AiLPHA Big Data Intelligent Security Platform

Intelligent | Situation awareness | Convergence | Big data analysis

AiLPHA Big Data Intelligent Security Platform

AiLPHA Big Data Intelligent Security Platform (AiLPHA) is an innovative and intelligent cybersecurity product developed by the R&D team under the leadership of DBAPP Chief Scientist Liu Bo, aiming to solve the increasingly complex and hidden security threats that traditional security device cannot address. With the core concept of "AI-driven security", AiLPHA has built diversified security modules such as an integrated ultra-large scale inventory, real-time intelligent analysis of big data, user and entity behavior analytics (UEBA), multidimensional situation security view, and enterprise security closed-loop linkage. It has the ability of full network traffic processing, heterogeneous log integration, core data security analysis, office application security threat mining, advanced intelligent security threat mining and early warning management. Its aim is to provide enterprise customers with holistic situational awareness and achieve secure, uninterrupted and stable business operations. We are committed to making security smarter and simpler. 

Product Architecture

Data Collection: provides continuous data for downstream real-time calculation through real-time collection of full data, security equipment logs, application logs etc. 

Extract Transform Load: provides powerful data extraction, transformation, and loading capabilities, with parsing engine support for 300+ vendors and 3000+ category logs. 

Data Analysis and Calculation:creates highly available clusters with HDFS Federation and YARN as the core, integrates various computing components, including HBase, Kafka, Flink, etc. 

Application Services:offers a personalized display of data results and uses the alarm system to report abnormal results and data alerts.

Product advantage

1. Multi-source Heterogeneous Data Collection

Adopt diverse and heterogeneous data collection of security assets. It is equipped with full-traffic seven-layer protocol analysis and intelligent analysis and collection technology of whole network security logs. Data collection, cleaning, standardization and storage of all kinds of security equipment and system data can be realized by means of adaptive data sources, and various data subscription and analysis functions such as offline, real-time and full-text retrieval can be provided.

2. User and Entity Behavior Analytics

User and Entity Behavior Analytics provides portrait and anomaly detection based on a variety of analytical methods, usually basic analytical methods to evaluate users and other entities (hosts, applications, networks, databases, etc.) to discover potential events associated with user or entities standard portrait or behavior anomaly activities. These activities include abnormal access to the system by internal or third-party personnel (abnormal user), or intrusions by external attackers that bypass defensive security controls. Through the clustering of users' daily behaviors and the security domain information of AiLPHA big data analysis platform, different categories of users are distinguished. When these users act outside their area of responsibility, the platform marks a high Anomaly Score on that user.

3. Threat Intelligence Traceability

Advanced cybersecurity incidents are hidden and complex, making it difficult for security operation and maintenance personnel to conduct traceability analysis, including assessing security incidents and making decisions and respond. Through the use of threat intelligence, big data security analysis, establishment of intelligence sharing, collaborative analysis, full life cycle tracking of the traceability process of security incidents, AiLPHA platform can greatly assist operation and maintenance personnel in security threat elimination, attack chain analysis, incident traceability, etc. to improve the overall security incident analysis ability of enterprises.

4. Intelligent Model Orchestration

AiLPHA computing and analysis system can achieve intelligent model orchestration and support user-defined implementation of data mining and cluster learning basic algorithms. Multiple elements are linked by using a flow of directed connectors to represent model data. After the model orchestration is completed, the calculation results of the model can be displayed in real time, and the existing model can be directly invoked as the input for the next model. When modifying the model, the interface will display the addition, deletion and modification of model indicators. It supports Python, Java and other programming languages.

Product value

  • Massive Multi-Source Heterogeneous Data Processing

    ·Build petabyte-level data center to achieve efficient data retrieval and mining analysis.  ·Collect full data, device logs and application logs to help customers have a comprehensive view of data.  ·Meet the 180-day storage requirement of the China Cyber Security Law.
  • False Alarm Rate Reduced Significantly

    ·Eliminate duplicate data to improve the accuracy by multi-dimensional aggregation analysis of the original data and security warning. ·Improve prediction ability and detection accuracy by using previous security events to train models and automatically adjust security policies. ·Reduce the amount of security alarm processing 10-100 times by standarded data verification and on-site operation analysis. 
  • AI Analysis Discovers Advanced Hidden Threats

    ·Detect hidden and low-frequency advanced threats by passing protective equipment. ·UEBA discovers internal advanced threats (host collapse, data interception, hacking, unauthorized, etc). ·Compare the standard data verification and on-site operation with traditional security products, it increases inspection rate to 20-30%.
  • Traceability of Complete Threat Attack Chain

    ·Multi-dimensional correlation analysis of assets to restore the complete chain of attack to help customers from the root cause of security threats.  ·Different solutions are provided to locate the source of the attack for intranet and extranet. ·Map analysis is used to quickly identify the infection area and the source of the attack.
  • One-stop Security Operation and Closed-loop Disposal

    ·Provide large visual screen so that customers can observe the overall security situation of the whole system, making operation and maintenance management easier.  ·Provide work order operation and maintenance disposal, and assist customers in the performance assessment of safety management, so as to achieve closed-loop disposal of safety incidents. ·Combine with security services to achieve rapid emergency response and major security assurance. ·Vertical management satisfies the multi-level architecture management of large enterprises.
  • Meet Diverse Compliance Requirements

    ·Meet international, national and industry compliance requirements. ·Meet the requirements of network security level protection system 2.0 for big data application security including redundancy, authority and audit to protect data security in all aspects.

Delivery Mode

1.All-in-one Software and Hardware Mode

·The hardware and software integration is used for big data storage, data computing processing and data display. It integrates the operating system, computing resources and storage resources for overall deployment and delivery.

·Docker technology is adopted on a single-node machine (memory >256G) to run components needed for big data. When the amount of data is too large to support a single node, it can seamlessly expand horizontally to create its own local big data platform.

2.Software Mode (Cloud Platform Mode)

Support software-only delivery mode, which can be deployed in user-provided hardware servers or mainstream cloud platforms in the market and in existing virtualization resources to improve the utilization of computing resources.

Product Honors

  • China Information Industry Association: Innovative Application of Smart City in 2017

  • Zhejiang Big Data Application Technology Industry Alliance: 2018 Zhejiang Province Big Data Application Technology Innovation Award

  • Lei Feng Website: 2018 AI Best Product Growth Award

  • China Cybersecurity Industry Alliance: Excellence Award of Cybersecurity Innovative Product in 2018

  • Ministry of Industry and Information Technology of the People’s Republic of China: Pilot Demonstration Project of Big Data Safety Guarantee and the Development of Big Data Industry in 2018

  • National Development and Reform Commission: National and Local Joint Engineering Research Center for Big Data Cybersecurity Situation Awareness and Intelligent Prevention and Control Technology

  • Cyber Defense Magazine:Breakout Security Information Event Management (SIEM) InfoSec Award for 2019

  • ···