Cyber Threat Management System
providing proactive protection

Compared to the conventional TESS TMS, the TESS TMS provides additional features such as collecting suspicious files, YARA Engine-based malicious file detection, automated application detection/analysis, suggesting a more sophisticated security monitoring and response system against new threats including APT.
TESS TMS provides overall monitoring and response to cyber threats by preventing escalation of damage with remedies to simultaneously relieve damage through early warnings, alarms, monitoring and analysis of cyber threats including internet worms, viruses, and hackings.

TESS TMS
Configuration

Malicious traffic collected from sensors are analyzed to provide an overview of the status.

TESS TMS Configuration

Malicious traffic collected from sensors are analyzed to provide an overview of the status.

Major Features of TESS TMS

Attack
Detection

Attack Detection

Signature-based detection of DoS, Malware, etc.

Collecting and analyzing information
of malicious traffic

Collecting and analyzing information of malicious traffic

Collecting and detailed analysis of suspicious traffic.

Policy
Management

Policy Management

Establishing policies against security threats

System-linked
detection information

System-linked detection information

Repeating detected information to Comprehensive Analysis System or Enterprise Security Management (ESM), and IPS block signal.

File collection and
malware detection

File collection and malware detection

Detecting and collecting file transfer within traffic, YARA signature-based malware detection, synchronization with external APT solutions

Detection information IP
reputation matching

Detection information IP reputation matching

Threat analysis engine based on
attackers‘ IP reputation information

Application
Detection

Application Detection

Detecting / analyzing application level without any specific detection protocol

Learning
Asset Status

Learning Asset Status

Internal asset information collection provided as default analysis function

Features of TESS TMS

Next generation threat detection	Sandbox	Responding to APT malware through Sandbox Synchronization.
Next generation threat detection	PCRE/YARA	Complete support of PCRE/YARA/Application
Threat collection/analysis	High performance packet processing	Dedicated collecting card, Multi-core/Multi-threading
	Threat detection raw data	Collecting raw data of Snort/PCRE-based detection data
	Collecting Files	Automatic detection/collection of all files transferred through traffic
Visualization	Intuitive User Interface	Visually displayed data, and intuitive UI for various statistics
Visualization	Reducing real-time analysis time	UI for real-time event analysis
Encrypt	SSL	HTTPS RSA-base encryption detection
Encrypt	Expanded detection range	Asset learning through application detection

Cloud

Fully support and compatible with a wide range of cloud environments

Next generation threat detection

Sandbox

Responding to APT malware through Sandbox Synchronization.

PCRE/YARA

Complete support of PCRE/YARA/Application

Threat collection/analysis

High performance packet processing

Dedicated collecting card, Multi-core/Multi-threading

Threat detection raw data

Collecting raw data of Snort/PCRE-based detection data

Collecting Files

Automatic detection/collection of all files transferred through traffic

Visualization

Intuitive User Interface

Visually displayed data, and intuitive UI for various statistics

Reducing real-time analysis time

UI for real-time event analysis

Encrypt

SSL

HTTPS RSA-base encryption detection

Expanded detection range

Asset learning through application detection

Cloud

Fully support and compatible with a wide range of cloud environments

TESS TMS