TIP

QAX TIP is a product for enterprise users, which provides localized deployment, enables intelligence use, and facilitates users to efficiently use intelligence to discover threat products.

Introduction

The Threat Intelligence Platform (TIP) is a product for enterprise users, which provides localized deployment, enables intelligence use, and facilitates users to efficiently use intelligence to discover threat products. TIP enables enterprises to easily use threat intelligence to enhance their own detection, response, and prevention capabilities in security construction, so as to accurately, comprehensively, and timely discover threats. It realize rapid characterization and diagnosis of events, and is able to connect with users' local security devices to achieve integrated management, and prevent attacks in earlier phases. Deploying a threat intelligence platform is critical in active defense, and it is the best way for enterprises to improve their security operations.


●  Localized Threat Intelligence Center

Through indicator of compromise, file reputation, IP reputation, vulnerability intelligence, APT intelligence, security advisories and other types of highly accurate, high-quality massive intelligence data, it helps enterprises to establish their own threat intelligence center, which can be connected with their own 4A system to realize easy access for administrators and branch operators, it also assist security analysts to triage threats and response to it.

●  Uses Vulnerability to Anticipate Threats

With in-depth analysis and evaluation, the platform provides comprehensive vulnerability intelligence based on potential risks. It also provides API service, subscription of intelligence, to help organizations build its own vulnerability data, prioritize risks, and understand the threats and its impact.

●  Email Threat Detection

To provide localized and automatic mail batch detection service for enterprises, TIP integrates the OWL and RAS engines developed by QAX, through signatures and rules to conduct in-depth detection. It has the ability to detect malicious email and its attachment.

●  Multi-source Intelligence Aggregation

Enterprises can access third-party intelligence, integrate and manage IOC intelligence, file reputation, IP reputation, advanced intelligence, open source intelligence, customized intelligence, self-produced intelligence and other business intelligence; including standardized and non-standardized intelligence formats for intelligence sharing and use.

●  Threat Triage for Efficient Decision-making

Platform provides multi-source intelligence, and multi-dimensional security alerts, including tactical intelligence, strategic intelligence and advanced human-read intelligence; giving rich insights to managers for better security decision-making.

●  STIX Intelligence Sharing

It support STIX format for third-party access. The content covers full aspect of threat information with flexibility, extensibility, automation and interpretability, to achieve seamless integration in different of security scenarios.

Features

●  Vulnerability Intelligence

The platform provides timely and accurate vulnerability matching functions, quickly locate critical vulnerabilities, and advice on feasible solutions to eliminate the threats.

●  APT Archive

Platform enables easy look up of APT group information, including tactics, techniques and procedures, background, as well as relation graph, etc.

●  Email Attack Detection

Platform enable batch automatic detection of local mails, integrates OWL and RAS engines, and helps enterprises to comprehensively detect internal attack mails, phishing mails and APT mail attacks, making it more powerful in EXP attack prevention compared with traditional email gateway.

●  Platform Integration

It can be integrated with SOC, SIEM, SPLUNK and other platforms, through Restful API to achieve high-performance detection, and enhance security capacity.

●  Cloud-based Intelligence

Enrich localized intelligence through cloud based database, and it can be upgraded through internet connection.

Values

●  Mailbox service for attack and defense detection

It provides batch automatic local mail detection service for enterprises. It integrates OWL and RAS efficient engine technology, which can quickly detect if it is a malicious mail or there are threats in attachments, etc. It enhances the user's ability to detect malicious content in attachments.

●  Building Endogenous Intelligence Capability

Cloud data is sunk to the user's local environment and is linked with the user's security products. The platform not only provides multi-dimensional intelligence sharing, but also realizes multi-source intelligence access and integration. Based on standard STIX intelligence, it empowers users' third-party equipment and carries out product linkage processing, building an integrated endogenous intelligence management system.

●  Efficient and accurate response analysis

Based on advanced machine learning technology, automated multi-level correlation, and deep mining of information, it provides users with efficient and accurate intelligence response capabilities, quickly queries the full amount of IOC, and carry out qualitative analysis of false positives and attacks, and obtains rich context information related to malware families and attack groups.

●  Massive Data Support Services

Relying on strong sample collection capability and leading network data in China, it includes APT intelligence from hundreds of intelligence sources and multiple security research teams. It has rich data sources such as behavior sample database, domain name information database, survival website database and vulnerability intelligence database.