Baishan Canvas integrates behavior analysis and security incident management systems with machine learning and trait detection to help banks reduce the risk of data leaks and attacks to business systems, effectively optimizing issues such as slow investigations, information asset management, and more.
Traditional Public Cloud Products Cannot Sufficiently Meet the Needs of Encrypted Traffic Attacks
With the rapid development of official web portals, credit card centers, online banking, and mobile banking, the demands of protection for encrypted traffic for banks is growing, the certificates and data cannot afford to be leaked, and changes to the existing architecture of current security products come with great risks.
Traditional Rule Detections Cannot Defend Against Security Threats
Traditional rule detection security cannot defend WAF bypassing, credential stuffing, suspicious login, spamming, internal anomaly, and other unknown threats.
The Security Threats Information Is Not up to Date, Resulting in Great Difficulties in Systematic Defense for the Operations
Banks lack an intelligence database for social engineering to help with detection and prevention when deploying systematic defenses. They also lack linkage in the execution of security defenses strategies.
• Analyzing access logs to determine CC attacks based on behavioral analysis, without requiring the bank to provide decrypting traffic packets or certificates.
• Identifying real-time account abnormal behaviors based on trait detection and AI algorithms, such as credential stuffing, abnormal login, bulk registration, intranet system brute force attacking;
• Identifying injection and XSS attacks based on trait detection and using UEBA technology to identify abnormal access behaviors through behavior detection.
Providing Timely Alerts of Unknown Attack Threats Through a Variety of Precision Algorithms
• Helping banks determine unknown threat intrusion and identify deal-hunting, order-flushing, and other sales fraud through unknown threat detection and fraud detection.
• Intercepting threats through the security linkage defense system and WAF security.
• Helping banks better identify and trace threats through the network IP address library, including IP information such as street-level IP geolocation, IP historical behavior information, and IP category.
Improving Operation Capabilities Through Visualized Security Alert Display
Fast response to security incidents based on real-time alerts and facilitate security data reporting. Asset discovery helps banks discover all the assets that provide services to implement security monitoring of assets, including version, port, accessibility, asset behavior monitoring, etc. Various types of threat management logic are achieved through coding, and the portal display visualizes multi-dimensional security data.
Multiple Types of Application-Layer Traffic Attacks
Serial security devices can only intercept non-encrypted protocol attacks targeting a bank’s application layer traffic over protocols such as HTTP and HTTPS.
Baishan’s ATD (Advanced Threat Detection) is based on privatized bypass deployment and analysis of logs without needing the certificate to analyze encrypted protocol attacks. It can analyze, identify, and intercept various application-layer traffic attacks based on trait detection and UEBA technology, enabling banks to defend themselves against various application-layer traffic attacks.
Comprehensive Analysis and Investigation of Banking Security Incidents
Banks’ analyses and investigations of traditional security incidents are based on scattered security systems resulting in single-point processing. Baishan’s ATD can shorten the investigation time by correlating time and associating events. Through the linkage between security devices, various types of interception modes can be triggered based on threats, enabling detection and resolution of security risks and minimizing loss from threats more quickly.
Automated and Standardized Response to Banking Security Incidents
Banks encounter alerts from different security devices. Processing these alerts can be time-consuming as they need to be ranked and sorted through analysis. By accessing and connecting security devices, Baishan’s ATD can hierarchically process various types of alerts more quickly. Through programmable event management and security event correlation, processing can be standardized and automated, enabling banks to improve security operations and maintenance efficiency through security event scheduling.
Bypassing deployment architecture that does not affect current business services.