Product description

Group-IB Threat Detection System is an advanced solution designed to detect cyberattacks on corporate and government information systems, preventing monetary thefts, espionage, sabotage, confidential data leaks, and business process risks.

Group-IB’s unique experience in cybercrime investigations, digital forensics, malware analysis and threat monitoring has been fused into Group-IB TDS. Group-IB TDS effectively detects all core types of malware spread and controlled via computer networks:

  • Banking and mobile Trojans;
  • Malware used to perform targeted attacks;
  • Remote access Trojans and backdoors;
  • Exploits for browsers and plugins;
  • DDoS and spam bot;
  • Exploits for vulnerabilities in network services and applications.

The solution applies the following techniques to detect threats:

  • Signature-based traffic analysis;
  • Detection of network behavior anomalies using machine learning technology;
  • Behavior analysis of files retrieved from network traffic and mailing systems;
  • Detection of the malicious activity on the host.

The solution architecture includes the following components:

  • TDS Sensor – a data analysis sensor, which is connected to a mirrored copy of a protected organisation's traffic. A mandatory element of the system.
  • Security operations center (SOC) – a mandatory element of the system. Remote Group-IB SOC is used by default, but it is possible to deploy an internal Control Center in the form of TDS HuntBox, a system for analysing, correlating, making decisions on, and managing all components of the solution.
  • TDS Polygon – a behaviour-based analysis module. An additional component that expands functionality and detects previously unknown threats and advanced targeted attacks. 
  • TDS Endpoint – software for collecting data on user and program behaviour, which ensures that full event chronology is recorded in the system, unusual behaviour is blocked, the host is isolated and the data are stored remotely for subsequent analysis. 
  • TDS Decryptor - интеграционный модуль для работы с SSL/TLS трафиком.