Sales Growth 1-how to talk to the director of the Security Department about products

Security direction:

Corai was founded in 2003 and has been only engaged in network analysis products for more than a decade. In the past few years, he mainly engaged in the domestic market and began to enter the domestic market in.

The earliest was the packet capture software. If there is any problem, you can take the packet capture tool to capture the package and see how the package went and whether there were packet loss.

Now we are mainly working on the hardware platform, that is, the kicloai network backtracking analysis system currently under test.

This product supports packet capture for a long time, with a maximum processing capacity of 6-7 GB. This includes real-time collection and analysis. The new version will win 10 Gbps next year.

It can be said that it is currently the only product in China that can compete with major vendors such as Sniffer and Fluke, and it is completely unavailable for foreign products, the security direction may be better than they do.

This product has the following features:

1. First, we can understand it as a camera that captures all the monitoring data. Once a network problem occurs, we can trace and obtain evidence at any time.

In addition, it supports flexible and convenient retrieval methods. For example, if an IP address is faulty, you can quickly retrieve the recent data of this IP address (several minutes, days. You can trace traffic at any time. For example, if you want to view the data of last night, you can simply select some time to trace back.

2. security problems can be detected through early warnings of some network behaviors

For example, if a simple packet sending and receiving exception occurs, a host sends a large number of data packets, but receives a small number of data packets, especially when many TCP synchronization packets are sent, it must be a problem.

In addition, the discovery of some worms, especially the isolated Intranet, may not have obvious attacks. However, large-scale worms often occur, resulting in slow or paralyzed networks.

Because the worm detection mainly uses feature fields for diagnosis, the detection methods tend to lag behind when such variants change rapidly.

Behavior analysis can easily detect such problems. No matter what the worm is, its mechanism is nothing more than infection, scan the host, try to establish a connection, and try to log on and infect the host after the connection is established.

These behaviors often result in abnormal size/package ratio of infected hosts, exception in sending and receiving packets, and large number of communication hosts.

In addition, some latent hosts are especially concealed, and may send only a small amount of data each day, or even initiate a connection only once a few days. This security risk is hard to be detected by common means.

In fact, you can trace back the device to perform long-term detection, which may detect such security risks. Previously, XX users found a trojan lurking for several years, but sent one or two connections every night to transmit several K of data. Such behavior cannot be distinguished in the face of a large amount of traffic.

However, if the behavior of this host is analyzed according to the trend of 40 days, it is possible to determine.

3. Detect Trojan attacks through some domain names, feature values, etc.

Because we work with some security agencies to provide emergency support for a long time and accumulate malicious domain names, these can be built into the system.

The advantage of IDs and IPS is that it is not only a simple alarm, but also a secondary analysis for the alarm, which cannot be replaced by other products. After an alert is detected, you can extract the traffic from related sessions, applications, or IP addresses for a long-term analysis.

We are all using IDs and IPS, and we are all aware of the effects, such as massive alarms, false positives, and false negatives. There are many cases. If you are interested, let's talk more.

In addition, we provide a large open platform where users can import their own libraries.

4. Data Packet forensics and Emergency Response

Classified protection, security incidents, and case studies

Emergency assurance cases, successful customers, etc.

5. Business Performance and network fault direction

Optional.

This article is from the "Dragon Chuan Ren" blog, please be sure to keep this source http://596699244.blog.51cto.com/378357/1569039

Sales Growth 1-how to talk to the director of the Security Department about products