Support Request

Unified Threat Sensor

Words may lie but traffic will always tell you the truth.

UTS

Unified Threat Sensor

NSFOCUS Unified Threat Sensor (UTS) is an all-traffic threat detection sensor applicable to all industries. It integrates years of security research and threat detection capabilities.

The UTS uses rule engines, virtual sandbox, threat intelligence, machine learning and other technologies, featuring extensive identification, accurate detection and interconnection. It can detect and analyze advanced threats in different scenarios and trace back security incidents.

  • Equipped with multiple detection engines to improve APT threat discovery capabilities
  • Encrypted traffic identification to find the “blind spots” of security detection
  • All traffic is retained to help realize threat forensics and responsibility determination
  • Seamless connection with third-party platforms to reduce construction costs

UTS FEATURES

Accurate Detection of Advanced Threats

With built-in multiple detection engines including intrusion detection, web security detection, encrypted traffic detection, malicious file detection, dynamic sandbox, 5G threat detection, abnormal behavior detection, threat intelligence, etc., NSFOCUS UTS can accurately discover advanced threats in different scenarios.

Traceback and Forensics in Time

NSFOCUS UTS has comprehensive threat traceback and forensics capabilities. In addition to storing full traffic and alarm logs, it also supports session-based full traffic storage and malicious traffic storage. Through logs and original PCAPs, it can locate attack events and collect threat evidence in a timely manner.

Flexible Liaison with Third-Party Platforms

NSFOCUS UTS can flexibly integrate with log plug-ins and mainstream interface protocols on the market to enhance users’ all traffic detection and analysis capabilities.

UTS COMPETENCES

Precise detection with multiple engines

In addition to built-in intrusion detection, web detection and other traditional rule detection engines, it also has multiple advanced threat detection engines, such as threat intelligence, dynamic sandbox, phishing email detection, DGA domain name detection, hidden tunnel detection, etc., to accurately discover C&C communication, mining, ransomware, and Advanced Persistent Threats (APTs).

Dynamic file monitoring to discover unknown threats

Based on the virtual execution technology that does not rely on known attack features, NSFOCUS UTS can detect zero-day vulnerabilitie and malware that cannot be detected by traditional signature detection engines. It has detection capabilities at the operating system level and memory instruction level analysis to discover various attacks and evasion behaviors.

Encrypted traffic inspection to identify encrypted threats

Aiming at mirror traffic, NSFOCUS UTS applies machine learning algorithms, provides a practical encrypted traffic and identification solution to detect encrypted traffic without decryption. It supports multiple application scenarios at the same time, and can accurately identify encrypted proxy tools such as Tor, shadowsocks, and v2ray, as well as encrypted WebShell tools such as Ice Scorpion/Behinder, Godzilla, and AntSword.

Monitor sensitive data and discover data break risks

NSFOCU UTS prevents data leakage and meets data compliance requirements by monitoring protocols, files, and databases in traffic to discover transmission of sensitive data such as corporate and private information. It supports API identification, API asset management, API risk identification, etc., real-time detection of threats or abnormal behaviors targeting APIs, and timely discovery and mitigation of security risks.

5GC SECURITY

The UTS is a vital part of the 5GC security solution. When the UTS is connected to the 5G core network, it can identify protocols of the 5GC signaling plane and management plane, detect 5GC threats, including authentication attack detection, signaling storm detection, and UE anomaly detection, and support dynamic tuning of the detection cycle and detection thresholds in algorithms. The UTS provides in-depth analysis of 5G protocols, including:

  • NAS (N1)
  • NGAP (N2)
  • PFCP (N4)
  • HTTP2 (N5, N7, N8, N10, N11, N12, N14, N15, N20, N21, N22, N24, N28, N40)
  • GTPv2 (N26)

Working with NSFOCUS Intelligent Security Operation Platform (ISOP) and global threat intelligence, a complete 5GC security solution is formed. This solution provides all-traffic detection, analysis, threat response, and threat traceback. Users can get comprehensive situation awareness from a single dashboard and the reporting system, and get alerts immediately when any threat is discovered.

 

5GC security solution can be deeply integrated with users’ 5G networks to make network security status visible, meet compliance requirements, and improve the entire 5G network security posture comprehensively.

Instagram Twitter Linkedin Facebook Youtube
Support Request