Select Page

May 17, 2015

Combining the Best-Of-Breed in Threat Defense


The tactics used by today’s advanced threat creators have evolved from isolated, random, single type of attacks to more organized, targeted and sophisticated attacks, aiming to achieve greater financial benefits as well as to cause significant political and personal damage to those that are hacked.

The ways to combat these attacks have also changed over the years from traditional policy-based network layer firewalls to next-generation signature-based, application level firewalls, which has greater visibility and fine-grained controls.

Signature-based threat detection has been one of the more effective tools used to defend various threats, but it also has its limitations. On the one hand, sophisticated hackers can develop evasion techniques to avoid being detected. On the other hand, newly created malware that has yet to have a signature cannot be detected; for example, zero day attacks.

One of the emerging technologies in the security industry to combat advanced malware attacks and their variants uses network behavior and data analysis collected on targeted host machines.

Behavior-based threat defense studies and profiles the normal activities on the host machines and notifies you of any deviations. This can be effective to detect attacks such as APT or zero day attacks in which the new malware is created based on some variations of existing, known malware families.

Behavior-based threat defense systems consist of the following building blocks:

  • Continuous data monitoring and collection
  • Host profiling constructions and modeling
  • Threat data analysis algorithms
  • Threat intelligence visibility

To today’s security vendors and solution providers, customers demand accurate and early detection as well as rich threat intelligence and visibility, and effective mitigation controls. Mid-sized enterprises with budgets in mind especially want the device with all-in-one threat defense capabilities. Hillstone’s intelligent Next Generation Firewall (i-NGFW) provides unique advantages by combining traditional, signature-based threat detections such as IDS/IPS/AV and the intelligent, behavior-based threat detection on one single platform (T-Series). It then presents the network administrator and security researchers deep insight of a threat attack and its threat intelligence information such as forensic data and threat attack progressive phases, among other details. It combines the best-of-breed, threat defense technologies on a single platform and positions Hillstone as the industry leader in today’s ever changing threat attack and defense battle field.