Need Help?

Cybersecurity Intelligence System

Cybersecurity Intelligence System (CIS) defends against APT attacks by utilizing technologies such as Big Data analytics and machine learning. To guard key information assets, the CIS accurately identifies and defends against APT attacks. It can restore the kill chain of an APT by extracting key information from mass data, assessing risks in multiple dimensions, and correlating isolated anomalies based on Big Data analytics.

Detects events based on APT kill chains and real-time awareness of security posture

  • Comprehensive detection: Detection of events based on APT kill chains, correlating and combining threats
  • Network-wide collaboration: Collaboration between security devices and endpoints to handle detected threats and share reputation in the cloud
  • Network visualization: Real-time awareness of security posture, enabling search and source tracing of PB-level data within seconds

Specifications

Traffic Collection

Parses HTTP, DNS, and mail protocols, restores HTTP files and mail attachments, and captures packets based on packet capture rules

Log Collection

Collects syslogs from ArcSight and FireHunter, and netflow logs from Huawei routers, Huawei switches, and flow probes

C&C Anomaly Detection

Detects DGA and Fast-Flux domain names

Event Correlation Analysis

Provides predefined rules for logs and allows users to define correlation rules and sub-rules

Traffic Baseline Anomaly Detection

Allows users to configure traffic control rules and supports vertical and horizontal scanning

Traffic Anomaly Detection

Detects unauthorized access, threshold-exceeding traffic rates, and threshold-exceeding access frequency

Mail Anomaly Detection

Analyzes mail sending servers, senders, and recipients, allows users to define the mail whitelist and blacklist, and detects mail attachments

Covert Tunnel Detection

Detects Ping Tunnel, DNS Tunnel, and file evasion

Reputation Management

Supports local IP reputation query, DNS reputation generation, and file reputation query

Attack Path Visualization

Displays attack transmission paths, including attacks from the Internet to the intranet, transmission within the intranet, and C&C connections from the intranet to the Internet

Network-wide Threat Posture

Analyzes threats, malicious and suspicious mails, malicious and suspicious files, targeted hosts, and malicious domain names; and displays correlated events and traffic anomaly events

Smart Search

Searches for data and drills search results

Blacklist and Whitelist Management

Manages mail, URL, IP address, and domain name blacklists and whitelists

WORLDWIDE

Huawei Enterprise APP
Worldwide

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.