Security Management
Data Security
Network Security
Application Security
Cloud Security
MSS Service
Professional Service
Security Service
Product Support Service
-
DAS Unified Endpoint Security System (DAS-UES)
The Unified Endpoint Security System offers integrated protection across users, devices, networks, apps, and data. It features modular functions like access control, zero trust, antivirus, DLP, watermarking, encryption, auditing, and desktop management. It meets core needs such as remote access, threat prevention, data security, and desktop control, providing a comprehensive and modern approach to endpoint security.
-
- AI security
- Terminal management
- Network access
- Intrusion protection
- Business secret
-
-
Background
AI security protection in office: Focus on asset management of AI applications on office terminals, prevention of AI-related sensitive data leakage, and control of AI output content.
Solution
Through intelligent semantic analysis and fine-grained permission control, block inappropriate output content, prevent large models from accessing internal sensitive files without authorization, and use public data in a compliant manner.
-
- Background
1. Terminal assets are difficult to identify, resulting in a lack of asset inventory.
2. Employees privately connect peripherals such as wireless routers and 4G network cards, or connect unapproved storage devices via USB, which can easily lead to virus transmission.3. Devices illegally connect to Internet hotspots, bypassing firewalls and exposing core business systems to the public network, resulting in frequent security incidents such as ransomware attacks.
Solution
Use terminal fingerprint binding technology to improve the accuracy and efficiency of identifying dumb terminals. Strengthen peripheral access management by establishing a strict approval mechanism to effectively prevent unauthorized peripheral connections. With advanced network security policies and monitoring tools, monitor and quickly block any unauthorized external connections in real-time.
-
- Background
1. Remote work risks: Employees use personal devices to access the intranet, with no guarantee of device security, and statically assigned permissions are prone to lateral penetration.
2. Uncontrolled third-party permissions: Access permissions are overly open. Account sharing vulnerabilities occur frequently, and a dynamic authentication mechanism is absent.
3. Privileged account risks: Administrators hold long-term static high privileges, without enforcing the principle of least privilege.
Solution
Adopt a secure access strategy of terminal access and zero trust to strictly verify user identities, ensuring that only legitimate users can access the system. Access permissions are assigned according to user roles and responsibilities. The secure access strategy can be dynamically revoked. When a user's identity changes, the system automatically adjusts their permissions to ensure that users can only operate within the authorized scope.
-
- Background
1. Users frequently suffer from cyberattacks, causing terminal computers to be infected. Ransomware, mining viruses, and unknown threats spread laterally across office terminals.
2. The terminal operating environment and users' important data are compromised. In minor cases, normal office work might be affected; in severe cases, huge economic and property losses might be incurred.
Solution
In the pre-incident stage, quickly identify system vulnerabilities through vulnerability scanning and use baseline checks to ensure that system configurations meet security standards, building a solid defense for network security. In the in-incident stage, the tri-in-one engine detects and intercepts various threats in real-time, particularly protecting against ransomware and mining software. In the post-incident stage, in-depth forensics accurately dissects the source and path of attacks.
-
- Background
1. Users do not have effective tools to assist in recording the distribution of business secrets.
2. The peripheral device management mechanism in the unit is not sound, allowing for arbitrary data copying to USB drives, file printing, or file burning to CDs.
3. Core business secrets such as core codes, formulas, and blueprints are seriously leaked through unauthorized sending or screenshots.
Solution
Through AI-enabled intelligent classification and grading, DAS-UES accurately identify sensitive data across the network and strictly control data exfiltration to prevent unauthorized disclosure. Data encryption protection ensures the security of data during transmission and storage, making it difficult to decrypt and use even if illegally obtained. In case of data leakage through photography or screenshotting, the data source can be quickly traced through watermarking.
-
-
-
Data leakage prevention
Through AI-powered intelligent classification and grading, accurately identify sensitive data across the network and strictly control the exfiltration of sensitive data to prevent unauthorized disclosure. It also has data encryption and watermarking capabilities to provide a fallback protection against data leakage.
-
-
-
-
Anti-virus
In the pre-incident stage, accurately identify system vulnerabilities and optimize configurations to build a solid security baseline. In the in-incident stage, the tri-in-one engine intercepts malicious attacks such as ransomware and mining software in real-time. In the post-incident stage, conduct in-depth forensics to track the attack path and intelligently generate defense strategies.
-
-
-
-
Peripheral device control
Peripheral device control accurately manages interfaces such as wireless, USB, and optical drives. It supports differentiated terminal control. Administrators can uniformly manage access permissions for removable media, effectively preventing data leakage while ensuring office efficiency.
-
-
-
-
Host firewall
Through centralized policy configuration, uniformly manage the networks for terminal internal and external access. Configure firewall rules with five-tuple for fine-grained control, provide flexible handling measures, and record audit logs.
-
-
-
-
Terminal access control
Ensure compliant network access through identity authentication and terminal security checks. Monitor user access behavior and environmental risks in real-time. Intelligently block and offline abnormal devices to fully prevent unauthorized access and build an efficient and reliable network protection system.
-
-
-
-
Business access control
Implement strict identity verification based on a zero-trust architecture. Dynamically assign minimum access permissions according to roles. Monitor in real-time and automatically revoke abnormal authorizations to achieve full-cycle permission management and effectively block the risk of data leakage.
-
Lightweight operation
Under normal conditions, it occupies less than 5% of CPU resources and less than 100M of memory, without affecting users' normal office work. It has an intelligent fusing function, retaining only basic protection capabilities during a breakdown to ensure users' normal office work.
Integrated protection
The Unified Endpoint Security System integrates multiple services. With one platform and one client, it enables unified management. It can combine cloud-based big data and threat intelligence to effectively perceive the local security situation and achieve unified data viewing and management.
Intelligent data protection
Combined with AI-powered intelligent semantic analysis, classify data to greatly improve the accuracy of identifying sensitive data. Detect data exfiltrated through network and device channels and implement differentiated response control.
Multidimensional defense
Defend against known and unknown types of ransomware. Using a decoy engine and a ransomware behavior analysis engine, block the encryption behavior when ransomware attempts to encrypt files. At the same time, back up files to effectively protect terminal data security.
