UTS

Unified Threat Sensor

NSFOCUS Unified Threat Sensor (UTS) is an all-traffic threat detection sensor applicable to all industries. It integrates years of security research and threat detection capabilities.

The UTS uses rule engines, virtual sandbox, threat intelligence, machine learning and other technologies, featuring extensive identification, accurate detection and interconnection. It can detect and analyze advanced threats in different scenarios and trace back security incidents.

UTS FEATURES

UTS COMPETENCES

Precise detection with multiple engines

In addition to built-in intrusion detection, web detection and other traditional rule detection engines, it also has multiple advanced threat detection engines, such as threat intelligence, dynamic sandbox, phishing email detection, DGA domain name detection, hidden tunnel detection, etc., to accurately discover C&C communication, mining, ransomware, and Advanced Persistent Threats (APTs).

Encrypted traffic inspection to identify encrypted threats

Aiming at mirror traffic in the out-of-the-path mode, NSFOCUS UTS applies machine learning algorithms, provides a practical encrypted traffic detection and identification solution to detect encrypted traffic without decryption through data processing, feature engineering, model training, intelligence fusion and other methods. With the characteristics of high precision and high performance, it supports multiple application scenarios at the same time, and can accurately identify encrypted proxy tools such as Tor, shadowsocks, and v2ray, as well as encrypted WebShell tools such as Ice Scorpion/Behinder, Godzilla, and AntSword.

Dynamic file monitoring to discover unknown threats

Based on the virtual execution technology that does not rely on known attack features, NSFOCUS UTS can detect zero-day vulnerabilitie and malware that cannot be detected by traditional signature detection engines. It has detection capabilities at the operating system level and memory instruction level analysis to discover various attacks and evasion behaviors.

Monitor sensitive data and discover data break risks

NSFOCU UTS prevents data leakage and meets data compliance requirements by monitoring protocols, files, and databases in traffic to discover transmission of sensitive data such as corporate and private information. It supports API identification, API asset management, API risk identification, etc., real-time detection of threats or abnormal behaviors targeting APIs, and timely discovery and mitigation of security risks.

5GC SECURITY

The UTS is a vital part of the 5GC security solution. When the UTS is connected to the 5G core network, it can identify protocols of the 5GC signaling plane and management plane, detect 5GC threats, including authentication attack detection, signaling storm detection, and UE anomaly detection, and support dynamic tuning of the detection cycle and detection thresholds in algorithms. The UTS provides in-depth analysis of 5G protocols, including:

• NAS (N1)
• NGAP (N2)
• PFCP (N4)
• HTTP2 (N5, N7, N8, N10, N11, N12, N14, N15, N20, N21, N22, N24, N28, N40)
• GTPv2 (N26)

Working with NSFOCUS Intelligent Security Operation Platform (ISOP) and global threat intelligence, a complete 5GC security solution is formed. This solution provides all-traffic detection, analysis, threat response, and threat traceback. Users can get comprehensive situation awareness from a single dashboard and the reporting system, and get alerts immediately when any threat is discovered.

5GC security solution can be deeply integrated with users’ 5G networks to make network security status visible, meet compliance requirements, and improve the entire 5G network security posture comprehensively.

SEE HOW OUR SOLUTIONS PROTECT YOUR CUSTOMERS AND YOUR INFRASTRUCTURE