Bringing the Power of AI to the Firewall.
T-Series intelligent next-generation firewalls are capable of detecting unknown malware and abnormal behavior. With a rich forensic analysis and preemptive mitigation capabilities, T-Series is ideal as a front line next-generation firewall. The T Series also supports Deep Packet Inspection (DPI), next generation application control and Quality of Service (QoS). The system delivers exceptional performance in a small form factor with low power requirements.
Hillstone’s T-Series intelligent Next-Generation Firewall (iNGFW) uses three key technologies to detect advanced attacks and provide continuous threat defense for today’s networks. First, it uses statistical clustering to detect unknown malware, leveraging the patented Hillstone Advanced Threat Detection engine (ATD). Second, it uses behavioral analytics to detect anomalous network behavior, which is based on the Hillstone Abnormal Behavior Detection engine (ABD). Finally, it leverages the Hillstone threat correlation analysis engine to correlate threat events detected by disparate engines – including ATD, ABD, Sandbox and other traditional signature-based threat detection technologies – along with context information to identify advanced threats.
Unknown Malware Detection
Hillstone has built a proprietary engine that has analyzed close to a million “known” malware samples. Each sample has been classified and characterized based on multiple dimensions that describe its actions, assets and attributes. In a production environment, when new malware is encountered, it is also analyzed, characterized and classified. Then it is compared to the database of known malware samples that have already been analyzed. The closer the unknown sample matches a known sample – the higher the confidence level that it is a variant of a known malware sample. This process is called “statistical clustering” and provides an accurate method for identifying new malware.
Abnormal Behavior Detection
Hillstone’s Abnormal Behavior engine continuously monitors the network to learn what normal network traffic looks like for that particular day, time, and month; providing alerts when network activity exceeds calculated thresholds. It uses a 50+ dimensional array to calculate normal network traffic from layer L4-L7, called “behavior modeling.” In addition, it has been trained with real hacking tools to ensure that it will readily recognize malicious activity. These techniques limit false positives and provide the user with multiple opportunities to stop an attack.
Rich Forensic Analysis
Hillstone delivers a new way of visualizing and analyzing attacks. Every action taken by a potentially malicious code is automatically linked to steps within the “Kill Chain.” It is complemented with rich forensic information that enables the security analyst to determine the origin of the attack, the severity of the attack, and the methodology employed. Hillstone also provides packet capture files, which, when combined with syslog and traffic logs, provide the administrator with a wealth of ancillary information. In addition, user data such as websites visited, applications used, and the risk level of the applications, bring the exploits into sharp focus. Most importantly, Hillstone identifies the exact firewall policy that allowed the attacker to get through the firewall.
In addition to the ability to make a policy change to prevent an attack, Hillstone has built-in several automatic mitigation features. These features consist of pre-defined templates that automatically slow-down or block an attack if suspicious behavior is detected. The administrator can modify the templates to limit the bandwidth or the number of sessions available to the attacker. He can also adjust the constraints he places on network resources based on the type of attack and the severity level. In cases where the attack is critical and the confidence level is high, mitigation can include a complete blockage of all network resources. And, if a template does not exist or is not active, the administrator can quickly set up a temporary mitigation for that event.
- Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks
- Multi-dimension correlation rules, automatic daily update from the cloud
- Behavior-based advanced malware detection
- Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Overflow etc.
- Real-time, online, malware behavior model database update
- Manual, automatic push or pull signature updates
- Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
- Compressed file virus scanning
- Abnormal protocol attack defense
- Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense
- ARP attack defense
- Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor nodes, breached hosts, and brute force attacks
- Logging, dropping packets, or blocking for different types of risky IP traffic
- Regular IP reputation signature database upgrade
- Weighted hashing, weighted least-connection, and weighted round-robin
- Session protection, session persistence and session status monitoring
- Server health check, session monitoring and session protection
- Ransomware–Detection and Prevention via Hillstone’s Intelligent Next-Generation Firewall
- Hillstone iNGFW White Paper: Threat Correlations on Hillstone intelligent Next-Generation Firewall Connecting the Dots
- Hillstone Networks intelligent Next-Generation Firewall: Detecting Post-Breach Threats Using the Cyber Kill Chain
- Hillstone iNGFW White Paper: A Hybrid Approach to Detect Malicious Web Crawlers
- Hillstone iNGFW White Paper: Intelligence Driven Defense
- Hillstone iNGFW White Paper: Advanced Security Correlation Analytics
- Prevent Data Breaches with Analytics and Network Intelligence
- Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Configuration and Operation Analysis using Packet Route Inspection
- Hillstone Next-Generation Firewall Whitepaper: Enhanced Intelligent QoS
- Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis
- Hillstone Networks Strengthens Security for Macao Water Supply Against Growing Cyberthreats
- The Ministry of Labor in San Salvador Safeguards Citizens and Operations with Hillstone Networks
- Hillstone Networks Secures the Network for Purmerendse Schools Group (PSG) with High Performance Intelligent Next Gen Firewalls
- Energy Company Achieved 99.99 Percent Network Availability with Hillstone’s Solution
- University of Cordoba Secures Its Campus Data Center with Hillstone intelligent NGFW