Baishan’s new, next-generation SIEM (security information and event management) security product is based on UEBA-AI (user and entity behavior analytics) technology that can automatically identify deep levels of threats; build deep correlations; detect unusual behavior; identify unknown threats on the intranet and extranet. In addition to identifying and classifying behavior and threats, the product has powerful visual presentation and analytical capabilities.

Product Benefits

Smarter Protection with

UEBA Technology

Unusual behavior can be accurately identified using the Six Critical Eigenvalues Model (results, time, location, person/ID, scope, and action) without the need to set up each strategy manually.

AI algorithms enable the product to learn and evolve by itself, making the system smarter over time.

High Defense DNS

To support large numbers of concurrent requests, Baishan’s platform provides distributed DNS server clusters.  Baishan also provides free DNS resolution protection based on each user’s monthly profile.

Innovative SIEM Concepts

Baishan provides more comprehensive security protection, real-time data collection, and summary analysis, instantly enabling the identification of key threats. Security devices are integrated to effectively identify deep and unknown threats for more comprehensive protection.

Bypass Deployment Along with Software Definition for More Flexible Security

​By using Bypass mode, there is no impact on architecture and business. Further, the cloud-based model reduces bandwidth and performance limitations to enable rapid scalability.

Real-time Engine

The algorithm engine can identify unusual behavior based on real-time group comparison. Using user behavioral modeling, it can build a mathematical model that can generalize spatial features and perform a comparative analysis of the individual groups.

Deep-level Engine

Using an unsupervised learning algorithm and cluster feature amplification, multi-source, low-frequency gang behaviors can be identified. Long-term axis analysis is used to compare changes to normal behavior to detect threats.

Learning Engine

A probability model is calculated by learning the inherent rules of historical behavior data. An integrated-learning classification algorithm based on the probability model then analyzes and identifies unknown and unusual behaviors.

Actively Evolving Engine

Users are allowed to make a limited number of annotations to a semi-supervised learning algorithm. The algorithm then trains a small number of sample models through a convolutional neuron network, corrects the results of the original algorithm analysis, and improves the accuracy of the algorithm.

Product Features

Multi-engine, Full-data Threat Analysis

Web traffic data is collected in a distributed storage medium. The data is then analyzed by unsupervised, semi-supervised, and other algorithms to accurately identify unusual behaviors. The algorithms constantly evolve through self-learning, providing more accurate threat detection.

high-performance caching servers
tiered-caching architecture

Safety Orchestration, Automation, and Response (SOAR)

The system automatically analyzes the cause of failure when an event is triggered, linking multiple business systems, devices, and levels according to predetermined logic. The system also supports custom security events. 


Results based on the Six Critical Eigenvalues Model, along with behavior time, location, person/ID, scope, and action are used to generate behavior analyses of users and entities.

instant purging
intelligent network opitimization

Visualization Analysis

The comprehensive situation awareness is represented using the customized dashboard, configurable security reports, and multi-dimensional large-screen situation displays.

Global Threat Intelligence Center

Network intelligence is automatically integrated with IP addresses for accurate threat tracing analysis.

adaptive bitrate

Application Scenarios

Protection against Threats

UEBA combined with the machine learning engine, effectively identifies and defends against various internal and external threats, including multi-source low frequencies, botnets, credential stuffing, malicious registration, etc., to effectively improve the organization’s security level.

Data Preprocessing Real-time Analysis Modeling Association Analysis Display Threat Real-time Block SIEM@AI TM Intranet Log/Traffic Intranet Business Interference Extranet Business Security Extranet Log/Traffic Data Leak Application Business System Intranet Business System Network Device Network Device Middleware Middleware Security Device Security Device Demand Control Unusual Login Trojan Scan Counterfeit Order Tool Simulation Batch Registration Counterfeit Ranking Sales Fraud Brute-force Attack Privilege Escalation Detection Injection Attack Drag& Credential-Stuffing Hostile Crawler

Big Data Integration

The organization’s secure, multi-source, big data analysis platform effectively provides integration capabilities.

Network Device Application System Middleware Business System Security Device Threat Intelligence Comprehensive Log/Traffic Collection Security Event Correlation Analysis Process Automation Machine Learning Algorithm Engine Alert Priority Division Event Root- cause Analysis Security Defense Linkage Automated Disposal of Security Incidents SIEM@AI TM

Improving Security Operational Efficiency

Artificial intelligence technology is used to manage manpower and effectively improve operational efficiency and security.

Multi-dimensional Statistics Big Screen Data Visualization Customized Report Threat Sources Threat Type Threat Level Threat Characteristics Security Threat Data Real-time Monitoring Asset Risk Data Model Version Version Management Port Port Management Routing Relation Routing Exception Monitoring Business Model Server Exception Monitoring Intelligence Summary Intelligence Statistics Threat Intelligence Data IP Geolocation IP Profiles IP History Records Retrospective Pre-defense Unified Log Storage Format Log Data Log Convergence Origin Log Log Index Post-transaction Log Log Visualization Automatic Storage Expansion Event Choreography Event Data Alert Polymerization Alert Priority Other Security Device Alert Automatic Troubleshooting Security Incidents ATD Alert