With the steady advancement of digital transformation, all walks of life are facing more severe security challenges while enjoying the dividends of digital transformation. Cyber threats have gradually evolved from simple individual performances to organized cyber crimes and advanced cyber attacks supported by intelligence. Traditional “passive” and “single” defense products have been exhausted.
Recently, the government and enterprise security group under 360 (601360.SH, hereinafter referred to as “360”), relying on the leading security capabilities of 360 security brain in security big data, artificial intelligence analysis, attack source tracing, etc., launched 360 new generation terminal detection Response System (hereinafter referred to as “360 EDR”). Based on the practical service experience of SaaS version of EDR accumulated over the past ten years, 360 EDR supplements the traditional terminal security products’ defense against advanced threats by continuously monitoring terminal activity behavior, detecting security risks, deeply investigating threat risks, and providing remedial response methods. Insufficient, it can compress the attacker’s attack time in the fight against advanced threats, reduce the possibility that the advanced threats will eventually achieve their goals, and obtain a faster and more efficient defense effect.
Three Product Advantages Efficiently Respond to Cyber Threats
In 2013, Gartner first proposed the concept of endpoint threat detection and response, which is considered as a future-oriented endpoint security solution. Unlike traditional signature detection or heuristic technology, EDR improves detection technology to a new level by observing behavior. level. For many consecutive years, EDR has been listed as one of the top ten technologies by Gartner.
Since the 360 terminal security product released the cloud main defense system in 2011, after more than ten years of offensive and defensive combat with various Trojans and APT families, it has continued to polish the malicious behavior detection and response capabilities of the terminal, and has accumulated comprehensive and detailed terminal behavior detection technology. Created an industry benchmark in terms of product performance. Since the beginning of this year, it has intercepted 360,000 phishing attacks, 12 million botnet attacks, 380,000 web page vulnerability attacks, tens of thousands of ransomware attack IPs, and tens of millions of server weak password scans, etc., which has become an important tool for solving digital security problems. .
The 360 EDR released this time is a new generation of terminal security products driven by threat intelligence. It adopts a complete terminal security monitoring solution and has three major product advantages: accurate detection, rapid source traceability, and efficient operation and maintenance.
Precise detection:
360 EDR provides real-time threat big data logs and alarms from terminals, integrates machine learning technology, fits user business scenarios, continuously optimizes behavior detection and response models, continuously improves monitoring capabilities and accuracy, and quickly discovers and responds to security risks encountered by enterprises ;
Quick traceability:
360 EDR core detection center analyzes massive multi-heterogeneous data through various detection and analysis technologies, ensuring comprehensive visibility and rapid source traceability of various threats;
Efficient operation and maintenance:
360 EDR synchronization supports manual and timed triggering of automated processes to improve the efficiency of security threat disposal. Combined with data analysis, chart analysis, etc., it can comprehensively present a visual host threat attack link graph, helping users to implement risky hosts in complex networks. Second-level positioning, greatly reducing operation and maintenance costs.
Turn passive into active and keen to “sniff” advanced threats
From the “Stuxnet” virus to the “Powergate Incident” in Ukraine, from the “Prism Gate” to the “Eternal Blue” incident, as well as the “Manling Flower”, “Sea Lotus” and “Sapphire Mushroom” APT attacks against my country etc., which fully shows that most advanced network attacks will use undisclosed vulnerabilities on the operating system to achieve blasting against various terminal devices through long-term latent, continuous penetration, and more concealed attack methods. Traditional terminal security protection software based on existing experience or known characteristics for passive defense often faces failure in the face of zero-day vulnerability attacks.
In order to reduce unknown advanced threat attacks such as countries, cities, industries, enterprises and institutions, 360 EDR has built a comprehensive advanced threat protection barrier that integrates “advanced attack discovery, lateral penetration protection, fileless attack protection, and software hijacking protection”.
Among them, in terms of advanced attack discovery, 360 EDR integrates situational awareness and source traceability analysis, and proactively discovers APT advanced persistent attack behaviors with fine-grained dynamic behavior identification, and comprehensively responds to unknown network threats; in terms of lateral penetration protection, 360 EDR has ” “Horizontal penetration” protection function, through six major defense measures, including remote service creation, remote scheduled task creation, remote registry tampering, remote WMI command execution, remote COM component invocation, and remote system tool process startup, before network attacks penetrate into the intranet 360 EDR deploys a number of security blocking strategies, establishes an in-depth protection system, blocks malicious code injection into memory in real time, and builds a fileless network for users before network attacks. The “separation wall” of threat protection; in terms of software hijacking protection, 360 EDR has multi-layered defense barriers, which can sense threat attacks at the first time, from passive defense to active defense, to achieve all-round, all-weather protection of cyberspace.
360 security brain empowerment boosts threat location and traceability
The comprehensive threat detection, analysis and traceability capabilities of 360 EDR are inseparable from the continuous empowerment of secure big data, threat intelligence and expert services provided by 360 Cloud Security Brain. Based on 16 years of actual combat experience, 360 has accumulated security big data with a total storage volume exceeding 2EB, as well as the world’s unique actual combat attack and defense sample database. The total number of sample files has reached 30 billion, and it has cultivated the world’s top network attack and defense expert team.
Under this, 360 EDR can use the behavioral characteristics and environmental characteristics of popular APTs to conduct in-depth correlation analysis and manual hunting investigation of real-time behavioral data, and can accurately locate and trace various network threats. Up to now, it has helped 360 capture 46 national-level hackers abroad, and monitored more than 3,600 attacks involving more than 20,000 attack targets.
Under the wave of digital transformation, security issues have escalated into complex security challenges such as big data security, cloud security, IoT security, new terminal security, network communication security, supply chain security, and application security. EDR, with its unique advantages, has become the main means to solve terminal security pain points. As a leader in digital security, 360 Government and Enterprise Security Group launched a new generation of terminal detection and response system this time, which will establish a security capability for countries, cities, industries, and enterprises to better meet business needs and efficiently respond to advanced cyber threats. The comprehensive defense level of my country’s cyberspace.
The Links: BSM100GT120DN2 MG75Q2YS43
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.