Unified Threat Sensor


NSFOCUS Unified Threat Sensor (UTS) is an all-traffic threat detection sensor applicable to all industries. It integrates years of security research and threat detection capabilities.


The UTS uses rule engines, virtual sandbox, threat intelligence, machine learning and other technologies, featuring extensive identification, accurate detection and interconnection. It can detect and analyze advanced threats in different scenarios and trace back security incidents.

Customer Value


Equipped with multiple detection engines to improve APT threat discovery capabilities

Encrypted traffic identification to find the “blind spots” of security detection

All traffic is retained to help realize threat forensics and responsibility determination

Seamless connection with third-party platforms to reduce construction costs


Accurate Detection of Advanced Threats


  • With built-in multiple detection engines including intrusion detection, web security detection, encrypted traffic detection, malicious file detection, dynamic sandbox, 5G threat detection, abnormal behavior detection, threat intelligence, etc., NSFOCUS UTS can accurately discover advanced threats in different scenarios.
Traceback and Forensics in Time


  • NSFOCUS UTS has comprehensive threat traceback and forensics capabilities. In addition to storing full traffic and alarm logs, it also supports session-based full traffic storage and malicious traffic storage. Through logs and original PCAPs, it can locate attack events and collect threat evidence in a timely manner.
Flexible Liaison with Third-Party Platforms


  • NSFOCUS UTS can flexibly integrate with log plug-ins and mainstream interface protocols on the market to enhance users’ all traffic detection and analysis capabilities.


Precise detection with multiple engines


In addition to built-in intrusion detection, web detection and other traditional rule detection engines, it also has multiple advanced threat detection engines, such as threat intelligence, dynamic sandbox, phishing email detection, DGA domain name detection, hidden tunnel detection, etc., to accurately discover C&C communication, mining, ransomware, and Advanced Persistent Threats (APTs).


Encrypted traffic inspection to identify encrypted threats


Aiming at mirror traffic in the out-of-the-path mode, NSFOCUS UTS applies machine learning algorithms, provides a practical encrypted traffic detection and identification solution to detect encrypted traffic without decryption through data processing, feature engineering, model training, intelligence fusion and other methods. With the characteristics of high precision and high performance, it supports multiple application scenarios at the same time, and can accurately identify encrypted proxy tools such as Tor, shadowsocks, and v2ray, as well as encrypted WebShell tools such as Ice Scorpion/Behinder, Godzilla, and AntSword.


Dynamic file monitoring to discover unknown threats


Based on the virtual execution technology that does not rely on known attack features, NSFOCUS UTS can detect zero-day vulnerabilitie and malware that cannot be detected by traditional signature detection engines. It has detection capabilities at the operating system level and memory instruction level analysis to discover various attacks and evasion behaviors.


Monitor sensitive data and discover data break risks


NSFOCU UTS prevents data leakage and meets data compliance requirements by monitoring protocols, files, and databases in traffic to discover transmission of sensitive data such as corporate and private information. It supports API identification, API asset management, API risk identification, etc., real-time detection of threats or abnormal behaviors targeting APIs, and timely discovery and mitigation of security risks.


The UTS is a vital part of the 5GC security solution. When the UTS is connected to the 5G core network, it can identify protocols of the 5GC signaling plane and management plane, detect 5GC threats, including authentication attack detection, signaling storm detection, and UE anomaly detection, and support dynamic tuning of the detection cycle and detection thresholds in algorithms. The UTS provides in-depth analysis of 5G protocols, including:


  • NAS (N1)
  • NGAP (N2)
  • PFCP (N4)
  • HTTP2 (N5, N7, N8, N10, N11, N12, N14, N15, N20, N21, N22, N24, N28, N40)
  • GTPv2 (N26)


Working with NSFOCUS Intelligent Security Operation Platform (ISOP) and global threat intelligence, a complete 5GC security solution is formed. This solution provides all-traffic detection, analysis, threat response, and threat traceback. Users can get comprehensive situation awareness from a single dashboard and the reporting system, and get alerts immediately when any threat is discovered.


5GC security solution can be deeply integrated with users’ 5G networks to make network security status visible, meet compliance requirements, and improve the entire 5G network security posture comprehensively.