shutterstock_776833357.jpg

Bank Security Situational Awareness Solutions 

Baishan security platform utilizes behavior analysis and security incident management systems combined with machine learning and feature engineering to help banks reduce the risk of data leaks and business system attacks and to effectively respond to security issues such as slow investigations, information asset management, and more.

Industry Painpoints

Traditional Public Cloud Products Cannot Sufficiently Meet the Needs of Encrypted Traffic Attacks

Customer certificates need to be kept confidential.

Any changes to the existing architecture of serial security products are risky.

Traditional Rule Detections Cannot Defend Against Security Threats

Traditional rule detection security cannot defend against WAF bypass, credential stuffing, suspicious login, sales fraud, internal anomaly, and other unknown threats.

Offensive and Defensive Information are Inequivalent

There is no intelligence database for social engineering to prevent threats.

 

Lack of coherent across-board security defense mechanism.

Solution Benefits

Security Protection

Certificate -free CC Attack Detection and Protection

By analyzing access logs and judging CC attacks based on behavioral analysis, there is no need for traffic-packet decryption or credentials provided by banks.

high-performance caching servers
tiered-caching architecture

Data Leak Prevention

Using feature engineering and AI algorithms, the Baishan security platform can perform real-time identification of suspicious account behaviors such as credential stuffing, unusual login, batch registration, and brute-force cracking of intranet systems.

Baishan uses UEBA technology to detect abnormal access behaviors of both internal and external network business systems and databases through unusual behavior detection algorithms such as unusual logins, unauthorized operations, and more.

 

Baishan's security solution detects unusual access behavior from the intranet by monitoring the mutual calls between internal devices.

Unknown Threat Detection

By proactively analyzing access behavior patterns and access multi-source logs such as operating systems, databases, and various security devices, the Baishan security platform can provide security-event correlation analysis to help identify intrusions from unknown threats.

instant purging

Sales Fraud Detection

Baishan's security solution effectively identifies sales fraud such as deal hunters and click farms using analysis and identification of visit source, visit path, visit cycle, and other characteristics.

Security Equipment Linkage Defense Mechanism

Security equipment linkage defense mechanism works with the verification code system and WAF security equipment to perform threat interception

Threat Intelligence

Using the entire network IP address library, including street-level IP geographic information, IP historical behavior information, IP type, and other dimensions of IP information, banks can better evaluate and trace the source of threats.

Bank Operations and Maintenance Capabilities Are Enabled by:

Reporting and alerting to quickly respond to safety incidents.

 

Discovering a bank’s assets and providing asset security monitoring services including versions, port, reachability, asset behavior supervision, and more.

 

Enabling all types of threat processing logic.

 

Providing multi-dimensional security data visualization using large-screen displays.

Application Scenarios

Multiple Types of Application-Layer Traffic Attack

Serial security devices can only intercept non-encrypted protocol attacks targeting a bank’s application layer traffic over protocols such as HTTP and HTTPS.

Baishan’s ATD (Advanced Threat Detection) is based on privatized bypass deployment and analysis of logs without involving certificate issuing. However, it can analyze, identify, and intercept various application-layer traffic attacks based on feature engineering and UEBA technology, enabling banks to defend against application layer traffic attacks.

Comprehensive Analysis and Investigation of Security Incidents

Banks’ analyses and investigations of traditional security incidents are based on scattered security systems resulting in single-point processing. Baishan’s ATD can shorten the time investigation takes by correlating time and associating events. Through the linkage of security equipment, various interception modes can be triggered based on threats, enabling detection and resolution of security problems and reducing loss from threats more quickly.

Automated and Standardized Response to Security Incidents

Banks encounter alerts from different security devices. Processing these alerts can be time-consuming as they need to be ranked and sorted through analysis. By using security equipment, Baishan’s ATD can hierarchically process various types of alerts more quickly. Through programmable event management and security event correlation, processing can be standardized and automated, enabling banks to improve security operations and maintenance efficiency through security event scheduling.

Architecture