Cloud + terminal scanning and killing mechanism is adopted to perform Virus & Trojan detection. The client is responsible for collecting process information and reporting it to the cloud control center for virus sample detection. If a process is judged malicious, users can isolate the file and take other measures. The cloud scanning and killing service integrates domestic and foreign mainstream virus scanning and killing engines, cloud sandbox and smart threat detection capabilities.
Local + cloud scanning and killing mechanism is adopted to perform Web Trojan detection. The client discovers webpage Trojans locally through a static detection engine, and reports suspicious programs to the cloud for judgment. The cloud web Trojan scanning and killing engines include: AI scanning and killing engine and web Trojan sandbox detection engine.
A rootkit is a kind of malware that hides itself in the computer operating system. The Host Security backdoor detection function provides security capabilities such as kernel-level rootkit detection and app-level rootkit detection.
It can detect suspicious actions entered on the user's command line, including: modifying password files, downloading malicious files, using proxy software improperly, tampering with system logs, tampering with ssh keys, running hacking tools, reverse shells, information leakage, high-risk commands, destroying security programs, and plaintext password login.
System file tampering is supported: It can detect whether Bash and ps command processes are maliciously replaced, hidden illegal processes are running, etc., and monitor user-defined file tampering.
The best practice of linux compliance baseline shows basic configuration which is mostly frequently used by public cloud tenants to users from aspects of file permission, service configuration, identity authentication, intrusion prevention and control as well as security audit, giving the visual understanding of operating system security configuration of Virtual Machines to tenants and preventing intrusion incidents due to configuration omissions.
The account password will be detected by the rules of the weak password dictionary that built-in the system. The weak password risk will be displayed through the cloud platform to remind the users to perform modification so as to avoid the system account to be cracked.
Linux vulnerability detection: Benchmarking against the CVE official vulnerability database, it uses the self-developed matching engine for software version comparison, and issues alerts if vulnerabilities existing in the currently used software version are detected. Support one-key Repair. Windows vulnerability detection: It updates patch sources synchronously with Microsoft's official website to detect and issue alerts for high-risk and influential vulnerabilities. Support one-key Repair.
Users can set the common login area, legal login IP, and legal login time. When the login address is not in the common login area, the login IP is not the legal IP, and the login time is not the legal time, an alarm record will be generated and reported to the cloud platform to remind the user of the risk of abnormal login.
By analyzing system logs, network packet protocols, and ports, it obtains the IP from which brute force cracking is conducted, and determines whether it meets the protection rules. If it meets the rules, it will intercept the attack and report to the cloud platform. Users can defined brute force cracking rules and brute force cracking success.
我们的产品专家为您找到最合适的产品/解决⽅案
1v1线上咨询获取售前专业咨询
专业产品顾问,随时随地沟通