Robin Shih, Product Director
The main reason ransomware can easily cause huge loss to many enterprises is that this kind of virus diffuses on its own. That is, it can spread across networks rapidly and attack those unprotected computers. Since there are numerous brands in the cyber security industry nowadays, theoretically, ransomware is supposed be solved easily. However, just like we need virus sample to make a vaccine, most equipment can find a solution only after it encounters attacks, and that is too late for defending ransomware. Thus, few has succeeded in real-time detection as well as blocking right after attacks happen, and the damage is often very serious.
N-Partner is a software developer in Taiwan and focuses on big data collection, effective process, and data analysis. With intelligent auto-learning algorithm, we can use the collected Flow data, like NetFlow or sFlow, to build a baseline. This way, when abnormal traffic shows up, the source device and IP will be found out in real time, and users can isolate them. The whole process is done by AI, and there is no need for manual threshold settings.
Since 12th May, 2017, the notorious virus, Wannacry, has thrived in the cyberspace. Our product, N-Reporter/N-Cloud, detected on the very same day that there was abnormal Flow bursting in lots if users’ environments by Flow analyzing. We did not know what kind of attack that was nor its name but was quite sure which computers had been invaded and were doing malicious diffusion. Our products also have port scanning function in IT management; as a result, besides sending alerts, we are able to locate those computers and IP addresses. Users can do collaborative defense with the switches and firewalls in the networks to block them and control the damage. This is the best example about how Flow analysis helps improve cyber security, and what's even better is that this solution can be built on a low budget.
Other than Flow mentioned above, N-Partner also applies the intelligent analysis function in log data. Here, we take DNS log as an example. DDoS attacks are still rampant around the world, and companies working on security has proposed cleaning to solve them. Nevertheless, there is no significant effect, because people usually do not have enough time to deal with them after being under an attack. We have done deep research about DDoS attacks against website services, and it turns out there are abnormal increase of DNS domain queries right before an attack. With intelligent analysis, we build a baseline for DNS domain query and do realtime comparison. Hence, we can provide early DDoS warning, and our users will have time deploying the defense system to defend their network.