CTO Talk: Eight Built-in Layers of Threat-Fighting Weapons

  • CTO Talk
LogSentinel’s operational security platform (SIEM, XDR & SOAR) continuously optimizes the models of specialized threat systems and has created eight layers of anti-threat weapons. Based on the characteristics of user behavior and traffic analysis, the series of local anti-threat modules form an iron wall to prevent telecommunication and network threats and protect the safety of users’ communications and property. The LogSentinel platform has a unique large-scale network protection capability, it monitors, analyzes, tracks, and locates attack traffic from a network-wide perspective and combines cleaning, blocking, and intelligent filtering to achieve precision protection. LogSentinel applies intelligent security vector analysis and decision management throughout the process of security risk monitoring, analysis, response, and prediction, targeting threats, risks, assets, services, users, etc., based on log files for security, network traffic, user behavior, terminal logs, business Data from multiple sources such as data and asset health combined with external intelligence realizes an assessable situation through global health assessment, external attack rating and self-inspection of system compliance; through attack trend analysis, abnormal traffic judgment and terminal behavior. Detection to achieve predictive trends through intelligent detection and identification of unknown threats, traffic/behavior/asset status monitoring, and multi-dimensional risk analysis realize risk recognition through attack source tracking and evidence collection and processing in a closed-loop process of work orders, adaptive adjustment with the strategy of realization of knowledge, action, and control. The LogSentinel platform is an intelligent unified platform for security threat awareness and proactive security protection based on technologies such as blockchain, big data, machine learning, and pattern recognition. Security management is well managed and emergency response to security incidents can be handled with real urgency. LogSentinel is a network security threat awareness coordination command platform that provides security experts with threat awareness, traceability, and related network security analysis of key information systems, a comprehensive understanding of the network security situation, threats, risks, and hidden dangers and real-time monitoring of vulnerabilities, viruses, Trojans and network attacks, form a working mechanism for network security monitoring, early warning and processing, coordinated and connected by the network information department and other functional departments, and immediately report major security threats of the network of various units of organizations and supervisory departments.

Attack behavior analysis

By correlating and analyzing the real-time data streams collected by each probe, including network traffic, log security events, assets, configuration security information, intranet IP address segments, and other information-based rule-based, statistics-based, and asset-based associations are the adopted method, comprehensively analyzing security alarms, deepening security risks, and assessing the severity of security incidents.  

Analysis of historical data

By collating historical data such as attacks, breaches, and losses over different periods and making threat trend statistics, the host’s overall risk situation is comprehensively assessed.

Analysis of the security situation

It dynamically reflects the overall network security situation and predicts and warns the development trend of network security. Using characteristic methods such as massive storage, parallel computing, efficient queries and data analysis unique to big data technology, automatic analysis, processing, and deep extraction of operational data, log data and other asset information across the network are performed to analyzing and assessing the state of network security. , sensing unusual events and the overall network security situation and using the large screen to display the sensed information.

Visual analysis

It supports rich interactive visual methods of analysis and helps security analysts easily and quickly discover threats and risks that are hard to find through intuitive and interactive drill-down diagrams. It supports dozens of visual analysis methods, such as visual analysis of associative links, visual analysis of network behavior perspectives, visual analysis of events, visual analysis of behavior, and visual analysis of attack chains.

Protection from attack

Built-in perfect multi-level attack protection module based on attack detection technology to filter the traffic passing through the system, detect and block various known attacks in real-time: exploitation of system vulnerabilities, web application attacks, worm, trojan, etc. With LogSentinel, you can locate various network threats and traffic violating customer security policies and provide detailed and effective targeting measures to realize an integrated protection-detection-response solution.

Awareness of host network security behavior

The transmission identification part of comprehensive security attacks, suspicious intranet host identification engine, and abnormal network behavior identification engine is integrated into three technologies and based on the methodology of equal protection requirements and best management practices intranet security, provides intranet security transmission, Identifying potential and current security risks is an effective support platform for intranet security management.

Vulnerability monitoring and management

Taking precautions before hackers discover and solve problems is a very important security management measure that can effectively prevent hackers from intruding. The vulnerability management module can scan the database, operating system, applications, and weak encryption through the scanning engine, quickly catch the vulnerable points in the host, and reduce and alleviate the threats and losses caused by the vulnerabilities in the host. REQUEST DEMO

Prof. Nikolay Raychev is an expert in the field of software process improvement and software engineering technologies with two decades of experience as a software engineer, a software architect, a CIO, a CTO, a Director of Engineering, a professor, an author, and a consultant, focusing on software engineering issues.

Like this article? Share it with your network!