Product introduction
- Based on machine learning algorithms, Fire Cloud XDR security operation platform provides powerful host defense capabilities in kernel mode through agent. Following the conception of "promoting defense through attack", we build an adaptive security defense system that includes prevention in advance, detection and response in process, and research and analysis afterwards. Through security expansion, we will quickly build a security operation platform to help manage the security operations of enterprise.
Product advantages
Expanding security capability and building enterprise operation hub rapidly
Enable integration and linkage with third-party security products through providing third-party security product integration plugins. Integrate with cloud honeypot "Huanzhen" of MoreSec thoroughly, manage with plugins, and enable the deception defense system rapidly. Provide third-party device syslog access capability configurable on page, which can adapt to all security products without additional development, building enterprise SOC, and perceive the overall security posture of the enterprise in real-time.
Non-destructive vulnerability detection engine to help identify high-risk vulnerabilities timely
Collect the asset port service application information actively in real time through the bidirectional linkage between the vulnerability scanning engine and the agent, which help eliminate over 90% of passive scanning requests and enable precise POC detection. Detect asset vulnerability risk around the clock and build a classified security vulnerability detection system based on system application patches, operation and maintenance risks, high-risk vulnerabilities, and emergency detection to help enterprises discover high-risk vulnerabilities timely.
Active defense system and autonomous learning process, file, and network whitelisting policy
Create the customized whitelist list for host process lists, file change behaviors, and network exfiltration behaviors through creating learning policies. Enable the process, file and network exfiltration micro-isolation configuration to defend the unknown threats actively.
Discovering unknown assets from attackers perspective
Discover digital assets on the exposure surface of the enterprise from attacker’s perspective, and verify the risk status of the exposed assets through vulnerability detection capabilities. Provide comprehensive and accurate asset exposure risk reports to help enterprise security operators mitigate asset exposure risks rapidly.
Self-developed machine learning engine and AI-driven security operation
Create a threat detection model independently that conforms to domestic characteristics based on the massive threat data provided by SaaS. Enable the linkage between terminals and third-party security devices, and associate terminal asset processes, files, and network behavior through alert information automatically. Conduct effectiveness detection of alert information to improve the accuracy of alerts. Filter invalid alerts Intelligently to improve the efficiency of security operation.
AI blue army simulation attacks to normalize security drills
Following the conception of "promoting defense through attack", Fire Cloud AI blue army robot simulates APT attacks in actual business environment, and the infection process of blackmail virus and mining Trojan horse in network, to build a visualized attack chain, test the effectiveness of defense means, and improve the host security protection capability.
Product features
- Asset management
- Security precautions
- Detection and response
- AI blue army
- Security expansion
- Research and analysis
- Conduct the asset information inventory through multi-dimensions such as agent reporting, cloud API synchronization, threat intelligence center synchronization, domain name query, IP trace, etc. Manage the terminal assets from Omniscient point of view combining with asset business attributes, associated responsible persons, security risks synchronization.
