Functions

AI-Powered Threat Detection

MTD introduces an AI detection engine to work together with threat intelligence and detection policies. The AI detection engine uses an elastic profile model, unsupervised model, and supervised model to detect seven high-risk scenarios of IAM, including risky passwords, credential leakage, token exploitation, abnormal delegation, remote logins, unknown threats, and brute-force cracking. It can detect abnormal behaviors using algorithms such as SVM, random forest, and neural network.

The AI detection engine keeps the model learning the real data, ensures repeated verification and manual review of the model, and accurately formulates the pre-filtering and post-processing logic. Based on the prior knowledge, the model produces zero false positives. In addition, the models are continuously optimized by retraining with detection results for a certain period of time and periodically updating dependency files, improving the model alarm accuracy.

Real-time Detection and Quick Risk Elimination

MTD obtains logs of IAM, DNS, CTS, OBS, and VPC in real time for continuous detection. MTD notifies you of detected threats once a threat is discovered, enabling you to respond to and handle the threats in a timely manner. This reduces response time and minimizes your loss.

Rating Threat Alarms by Severity

MTD grades the alarms by severity levels, including critical, high, medium, low, and informational. This helps you determine how serious an alarm is and what response you should take to minimize threat impacts.

Library Management Policy

You can upload or add intelligence or whitelist to an OBS bucket and asynchronously synchronize them to MTD. Then, MTD preferentially uses the synchronized library to detect threats, detecting new threats in a timely manner and ignoring activities from whitelisted IP addresses or domain names. This reduces the detection response time and service loads.