Threat Intelligence Center
QI-ANXIN Threat Intelligence Center (QAXTIC) is a professional threat itelligence team belonging to QI-ANXIN network security. QAXTIC focuseds on developing key technologies of nework security with advanced big data. By organizing an excellent team of TOP experts all over the Asian-Pacific region, QAXTIC owns the complete and accurate capacity on threat itelligence analysis, and provides relevant service to organizations and enterprises on threat protection of network security. As one of the largest vendors on threat intelligence in China, QI-ANXIN engages in collecting and analyzing malware and other network data. From independent study, business cooperation, and open sources, QI-ANXIN has accumulated more than 1 trllion files, and years of pDNS data. At the same time, QI-ANXIN continually monitors APT groups on this planet and publishes analysis reports on APT activities (ti.qianx-in.com/blog/tag/APT/). So far, network security services from QI-ANXIN has covered majority of government sector and large-scale enterprises in China.Contact US
Massive Machine-readable Threat Intelligence (MRTI)
Indicator of Compromise (IOC)
By monitoring network infrastructure used by cyber attacker, QAXTIC could provide accurate IOCs, which helps enterprises to find out their compromised endpoints and block risk as soon as possible. Threat itelligence can educe Mean-Time-To-Detect (MTTD) significantly, which brings extra time to implement security measurements of containment, mitigation, and remediation. Furthermore, the actual loss can be controlled in a lower level.
Relying on rich sample resources in the cloud and various technical methods, QAXTIC can judge whether a file is malicious and provide more information like malware type and malware family. By searching for hash value and other indicators, subscribers could obtain results with rich context information, including indicator of compromise (IOC), to stimulate correlation and analysis.
QAXTIC provides details about IP addresses including their location, autonomous system number (ASN), owners type (e.g. enterprise gateway, carrier exit, individual user), malware attributes (e.g. DDoS, botnet, spam,brute force, and scanner), etc. According to a certain IP's malicious attributes, network administrator can block those IPs which has automated attack behaviors such as frequently scanning, credential stuffing attack, etc. By leveraging IP intelligence, network security staffs can classify existing security alarms and obtain more details on attackers.
ALPHA Threat Analysis Platform
A SaaS analysis tool provided for security engineers/analysts, can be used for confirming alarms, prioritizing events, acquiring context information of events, and tracing attackers.
QI-ANXIN Threat Intelligence Platform (QAXTIP)
This platform is an analysis tool, which helps enterprises use threat intelligence to improve their perception on big data of network security, and find out the real and critical threats from massive alert logs.
QAXTIP has an open products framework and a compatible performance to interoperate with other platforms,such as a SOC or a SIEM. lts strengths on data and functions are following: