An integrated server with AI agent capability and risk detection capability, covering security, monitoring, and business scenarios
Background
Need to be a multi-scenario center?
On the one hand, security and monitoring requirements have been increasingly mixed together, and artificially separating security and monitoring functions does not meet actual requirements;
On the other hand, in cloud and cloud-native environments, collecting more data with fewer probes is also a rigid requirement for each customer, and the valuable data collected will inevitably require more open and diverse support capabilities, which also makes multi-scenario data analysis possible.
1. How to implement performance monitoring?
In every application and business message of TiFlow Microprobe, it not only includes the content of the application and business, but also includes rich and professional performance indicators; Including response latency of various applications, SQL query latency, network latency, and various return codes, network layer retransmission and interrupts, etc;
Based on the content and performance indicators of these applications and businesses, TiCenter can easily achieve the main functional scenarios for APM and NPMD. See details;
2. How to implement security functions?
> Lateral Movement Attack Detection
TiCenter comes with a risk detection engine (TiDetector) that can use the application and business messages uploaded by TiFlow Microprobe as metadata to detect attack risks; The biggest advantage of this detection capability is that based on the fully blind spot free deployment of TiFlow Microprobe, it can easily determine global risks in cloud and cloud native environments, rather than just point and line detection capabilities; Can have an effect on attacking the east-west lateral movement of clouds; See details;
> HIDS/EDR Implementation
The TiScanner host security baseline data (and TiFlow's system log data) can help TiCenter quickly implement the main application scenarios of HIDS/EDR;
> Cloud Abnormal Traffic Analysis
Based on TiCenter's visual dashboard and alarm algorithm, combined with TiFlow's rich network layer indicators and asset information, it can also achieve monitoring and analysis of abnormal traffic related to cloud assets;
> SOC?or XDR?
TiCenter can also access third-party alarm data, combined with TiFlow and TiScanner data to achieve more powerful comprehensive analysis capabilities; and can use TiCenter AI agent modules to achieve more intelligent security analysis.
3. About the AI agent
TiCenter's AI agent module began in August 2023. Thanks to the support of cloud service provider customers, TiCenter AI agent grew rapidly in the following months and realized Alpha version in January 2024; In the actual supervision and training process, we not only collected the alarm data of various types of security products,
combined with the manual experience of attack and defense experts to verify the real alarm risk and analysis conclusions, but also because of the high-quality metadata of TiFlow and TiScanner, the data quality and training effect can be rapidly improved.
TiCenter AI agent will be released in April 2024.
TCPIPlabs Tech., Inc. © 2022-2024 EULA,Infomation and Code Secunity Statement
Product Center | Scene Centre | Company Related | |
Cloud East-West Security | |||
TiCenter-Multi Scene Center | Cloud Traffic Analysis | Our Insights | |
TiScanner Baseline Probe | Data Behavior Monitoring | To Our Partners | |
TiRunner Stress Platform |
|
Contact Us | |