Updated on 2023-06-13 GMT+08:00

Advantages

Abnormal IAM Behavior Detection with an AI Engine

MTD introduces an AI detection engine to work together with threat intelligence and detection policies. The AI detection engine uses an elastic profile model, unsupervised model, and supervised model to detect abnormal behaviors in seven high-risk scenarios of IAM, including risky passwords, credential leakage, token exploitation, abnormal delegation, remote logins, unknown threats, and brute-force cracking.

Industry-Leading Algorithm Architecture

Based on analysis on DNS domain name characteristics and BERT concept, MTD builds a three-channel CNN model. Compared with the traditional method of directly inputting domain names to the neural network, the three-channel CNN model can detect threats faster and more accurately.

Accurate Threat Identification with Multiple Models

In addition to threat intelligence and detection policies, MTD provides three types of algorithm capabilities based on the AI engine, including IAM anomaly detection, DNS Trojan horse detection, and DNS suspicious domain name detection. For different detection targets, seven AI models are trained using algorithms such as supervised or unsupervised deep neural network and Markov. A comprehensive detection system is built based on feature rules, distribution statistics, and externally input threat intelligence, effectively improving threat analysis efficiency and accuracy.

Blacklist/Whitelist Library

MTD can aggregate historical intelligence discovered by MTD or other services in plaintext format and allow you to define the threat detection scope by adding your custom whitelist. MTD ignores the activities of IP addresses in the whitelist and generates alerts for the activities of IP addresses in the intelligence library.

Aggregation with Other Services

  • MTD allows you to transfer detection results to an OBS bucket for long-term storage.
  • The threat detection results of MTD can be synchronized to Situation Awareness (SA) as an important input for the follow-up security analysis and operations.