Threat Detection System

Intelligence driven threat detection for your network

Identify malicious activities in your internal network to prevent intrusions, attacks, data leaks, and espionage

Immediate notifications on all relevant malware families

Identification of infected devices in your company’s wireless networks

Manual log analysis and allocation of critical incidents by Group-IB experts

User-friendly web interface and detailed reports on detected threat

Daily and automatically updated filter rules and signatures

24/7 support via a convenient ticket system

What is TDS

Group-IB TDS (Threat Detection System) is an effective tool to identify network anomalies and cyber threats in real-time which are targeting your network. This system is based on Group-IB’s unique expertise and threat intelligence foundation.

Group-IB TDS is a component of Group-IB’s early warning system of products all of which contribute to the effectiveness of TDS to protect your network. Group-IB TDS is also supported 24/7 by Group-IB’s SOC team to provide recommendations on remediation and mitigation techniques to your security specialists.With Group-IB TDS, you can ensure your network is protected from the most advanced cyber threats and threat actors.


86%

infected computers in Botnets have anti-virus software installed


1 500 000+

computers became part of the Carberp botnet



3 months

the average time it takes the company to detect a targeted attack


$45+ min

stolen from banks by APT-groups in mid 2015 – the beginning of 2016

TDS Similar Products
Knowledge of actual threats with signature based detection and 24/7 support
Outsourcing log analysis and manually sieving out the most important events
Flexible set-up to integrate with IT infrastructure
Rapid incident response and digital evidence provided in accordance with international standards

How TDS works

MODULES

TDS Sensor:

  • Identifies infected device communication with Command and Control (C&C) servers, network anomalies and conducts user behavioral analysis to identify suspicious network activity.
  • Analyzes suspicious objects in Group-IB’s sandbox, Polygon, in order to identify attacks at the earliest stage.

TDS Polygon

Identifies attacks on your network from:

  • Malicious e-mails
  • Attacks on browsers
  • Attacks using unknown malware or tools

Group-IB’s sandbox, Polygon, based on machine learning, identifies suspicious files and classifies them on their level of danger to your network.

SOC Group-IB:

  • Identifies all information security incidents in a web-interface to organize events for your security team.
  • Suspicious incidents are analyzed by Group-IB’s SOC team and classified for your security team 24/7/365.
  • A convenient ticketing system ensures that all inquiries and responses are easily tracked and addressed.

DATA ANALYSIS

TDS is a physical network sensor with a DPI solution installed for analysis of all inbound and outbound packages. A set of signatures, “black lists” of botnets, as well as filtering rules are automatically updated. Signature data is transmitted about detected incidents to Group-IB’s cloud through a secure channel where Group-IB specialists carefully analyze all suspicious events.

buy modafinil legit Polygon launches suspicious files identified by the TDS sensor in an isolated environment in order to analyze the behavior of the file and make a conclusion on the level of the danger to the network.

watch SOC collects, correlates and classifies all information security events which have occurred on your network. Events are grouped by type and level of severity after being carefully analyzed by Group-IB specialist.

INDEPENDENT DATA ANALYSIS

TDS is a physical network sensor with a DPI solution installed for analysis of all inbound and outbound packages. A set of signatures, “black lists” of botnets, as well as filtering rules are automatically updated. Signature data is transmitted about detected incidents to Group-IB’s cloud through a secure channel where Group-IB specialists carefully analyze all suspicious events.

Polygon launches suspicious files identified by the TDS sensor in an isolated environment in order to analyze the behavior of the file and make a conclusion on the level of the danger to the network.

The events recorded by the TDS sensor can also be automatically sent to any SIEM or log storage system via the standard SYSLOG mechanism. It is also possible to organize an internal ticketing system to interact with your colleagues, record and track incidents on a local web-interface.

Technical specification

TDS-250 TDS-500 TDS-1000
Form factor 1U 1U 1U
Dimensions in mm 42,4 × 434 × 394,3 42,4 × 434 × 394,3 42,4 × 434 × 394,3
Power supply 1 × 250W 1 × 250W 2 × 350W
Network interfaces for traffic reception 1 × 1000BASE-T 2 × 1000BASE-T 4 × 1000BASE-T
Peak rate in Mbit/s 250 500 1 000