Byzoro develops a network-wide, flexible and attack-resistant virus protection system for the backbone network from the view of "active defense". Compared with the passive virus response technique, in the active response technique, a defense wall will be formed before the up-to-date malicious software occurs, so as to make preparations to cope with the threat and avoid the loss caused by the threat.
Functions and Characteristics
Intrusion Protection with Common Hole Interception Technique
Defining the common features of these holes in advance by using the common hole research technique. The malicious software must have a specific shape if it intends to utilize these holes. The shape can be detected in advance and be interrupted to prevent the installation of malicious software on the user terminal. Therefore, it is not necessary to capture the sample of the virus and give a response hurriedly.
Application Program Control Technology
Monitoring the behaviors of each program in the system in real time by control of application program behavior. Once a behavior the same as the scheduled malicious behavior occurs, it will be interrupted immediately.
Prospective Threat Scanning
Prospective threat scanning is a heuristic technique that detects the potential threat based on the behavior of the process run by the analysis system. Both the normal behavior and bad behavior of the application program will be recorded to provide more accurate threat detection, so misinformation can be reduced obviously. The prospective threat scanning enables enterprises to detect unknown threats that any feature-based technique cannot detect.
Terminal System Strengthening
Managing the patch upgrading and system configuration strategies of enterprise network terminal in a centralized manner, defining terminal patch downloading, patch upgrading strategies and terminal system security enhancement configuration strategies, and distributing these strategies to the agent on each terminal device. Then, the agents will execute these strategies to ensure patch upgrading and security configuration of the terminal system to be complete and effective. The entire management process is completed automatically and is totally transparent to the end users. This reduces end users' troubles and security risk in the enterprise network, increases the management efficiency and effectiveness in overall patch upgrading and security configuration of the enterprise network, and patch and security configuration management strategies for the enterprise network can be implemented effectively.
At present, the main security events with influence on the telecom operators mainly behave as:
1. Network-wide worm and virus
2. Denial of service attack in the entire network
3. Intrusion to supporting network and OA network
4. Failure of software and hardware devices, that resulting in major system disasters
Byzoro backbone network virus protection system can perform comprehensive traffic monitoring to high-speed network of 1G to 16G. By analyzing various abnormalities in the backbone network level, a security event response mechanism may be established from after the event to before the event, from passive to active, from early warning to guarantee, before various security events burst out. This is helpful for users to establish a normal traffic model so that they can detect network traffic abnormality in the first place and analyze its causes so as to give timely and accurate traffic abnormality alarm and security response. Also, it helps users to study and detect the occurrence and development rules of network attack and worm virus, and estimate possible effects and scope so as to study corresponding prevention measures.
1. Creating a comprehensive intrusion detection and hole scanning system, detecting security issues in time, and establishing early warning and emergency measures.
Byzoro backbone network virus protection system can perform unified management of intrusion detection and hole scanning system. By combining the geographic information to show the location state of the intrusion event and utilizing the relationship between intrusion and holes, it gives a risk analysis result between intrusion threat and asset vulnerability so as to effectively manage the security event, handle it and give a response in time.
2. Security management requires a technical management platform --- Security Monitoring Platform
Byzoro backbone network virus protection system adopts integration management to the security system by building a security monitoring platform. Through informationization of main security management works by using the techniques of normalization, coalescence, filtering, correlation analysis, linkage and visualization, it provides technical means for overall security management, thus improving the security management and maintenance level, optimizing the process of security work, providing technical means for judging security event causes, shortening the response time and handling time in security event, assuring secure and efficient operation of the service network, supporting network, service system and the entire information system, and effectively supporting the increase of customer service level.