Module Introduction

SiCAP-Traffic Analysis, by collecting, storing and analyzing the full volume of network traffic and combining with SiCAP's other functional modules, identifies abnormal access behaviors based on retrospective analysis of packet characteristics, abnormal access behaviors, abnormal network behaviors and correlation analysis, and identifies vulnerabilities, Trojan horses, APT attacks, and other known and unknown security threat behaviors, and is equipped with multi-dimensional data analysis and in-depth mining capabilities, providing End-to-end visual analysis capability of full traffic behavior and performance, helping users focus on the real security risks from massive data, effectively reducing the impact of risks, and helping users establish a visual, controllable, performance-optimized adaptive network security architecture.

Feature Introduction

• Full Traffic Acquisition and Parsing

  Supports real-time collection of traffic from various data sources such as network packets and Netflow stream data; Support thousands of network protocols such as TCP/IP, HTTP, ICMP, SSL and other network protocol recognition and real-time decoding, network metadata can be extracted for analysis.
• Full traffic Traceability and Statistics

  Provide complete records of original full-flow data, which can realize complete attack traceability, forensic analysis, and provide real and reliable evidence basis when defining responsibility; Support real-time statistics and analysis of full traffic data, visualization of traffic size, packet loss rate, retransmission rate, network delay, link blocking and other network quality conditions.
• Flow Forecasts

  Based on historical traffic data, it forms a traffic baseline, predicts traffic trends, and alerts abnormal events for situations exceeding the predicted trend, while intelligent algorithms can be used to perform multi-dimensional principal cause analysis to analyze the cause of the abnormality.
• Abnormal Traffic Analysis and Alerts

  Abnormal access behavior analysis, which can analyze network access behavior, output session-level metrics, and compare behavioral baselines to discover abnormal access behavior; Threatening analysis, which can analyze traffic behavior characteristics as well as network metrics in depth and compare them with abnormal behavior models to discover threatening behaviors in the network in a timely manner; Correlation analysis, which can be correlated with all kinds of security events on SiCAP platform to assist in locating the root cause and reducing the scope of influence. Risk alerts, supporting client, email, SMS, and WeChat alerts to ensure timely response to abnormal events.。
• Threatening analysis, which can analyze traffic behavior characteristics as well as network metrics in depth and compare them with abnormal behavior models to discover threatening behaviors in the network in a timely manner;。
  Correlation analysis, which can be correlated with all kinds of security events on SiCAP platform to assist in locating the root cause and reducing the scope of influence.
  Risk alerts, supporting client, email, SMS, and WeChat alerts to ensure timely response to abnormal events.
• Traffic Application and Visualization

  Based on the traffic data, it can be used for a wide range of applications, including: forming network traffic topology, auto-discovery of IT assets, auto-discovery of asset protocols, and so on. Visualization display, multi-dimensional data with all kinds of icon styles for rich and diverse visualization, convenient for data analysis.