Enterprises are constantly assaulted by malware, ransomware, botnets and other forms of attack that can easily circumvent traditional firewalls and legacy Intrusion Prevention Systems. Most modern attacks are content-based, making even the most sophisticated detection mechanisms inadequate at finding the bad hiding among the good.
The NSFOCUS Threat Analysis System (TAS) provides advanced multi-stage AI analysis for detection and mitigation of tomorrow’s and beyond unknown and zero-day advanced persistent threats (APTs).
Threat Analysis Engine
Stops content-based and zero-day attacks cold. By employing IP reputation with threat intelligence, anti-virus with millions of entries, a static analysis engine and an execution sandbox, enterprises are protected against a wide variety of modern threats.
Key Features
The Threat Analysis Engine provides a rich set of active protection technologies including:
- File processing which rebuilds and parses file content detected over HTTP, FTP, SMTP, POP3 and IMAP protocols.
- Dynamic Detection by virtual execution allowing for dynamic behavior detection independent of static signature-based techniques, providing accurate detection of 0-day attacks and previously unknown malware.
- Threat Visualization Provides multiple views for threat information: locations, users, and assets
- Virus Detection against rebuilt files to protect against known malware.
- Static Detection of shellcode.
- Full Integration with Threat Intelligence allowing the reputation of the data source to be evaluated for potential risk, command & control behavior, or previous malware relationships.
- Tight Integration with the NSFOCUS Next Generation Intrusion Prevention System (NIPS) so that detected attacks can be mitigated.
- Extensive Reporting and Logging allows for easy understanding of your threat situation including the latest threat events, 24-hour threat trends and daily, weekly, monthly or annual reporting options.
