Features

Intrusion threats

: Virus Webshell

Cloud + terminal scanning and killing mechanism is adopted to perform Virus & Trojan detection. The client is responsible for collecting process information and reporting it to the cloud control center for virus sample detection. If a process is judged malicious, users can isolate the file and take other measures. The cloud scanning and killing service integrates domestic and foreign mainstream virus scanning and killing engines, cloud sandbox and smart threat detection capabilities.

Web Trojan

Local + cloud scanning and killing mechanism is adopted to perform Web Trojan detection. The client discovers webpage Trojans locally through a static detection engine, and reports suspicious programs to the cloud for judgment. The cloud web Trojan scanning and killing engines include: AI scanning and killing engine and web Trojan sandbox detection engine.

System backdoor detection

A rootkit is a kind of malware that hides itself in the computer operating system. The Host Security backdoor detection function provides security capabilities such as kernel-level rootkit detection and app-level rootkit detection.

Suspicious action

It can detect suspicious actions entered on the user's command line, including: modifying password files, downloading malicious files, using proxy software improperly, tampering with system logs, tampering with ssh keys, running hacking tools, reverse shells, information leakage, high-risk commands, destroying security programs, and plaintext password login.

Sensitive file tampering

System file tampering is supported: It can detect whether Bash and ps command processes are maliciously replaced, hidden illegal processes are running, etc., and monitor user-defined file tampering.

Risk discovery

Compliance Baseline

The best practice of linux compliance baseline shows basic configuration which is mostly frequently used by public cloud tenants to users from aspects of file permission, service configuration, identity authentication, intrusion prevention and control as well as security audit, giving the visual understanding of operating system security configuration of Virtual Machines to tenants and preventing intrusion incidents due to configuration omissions.

Account risk

The account password will be detected by the rules of the weak password dictionary that built-in the system. The weak password risk will be displayed through the cloud platform to remind the users to perform modification so as to avoid the system account to be cracked.

Machine Vulnerability

Linux vulnerability detection: Benchmarking against the CVE official vulnerability database, it uses the self-developed matching engine for software version comparison, and issues alerts if vulnerabilities existing in the currently used software version are detected. Support one-key Repair. Windows vulnerability detection: It updates patch sources synchronously with Microsoft's official website to detect and issue alerts for high-risk and influential vulnerabilities. Support one-key Repair.

Abnormal login

Users can set the common login area, legal login IP, and legal login time. When the login address is not in the common login area, the login IP is not the legal IP, and the login time is not the legal time, an alarm record will be generated and reported to the cloud platform to remind the user of the risk of abnormal login.

Brute Force Crack

By analyzing system logs, network packet protocols, and ports, it obtains the IP from which brute force cracking is conducted, and determines whether it meets the protection rules. If it meets the rules, it will intercept the attack and report to the cloud platform. Users can defined brute force cracking rules and brute force cracking success.