Unknown Virus Detection and Alerting
Pick proactive, intelligent analytics to hold the chance you deserve to stave off unknown risks.
Challenges
In 2017, the devastating ransomware “WannaCry” hit more than 100 countries and regions across the globe. Hundreds of thousands of computers in government sectors, education, hospitals, energy, communications, manufacturing, and many other industries were seriously infected.
The ever-evolving ransomware and new malware have exposed the disadvantages of legacy signature or pattern-based detection methods. Unable to be updated in time to block zero-day attacks and with low detection accuracy, they are no longer an effective means of detection and protection against emerging unknown viruses.
Ravaging ransomware
Frequent emergence of new viruses
Ineffective traditional detection approaches
Improved defense technologies
Solutions
Early
Security vulnerability alerting and system reinforcement
Raises timely alerts on new viruses by illustrating the attack process, the vulnerability that the attack attempts to exploit, and the way to tackle it. Plus assist for customers with network troubleshooting, system patching and upgrade, infection detection, and virus removal.
Real-Time
Unknown Virus Detection and Analytics
Use anomaly monitoring, threat intelligence, correlation analytics, and other advanced technologies to scan for unknown viruses in real time and locate them accurately to guarantee a prompt and effective virus treatment.
Proactive
Unknown virus response and handling
Leverage provenance tracking, graph analysis, and machine learning algorithms to rapidly locate the source of infection by unknown viruses and block, intercept, or clear them up using security equipment interworking and expert rule-based emergency treatment.
Security Vulnerability Alerting and System Reinforcement
HanSight security analytics team raises alerts to industry customers on the latest virus attack, including the attack process, the vulnerability that the attack attempts to exploit, and the way to tackle it.
HanSight first-line security team assists customers, according to the security alerts, in network forensic, system patching and upgrade, infection detection, and virus removal.
Real-Time Unknown Virus Detection and Analytics
Unknown virus detection by network anomaly
Establish network anomaly monitoring models to monitor particular protocols and ports such as SMB, 445, RDP, and 3389, and determine whether an unknown virus intrusion occurs based on the status of relevant ports, IP addresses, and protocols.
parse and analyze network traffic to establish traffic monitoring models to monitor the network traffic related to specific ports, protocols, or assets, and determine whether an unknown virus intrusion occurs based on the crest or the history data in the event of anomalous traffic peaks.
Unknown virus detection by host anomaly
Collect host behavior data including processes, network, files, registry, DLL loading, and driver loading, and scan and analyze the data to determine whether an unknown virus intrusion occurs based on the host behavior.
Unknown virus detection by behavior anomaly
Analyze how a virus behaves in the spread, execution, communication, installation control, and outbreak stages to establish virus-induced behavior anomaly detection models.
Create correlation rules for virus-induced behavior anomalies to discover virus-related anomalous behavior during port scan, network connection scan, file download scan, and other real-time security scans to determine whether an unknown virus intrusion materializes.
Unknown virus detection by threat intelligence
Extract malicious IP addresses, URLs, code, and other information related to new-type viruses and continuously update the IOCs of all latest virus attacks into threat intelligence.
Create threat intelligence-based correlation rules to raise alerts when an item hits threat intelligence during real-time security scans to determine whether an unknown virus intrusion occurs.
Unknown Virus Response and Treatment
Unknown virus provenance tracking and analysis
Merge alerts on unknown viruses and rapidly locate suspicious IP addresses through query, drilling down, correlation analysis, and forensic investigation.
Perform graph analytics on infected hosts having unknown virus alerts, exercise machine learning-powered statistical analysis on the tendency of virus attacks, and rapidly locate the source of infection by unknown viruses; and create targeted detection rules for already confirmed viruses and scan the entire network to determine (identify) the impact and scope of infection.
Unknown virus emergency treatment
Deliver security policies among interworking security devices such as firewalls and IPSs to block or intercept malicious IP addresses, domains, files, and processes; quarantine all infected assets based on the provenance tracking and analysis result for unknown viruses to ensure that no new source of infection arises; and analyze the infected assets to inspect and clear up the virus before restoring the assets.
Applicable Industry
- All
Supported System
- Host operating system
- Endpoint operating system
- Network system
Application Scenario
- Security vulnerability alerting and system reinforcement
- Unknown virus detection by network anomaly
- Unknown virus detection by host anomaly
- Unknown virus detection by behavior anomaly
- Unknown virus detection by threat intelligence
- Unknown virus response and handling
Data Source
- Network traffic data
- Security device logs
- Operating system logs
- Threat intelligence
- EDR alerts
Compliance and Best Practice
- China’s Cybersecurity Law
- Classified Cybersecurity Protection Regulations 2.0
- Industry regulations
- ISO 27001
Customer Benefits
Value-add approach to traditional defense means
Real-time monitoring for unknown viruses
Accurate location of infected assets
Prevention of business interruption
Application Cases
Ransomware treatment without business interruption
Perform real-time monitoring for network and behavior anomalies, rapidly locate the source of infection through correlation analytics and graph analysis, scan the entire network to determine the scope of infection, quarantine the infected devices, and take appropriate actions.
Mining malware detection and treatment by threat intelligence
Monitor network connections and network activities in real time and correlate assets to any illegal connection with the mining pool marked in the high-confidence threat intelligence to identify, locate, and take actions on the assets infected with mining malware.
Trojan infection treatment by behavior analytics and monitoring
Monitor network connections and file downloads in real time for anomalies, locate the source of infection through network traffic monitoring and correlation analytics, quarantine compromised websites via security device interworking, and take actions on infected assets.
Application Cases
Ransomware treatment without business interruption
Perform real-time monitoring for network and behavior anomalies, rapidly locate the source of infection through correlation analytics and graph analysis, scan the entire network to determine the scope of infection, quarantine the infected devices, and take appropriate actions.
Application Cases
Mining malware detection and treatment by threat intelligence
Monitor network connections and network activities in real time and correlate assets to any illegal connection with the mining pool marked in the high-confidence threat intelligence to identify, locate, and take actions on the assets infected with mining malware.
Application Cases
Trojan infection treatment by behavior analytics and monitoring
Monitor network connections and file downloads in real time for anomalies, locate the source of infection through network traffic monitoring and correlation analytics, quarantine compromised websites via security device interworking, and take actions on infected assets.
