By using threat intelligence, file virtual execution, intelligent rule engine, machine learning,and othertechnologies, SkyEye system can detect and identify advanced network attacks and new types of network attacks, covering: APT attacks, ransomware, WEB attacks, Remote Access Trojans, botnets, stealing Trojans, spyware, network worms, mail phishing, and other advanced attacks.All these threats detected in the network can be clearlyshown through visualization technology.
Based on network traffic data, SkyEye system uses big data analysis and machine learning technology to build a detection model of network abnormal behavior. With multiple scenarios like built-in unconventional service analysis, login behavior analysis, email behavior analysis and data behavior analysis, SkyEye system detects and identifies new types of attacks and internal violations.
Foreach attack alarm, SkyEye system provides enterprise users with functions such as listing, counting, querying and investigating. SkyEye system supports analyzing alarms based on ATT&CK tags and the synergy between terminal EDR linkage and firewall NDR linkage, helping security operators quickly identify and respond to alarm incidents.
SkyEye system supports forensic analysis of full packet, and visual analytics for clues (Threat Hunting),which can present the completion process of an attack for enterprise users, and help users perform retrospective and in-depth analysis of network attacks.
QAX Threat Intelligence Center is monitoring more than 40 domestic and foreign hacker organizations that launched APT attacks against government agencies, scientific research, large enterprises, and other organizations in China, dating back to 2007.
2.Leading threat intelligence capabilities in China
Based on multi-dimensional, global data collection capabilities,cloud-based big data automated processing complemented with the top security research teams manual operations helps to provide users with accurate threat intelligence. Context-based intelligence helps users analyze, investigate, and respond to alerts in time.
3.Strong synergy
Through linkage of terminal EDR, firewall NDR, and SOAR, SkyEye system helps users quickly locate infected hosts and malware, blocks threats promptly, improving the response and handling capabilities of network attacks.
4.Computing and retrieval capabilities for massive data
SkyEye system innovatively uses search engine technology as the core technology for local data storage and retrieval, which can greatly improve retrieval performance, provide enterprises with fast search capabilities of terabyte-level of data, and provide solid technical support for local large-scale data retention, attack evidence retention and query, and real-time correlation analysis.
5.Rich industry cases
SkyEye system has served for morethan 1000 customers across all provinces in China.Successful application cases can be found in public security organizations, finance, government ministries, telecom operators, petroleum and petrochemical, power,education, medical and other industries, helping customers identify and respond to more than 100 APT attacks.During the periods of 19th National Congress of the Communist Party of China, the Belt and Road Summit and the Two Sessions, as well as the offensive and defensive drills, on-site safety experts monitored the attack behavior more than 300,000 times through SkyEye system, discovered thousands of exploits, and effectively assisted users to strengthen and protect hundreds of servers according to the attack information, receiving more than 100 letters of thanks from users.
Based on multi-dimensional, global data collection capabilities,cloud-based big data automated processing complemented with the top security research teams manual operations helps to provide users with accurate threat intelligence. Context-based intelligence helps users analyze, investigate, and respond to alerts in time.
Through linkage of terminal EDR, firewall NDR, and SOAR, SkyEye system helps users quickly locate infected hosts and malware, blocks threats promptly, improving the response and handling capabilities of network attacks.
SkyEye system innovatively uses search engine technology as the core technology for local data storage and retrieval, which can greatly improve retrieval performance, provide enterprises with fast search capabilities of terabyte-level of data, and provide solid technical support for local large-scale data retention, attack evidence retention and query, and real-time correlation analysis.
SkyEye system has served for morethan 1000 customers across all provinces in China.Successful application cases can be found in public security organizations, finance, government ministries, telecom operators, petroleum and petrochemical, power,education, medical and other industries, helping customers identify and respond to more than 100 APT attacks.During the periods of 19th National Congress of the Communist Party of China, the Belt and Road Summit and the Two Sessions, as well as the offensive and defensive drills, on-site safety experts monitored the attack behavior more than 300,000 times through SkyEye system, discovered thousands of exploits, and effectively assisted users to strengthen and protect hundreds of servers according to the attack information, receiving more than 100 letters of thanks from users.