• Accutate detection of advanced threats
Compared with traditional security detection solutions,SkyEye system can quickly and accurately detect cyber threat attacks with high accuracy and low false positive rate.
• Rapid response to major security incidents
Based on the context of threat intelligence, Skyeye system can help security operators to detect, identify and respond to major security incidents, such as Eternal Blue, APT Incident, NotPetya, BlueKeep, Sodinokibi.
• Traceback and analysis of cyber attacks
SkyEye system is capable of restoring and storing the metadata of network traffic, which can help users to trace back the network attacks that have occurred, and analyze the attack path, infected surface, and information leakage.
• Compliance with upgraded requirements on cybersecurity
SkyEye system meets the upgraded cybersecurity requirements v2.0 for network attack detection and analysis, especially for new network attacks and APT attacks.
• Advanced threat detection
By using threat intelligence, file virtual execution, intelligent rule engine, machine learning, and other technologies,SkyEye system can detect and identify advanced network attacks and new types of network attacks, covering: APT attacks, ransomware, WEB attacks, Remote Access Trojans, botnets, stealing Trojans, spyware, network worms, mail phishing, and other advanced attacks. All these threats detected in the network can be clearly shown through visualization technology.
• Abnormal behavior detetion
Based on network traffic data, SkyEye system uses big data analysis and machine learning technology to build a detection model of network abnormal behavior. With multiple scenarios like built-in unconventional service analysis, login behavior analysis, email behavior analysis and data behavior analysis, SkyEye system detects and identifies new types of attacks and internal violations.
For each attack alarm, SkyEye system provides enterprise users with functions such as listing, counting, querying and investigating. SkyEye system supports analyzing alarms based on ATT&CK tags and the synergy between EDR linkage and firewall NDR linkage, helping security operators quickly identify and respond to alarm incidents.
• Attack traceback analysis
SkyEye system supports forensic analysis of full packet, and visual analytics for clues (Threat Hunting), which can present the completion process of an attack for enterprise users, and help users perform retrospective and in-depth analysis of network attacks.
• Leading APT detection and tracking capabilities
- QI-ANXIN Threat Intelligence Center is monitoring more than 40 domestic and foreign hacker organizations that launched APT attacks against government agencies, scientific research, large enterprises, and other organizations in China, dating back to 2007.
• Leading threat intelligence capabilities in China
Based on multi-dimensional, global data collection capabilities, cloud-based big data automated processing complemented with the top security research team's manual operations helps to provide users with accurate threat intelligence. Context-based intelligence helps users analyze, investigate, and respond to alerts in time.
Through linkage of terminal EDR, firewall NDR, and SOAR, SkyEye system helps users quickly locate infected hosts and malware, blocks threats promptly, improving the response and handling capabilities of network attacks.
• Computing and retrieval capabilities for massive data
SkyEye system innovatively uses search engine technology as the core technology for local data storage and retrieval , which can greatly improve retrieval performance, provide enterprises with fast search capabilities of terabyte-level of data, and provide solid technical support for local large-scale data retention, attack evidence retention and query, and real-time correlation analysis.
Successful application cases can be found in public security organizations, finance, government ministries, telecom operators,petroleum and petrochemical, power, education, medical and other industries.