The Hillstone user behavior abnormal detection engine monitors and learns the normal behavior of server or host machines in the protected internal network. It extracts behavioral features to render a mathematical model, uses this normal behavioral model to detect any abnormal activities of any host machines.
For example, an internal host machine which is potentially compromised sends out a large amount of SMTP packets, exceeding the threshold of the normal SMTP activity in the learned model. It is possible that a hacker has gained unauthorized access of the email server and is using it to send out large amounts of SPAM emails, which can result in the loss of data and/or a server crash.
Please view the Hillstone Intelligence Firewall /Hillstone Server Breach Detection to know more detail or contact Nessar Vietnam.