AiLPHA Big Data Intelligent Security Platform (AiLPHA) is an innovative and intelligent cybersecurity product developed by the R&D team under the leadership of DBAPP Chief Scientist Liu Bo, aiming to solve the increasingly complex and hidden security threats that traditional security device cannot address. With the core concept of "AI-driven security", AiLPHA has built diversified security modules such as an integrated ultra-large scale inventory, real-time intelligent analysis of big data, user and entity behavior analytics (UEBA), multidimensional situation security view, and enterprise security closed-loop linkage. It has the ability of full network traffic processing, heterogeneous log integration, core data security analysis, office application security threat mining, advanced intelligent security threat mining and early warning management. Its aim is to provide enterprise customers with holistic situational awareness and achieve secure, uninterrupted and stable business operations. We are committed to making security smarter and simpler.
Data Collection: provides continuous data for downstream real-time calculation through real-time collection of full data, security equipment logs, application logs etc.
Extract Transform Load: provides powerful data extraction, transformation, and loading capabilities, with parsing engine support for 300+ vendors and 3000+ category logs.
Data Analysis and Calculation:creates highly available clusters with HDFS Federation and YARN as the core, integrates various computing components, including HBase, Kafka, Flink, etc.
Application Services:offers a personalized display of data results and uses the alarm system to report abnormal results and data alerts.
Adopt diverse and heterogeneous data collection of security assets. It is equipped with full-traffic seven-layer protocol analysis and intelligent analysis and collection technology of whole network security logs. Data collection, cleaning, standardization and storage of all kinds of security equipment and system data can be realized by means of adaptive data sources, and various data subscription and analysis functions such as offline, real-time and full-text retrieval can be provided.
User and Entity Behavior Analytics provides portrait and anomaly detection based on a variety of analytical methods, usually basic analytical methods to evaluate users and other entities (hosts, applications, networks, databases, etc.) to discover potential events associated with user or entities standard portrait or behavior anomaly activities. These activities include abnormal access to the system by internal or third-party personnel (abnormal user), or intrusions by external attackers that bypass defensive security controls. Through the clustering of users' daily behaviors and the security domain information of AiLPHA big data analysis platform, different categories of users are distinguished. When these users act outside their area of responsibility, the platform marks a high Anomaly Score on that user.
Advanced cybersecurity incidents are hidden and complex, making it difficult for security operation and maintenance personnel to conduct traceability analysis, including assessing security incidents and making decisions and respond. Through the use of threat intelligence, big data security analysis, establishment of intelligence sharing, collaborative analysis, full life cycle tracking of the traceability process of security incidents, AiLPHA platform can greatly assist operation and maintenance personnel in security threat elimination, attack chain analysis, incident traceability, etc. to improve the overall security incident analysis ability of enterprises.
AiLPHA computing and analysis system can achieve intelligent model orchestration and support user-defined implementation of data mining and cluster learning basic algorithms. Multiple elements are linked by using a flow of directed connectors to represent model data. After the model orchestration is completed, the calculation results of the model can be displayed in real time, and the existing model can be directly invoked as the input for the next model. When modifying the model, the interface will display the addition, deletion and modification of model indicators. It supports Python, Java and other programming languages.
·The hardware and software integration is used for big data storage, data computing processing and data display. It integrates the operating system, computing resources and storage resources for overall deployment and delivery.
·Docker technology is adopted on a single-node machine (memory >256G) to run components needed for big data. When the amount of data is too large to support a single node, it can seamlessly expand horizontally to create its own local big data platform.
Support software-only delivery mode, which can be deployed in user-provided hardware servers or mainstream cloud platforms in the market and in existing virtualization resources to improve the utilization of computing resources.