T-series

Hillstone T-Series Intelligent Next-Generation Firewalls

Not Just a Next Generation Firewall. This device continually monitors your network for any breach so that your organisation doesn’t become one of the statistics.

 

Key features

  • Application Identification and control
  • User Identification and Control
  • Bandwidth Control
  • Internet Control, Web and URL filtering
  • Threat Correlation Analytics with incredibly simple reporting. A certainty level percentage helps you decide if there is a chance of false positives. The intention is to reduce the normal frustration of reports and logs.
    For a Sample Report, please click HERE.
  • Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks
  • Multi-dimension correlation rules, automatic daily update from the cloud
  • Kill Chain mapping which helps you determine how far a threat has advanced.
  • Sandbox featuring NSS labs best performing Lastline Sandbox.

CHECK OUT THE T-SERIES RANGE HERE

 

Next Generation firewall download

Product Description

 

Hillstone’s T-Series intelligent Next-Generation Firewall (iNGFW) uses three key technologies to detect advanced attacks and provide continuous threat defense for today’s networks. First, it uses statistical clustering to detect unknown malware, leveraging the patented Hillstone Advanced Threat Detection engine (ATD). Second, it uses behavioral analytics to detect anomalous network behavior, which is based on the Hillstone Abnormal Behavior Detection engine (ABD). Finally, it leverages the Hillstone threat correlation analysis engine to correlate threat events detected by disparate engines – including ATD, ABD, Sandbox and other traditional signature-based threat detection technologies – along with context information to identify advanced threats.

 

Unknown Malware Detection

Hillstone has built a proprietary engine that has analyzed close to a million “known” malware samples. Each sample has been classified and characterized based on multiple dimensions that describe its actions, assets and attributes. In a production environment, when new malware is encountered, it is also analyzed, characterized and classified. Then it is compared to the database of known malware samples that have already been analyzed. The closer the unknown sample matches a known sample – the higher the confidence level that it is a variant of a known malware sample. This process is called “statistical clustering” and provides an accurate method for identifying new malware.

 

 

Abnormal Behavior Detection

Hillstone’s Abnormal Behavior engine continuously monitors the network to learn what normal network traffic looks like for that particular day, time, and month; providing alerts when network activity exceeds calculated thresholds. It uses a 50+ dimensional array to calculate normal network traffic from layer L4-L7, called “behavior modeling.” In addition, it has been trained with real hacking tools to ensure that it will readily recognize malicious activity. These techniques limit false positives and provide the user with multiple opportunities to stop an attack.

 

 

Rich Forensic Analysis

Hillstone delivers a new way of visualizing and analyzing attacks. Every action taken by a potentially malicious code is automatically linked to steps within the “Kill Chain.” It is complemented with rich forensic information that enables the security analyst to determine the origin of the attack, the severity of the attack, and the methodology employed. Hillstone also provides packet capture files, which, when combined with syslog and traffic logs, provide the administrator with a wealth of ancillary information. In addition, user data such as websites visited, applications used, and the risk level of the applications, bring the exploits into sharp focus. Most importantly, Hillstone identifies the exact firewall policy that allowed the attacker to get through the firewall.

 

 

Preemptive Mitigation

In addition to the ability to make a policy change to prevent an attack, Hillstone has built-in several automatic mitigation features. These features consist of pre-defined templates that automatically slow-down or block an attack if suspicious behavior is detected. The administrator can modify the templates to limit the bandwidth or the number of sessions available to the attacker. He can also adjust the constraints he places on network resources based on the type of attack and the severity level. In cases where the attack is critical and the confidence level is high, mitigation can include a complete blockage of all network resources. And, if a template does not exist or is not active, the administrator can quickly set up a temporary mitigation for that event