● Product Overview

  With the rapid development of network, application layer attacks represented by worm, Trojan, spyware and DDoS attack have emerged one after another. Traditional protection based on network layer can only inspect message headers and match rules. At present, however, a large number of application layer attacks are hidden in normal messages or even across several messages, or section virus and Trojan programs. In this case, existing firewalls often cannot accurately determine if the data traffic is normal or illegal, and it is insignificant to analyze only single message header.
  Botnet, Trojan and worm monitoring and disposal product conducts in-depth inspection for messages, reassembly and restoration determination for data traffic, and real-time detection for application layer threats. The product can automatically determine the spread event and the controlled event of Botnet, Trojan and worm.
  ● Product Composition
  Botnet, Trojan and worm monitoring and disposal product is composed of Botnet, Trojan and worm detection defense front-end machine, file restoration system and administration platform (NISP).
  Botnet, Trojan and worm detection defense front-end machine
  Detect the data traffic according to the virus library, extract the application layer features, compare with the feature library, so as to identify illegal data;
  File restoration system
  Restore files sent by users, compare them with the sample feature library, classify legal files and illegal files, and support the statistics and uploading of illegal files;
  Administration platform (NISP)
  Administer Botnet, Trojan and worm detection defense front-end machine, file restoration system, log, alarm, feature library, database and web.
  ● Product Characteristics
  High performance
  ● High-performance network security equipment based on x86 supports message inspection and control one by one, while traditional manufacturers usually conduct sampling detection, which results in inaccurate inspection results and missing;
  ● Single detection equipment has 40Gbps traffic processing capacity.
  Based on X86 server, achieve ultra-high-speed processing capacity with no need of customized chip;
  ● Directly reduce hardware cost with scheme jointly designed with DPI.
  Have all the functions required in the examination of the Ministry of Industry and Information Technology, including virus file detection, suspected sample restoration, known virus traffic detection and blocking disposal;
  Have a professional feature library, which is timely updated and can identify the latest malicious programs.
  Professional safety laboratory;
  Participate in Botnet, Trojan and worm processing capability standard compilation of the Ministry of Industry and Information Technology.
  ● Product Function
Botnet, Trojan and worm behavior detection
Data collection
Collect HTTP, FTP, SMTP, POP3, DNS and other Protocol traffic
Botnet, Trojan and worm behavior detection
Conduct real-time detection for Botnet, Trojan and worm through blacklist URL, blacklist IP, blacklist domain name, blacklist feature code
Block traffic according to URL, IP, domain name
Redirect malicious traffic to the specified secure link
Restoration server
Restore samples
Restore samples spread on the network, including exe, rar, zip, cab
Scan Botnet, Trojan and worm files
Scan sample for virus files
Interface module
Update feature library
Manual and automatic cloud updating
Report XDR
Report XDR to administrative platform