, RDP, and 3389, and determine whether an unknown virus intrusion occurs based on the status of relevant ports, IP addresses, and protocols.
parse and analyze network traffic to establish traffic monitoring models to monitor the network traffic related to specific ports, protocols, or assets, and determine whether an unknown virus intrusion occurs based on the crest or the history data in the event of anomalous traffic peaks.
Collect host behavior data including processes, network, files, registry, DLL loading, and driver loading, and scan and analyze the data to determine whether an unknown virus intrusion occurs based on the host behavior.
Analyze how a virus behaves in the spread, execution, communication, installation control, and outbreak stages to establish virus-induced behavior anomaly detection models.
Create correlation rules for virus-induced behavior anomalies to discover virus-related anomalous behavior during port scan, network connection scan, file download scan, and other real-time security scans to determine whether an unknown virus intrusion materializes.
Extract malicious IP addresses, URLs, code, and other information related to new-type viruses and continuously update the IOCs of all latest virus attacks into threat intelligence.
Create threat intelligence-based correlation rules to raise alerts when an item hits threat intelligence during real-time security scans to determine whether an unknown virus intrusion occurs.
Merge alerts on unknown viruses and rapidly locate suspicious IP addresses through query, drilling down, correlation analysis, and forensic investigation.
Perform graph analytics on infected hosts having unknown virus alerts, exercise machine learning-powered statistical analysis on the tendency of virus attacks, and rapidly locate the source of infection by unknown viruses; and create targeted detection rules for already confirmed viruses and scan the entire network to determine (identify) the impact and scope of infection.
Deliver security policies among interworking security devices such as firewalls and IPSs to block or intercept malicious IP addresses, domains, files, and processes; quarantine all infected assets based on the provenance tracking and analysis result for unknown viruses to ensure that no new source of infection arises; and analyze the infected assets to inspect and clear up the virus before restoring the assets.
Perform real-time monitoring for network and behavior anomalies, rapidly locate the source of infection through correlation analytics and graph analysis, scan the entire network to determine the scope of infection, quarantine the infected devices, and take appropriate actions.
Monitor network connections and network activities in real time and correlate assets to any illegal connection with the mining pool marked in the high-confidence threat intelligence to identify, locate, and take actions on the assets infected with mining malware.
Monitor network connections and file downloads in real time for anomalies, locate the source of infection through network traffic monitoring and correlation analytics, quarantine compromised websites via security device interworking, and take actions on infected assets.