Continued Enhancements in Threat Detection Capabilities

Server Breach Detection System (sBDS) from Hillstone Network is an effective cyber defense tool to detect threat attacks and protect critical servers and other assets inside the corporate intranet. It integrates a suite of threat detection engines that uses traditional security techniques including NGFW, IPS, IDS, AntiVirus as well as behavioral analysis based anomaly detection tools. It also uses data science based malware analysis driven by Artificial Intelligence and machine learning techniques for the most robust protection.

In order for our solutions to be even more effective and powerful in helping customers uncover and defend potential threat attacks to their corporate networks, we continuously invest to improve threat detection accuracy and reduce false positives. Other important elements are to provide comprehensive visibility and a flexible, easy to manage user interface (iCenter) so that security admins can have a clear understanding of the details on the threat events and alerts. This also helps them customize and make adjustments in the threat detection rules that best fit specific deployment scenarios and needs. The sBDS version 2.9, released recently, contains enhanced capabilities to detect intranet threats with more in-depth analysis and customization.

Here are the highlights of some of the major features:

  • In-depth Traceability for Better Host Protection: Enhanced threat detection capability on the host side through in-depth analysis of host logs, including detecting Windows(tm) remote desktop brute force attacks, suspicious file creations, malicious PowerShell processes and Windows(tm) user control bypasses.
  • Customizable Abnormal Behavior Detection Rules: Supports customizable abnormal behavior detection options and thresholds, enhancing detection accuracy as well as accommodating individual users’ specific needs.
  • Threat Tags for Better Understanding Threat Types: Provides threat tags such as Eternal Blue, Ransomware, Botnet, etc. instead of CVEID or professional names, so that users can easily understand the type of threats on each server and host.

Looking forward, more and more core capabilities will be continuously added to enable sBDS to become an increasingly more effective and powerful tool in assisting security admins and professionals. It will help them detect and defend against sophisticated, multi-staged, post-breach threat attacks inside their corporate intranets.