NG-SIEM is Baishan’s next-generation security information and event management platform based on UEBA-AI (user and entity behavior analytics) technology. It can accurately identify internal and external network abnormal behavior through real-time analysis of traffic logs and deeply correlating events data to continuously monitor network security situations and improve security operations efficiency.
With the help of AI algorithms, 99.9% of the threats can be accurately identified.
More Comprehensive Security Protection
Security devices are integrated for real-time data collection and summary analysis to effectively identify deep and unknown threats for more comprehensive protection.
Responding in milliseconds to instantly locate threat events, issue alerts, and trace the threats.
More Flexible Deployment
Bypass deployment can avoid device compatibility issues with zero impact on network architecture and business processes.
Faster Capacity Expansion
Cloud-based software eliminates bandwidth and performance limitations to allow capacity expansion in case of sudden business surges.
Four-Engine, Full-Data Threat Analysis
Web traffic data is collected in a distributed storage medium. With real-time engines, depth engines, learning engines, and active evolution engines, AI algorithms continue to learn, train, and optimize themselves to provide more accurate threat detection.
Safety Orchestration, Automation, and Response (SOAR)
The system supports custom security events, automates cause analysis, handles failures with a fixed process and provides integrated management to accelerate the response time of threat incidents.
User and Entity Behavior Analysis (UEBA)
Building models of logs and security information based on the Six Critical Eigenvalues Model (behavior-time, location, person/ID, scope, action, and results) to build a security baseline for user behavior. Identifying abnormal users through continuous behavioral analysis to perceive unknown threats.
The comprehensive situation awareness is represented using the customized dashboard, configurable security reports, and multi-dimensional large-screen situation displays.
Global Threat Intelligence Center
Integrating network intelligence with IP addresses, street-level positioning display, full black/white/gray lists, and real-time information updates for accurate threat tracing analysis.
Corporate Intranet Security Protection
Collecting and analyzing corporate logs and all traffic, monitoring user and entity behavior and issuing alerts on abnormal risks based on the user's perspective. Combining intelligence on threats to effectively protect against data leakage, network scanning, Trojan virus and other attacks.
Identifying Security Risks
Accurately identifying risks such as crawlers, click farming, credential stuffing, low-frequency behavior and gang behavior based on in-stream big data and machine learning algorithms. Effectively monitoring threats against apps to ensure corporate business security.
Online Office Security
By interconnecting VPN logs/traffic and other data, helping organizations comb through digital assets to identify possible security problems for telecommuters such as account sharing abuse, two-factor SMS bombing, VPN malware dial-in and other security threats.
Deep Security Defense
Supporting privatized, bypass deployment models. Using machine learning algorithms and user and entity behavior analysis (UEBA) to eliminate the dependence on and limitations of artificial rules and discover security threats that have occurred but not been identified.