Grandhoo
Theory and AwardsProducts and Solutions Cases NewsSupportAbout

English

简体中文

Current Issues

In the actual network operation and maintenance of a large central enterprise network information security department, due to the existing variety of network security devices such as WAF, IPS, SIP, Tianye, Tianqing, etc., can only detect single devices and cannot be predicted by multi-device data fusion, resulting in many network security events that cannot be prevented in advance and are found after the completion of the attack. At the same time, the current network early warning is mainly judged by the handwritten rules of the limited business personnel of the department. Due to the delayed updating of the rules and the limitations of manual experience, the wrong report is often missed, and the error rate is as high as 65%. The main challenges are as follows

Lack of data fusion and analysis ability of multi-machine equipment.
It is difficult to detect complex network security attacks in complex network security log data.
Relying on manual handwriting rules for judgment and early warning has high cost and low accuracy.

Solution and Effect

By analyzing the historical network security log data, an unsupervised machine learning model is trained, and then the validity judgment is carried out by connecting with the real-time network security logs of customers to improve the accuracy of the validity judgment. The system constructs time sequence graph data about attack behavior through historical security log data. The hidden relationship and abnormal relationship between entities can be deeply mined, and the characteristics of real attack behavior can be inferred from the data efficiently, flexibly and intelligently.

It mainly relies on manual handwriting rules for validity judgment and early warning, and the early warning error rate is as high as 65%

Only simple network attacks can be detected using the log data of a single network security device

Through the combination of automatic rule discovery and machine learning, automatic rule discovery is used for judgment and early warning, and the judgment accuracy is increased by 60%

Multi-computer network security device data fusion composition analysis, can find complex network attacks

Achievements

The accuracy rate of attack effectiveness determination reached 75.43%, significantly exceeding the industry average.

A total of 5000+ effective network threat attack events are automatically discovered, and the work efficiency of customers in network threat discovery and determination is increased by more than 50%.