产品名称
Anti-Malware
DESCRIBE
● Product Overview
With the rapid development of network, application layer attacks represented by worm, Trojan, spyware and DDoS attack have emerged one after another. Traditional protection based on network layer can only inspect message headers and match rules. At present, however, a large number of application layer attacks are hidden in normal messages or even across several messages, or section virus and Trojan programs. In this case, existing firewalls often cannot accurately determine if the data traffic is normal or illegal, and it is insignificant to analyze only single message header.
Botnet, Trojan and worm monitoring and disposal product conducts in-depth inspection for messages, reassembly and restoration determination for data traffic, and real-time detection for application layer threats. The product can automatically determine the spread event and the controlled event of Botnet, Trojan and worm.
● Product Composition
Botnet, Trojan and worm monitoring and disposal product is composed of Botnet, Trojan and worm detection defense front-end machine, file restoration system and administration platform (NISP).
Botnet, Trojan and worm detection defense front-end machine
Detect the data traffic according to the virus library, extract the application layer features, compare with the feature library, so as to identify illegal data;
File restoration system
Restore files sent by users, compare them with the sample feature library, classify legal files and illegal files, and support the statistics and uploading of illegal files;
Administration platform (NISP)
Administer Botnet, Trojan and worm detection defense front-end machine, file restoration system, log, alarm, feature library, database and web.
● Product Characteristics
High performance
● High-performance network security equipment based on x86 supports message inspection and control one by one, while traditional manufacturers usually conduct sampling detection, which results in inaccurate inspection results and missing;
● Single detection equipment has 40Gbps traffic processing capacity.
Based on X86 server, achieve ultra-high-speed processing capacity with no need of customized chip;
● Directly reduce hardware cost with scheme jointly designed with DPI.
Integrity
Have all the functions required in the examination of the Ministry of Industry and Information Technology, including virus file detection, suspected sample restoration, known virus traffic detection and blocking disposal;
Have a professional feature library, which is timely updated and can identify the latest malicious programs.
Professionalism
Professional safety laboratory;
Participate in Botnet, Trojan and worm processing capability standard compilation of the Ministry of Industry and Information Technology.
● Product Function
Category
|
Function
|
Description
|
Botnet, Trojan and worm behavior detection
|
Data collection
|
Collect HTTP, FTP, SMTP, POP3, DNS and other Protocol traffic
|
Botnet, Trojan and worm behavior detection
|
Conduct real-time detection for Botnet, Trojan and worm through blacklist URL, blacklist IP, blacklist domain name, blacklist feature code
|
|
Blocking
|
Block traffic according to URL, IP, domain name
|
|
Redirection
|
Redirect malicious traffic to the specified secure link
|
|
Restoration server
|
Restore samples
|
Restore samples spread on the network, including exe, rar, zip, cab
|
Scan Botnet, Trojan and worm files
|
Scan sample for virus files
|
|
Interface module
|
Update feature library
|
Manual and automatic cloud updating
|
Report XDR
|
Report XDR to administrative platform
|