Updated on 2022-08-11 GMT+08:00

Application Scenarios

Checking Logs of Global Services

MTD collects logs from IAM, DNS, CTS, OBS, and VPC and uses an AI engine, threat intelligence, and detection policies to continuously detect potential threats, malicious activities, and unauthorized behaviors, such as brute-force cracking, penetration attacks, and mining attacks. You can view alarms on a graphical dashboard.

Identifying Distributed Brute-force Attacks

MTD uses an AI engine for detection, improving the detection efficiency and accuracy and being capable of detecting potential threats, which takes the lead in the industry.

The AI detection engine can detect IAM anomalies to protect your accounts. The AI detection engine uses an elastic profile model, unsupervised model, and supervised model to detect abnormal behaviors in seven high-risk scenarios of IAM, including risky passwords, credential leakage, token exploitation, abnormal delegation, remote logins, unknown threats, and brute-force cracking. Therefore, MTD can detect distributed brute-force attacks even if they occur with low frequency.

Detecting Botnets and Trojans

Based on the BERT model, MTD divides DNS into three channels (Bigram, Segment, and Position) and constructs a three-channel CNN model to detect scanning behavior and mining behavior. The model can effectively detect the Linux.Ngioweb botnet, SystemdMiner Trojans, WatchBog Trojans, and Bad Rabbit ransomware.

Data Aggregation

Third-party threat intelligence in STIX/CSV format and IP address whitelists can be imported into OBS and asynchronously synchronized to MTD. MTD then preferentially detects the IP addresses and domain names in the list library, and identifies activities related to the IP addresses and domain names in the imported intelligence or ignores activities related to the IP addresses or domain names in the imported whitelists, reducing the detection response time and service running load. In addition, detection results can be uploaded to OBS for long-term storage.