Alienvault SIEM

  • Siem & Logger
  • Ransomware /Malware Detection
  • Vulnerability Assessment
  • Threat Intelligence Exchange
  • User behavioral Analysis
  • Deloitte Techology Fast
  • SC Best Buy
Alienvault SIEM

Easy to operate , easy to understand

  • Integration with SIEM and Logger
  • Compliance Management Platform
  • Dynamic Dashboard
  • Deep Learning analysis
SBIR
OneMan SOC Portal

Log Master

  • Logger
  • Cyber Threat Intelligence
  • Digital Signature
  • Account Behavioral Analysis
  • Change Management
Taipei City Place Type SBIR
Log Master

Our Customers

  • 中華民國外交部
  • 行政院研考會
  • 中央研究院
  • 資策會
  • 台灣銀行
  • 聯邦銀行
  • 中華電信
  • 中華電信研究院
  • 馬偕醫院
  • 桃園機場
  • 新竹縣政府
  • 台北科技大學

News

  • 2018/06

    Billows Technology Signed MOU with TWCERT/CC

  • 2018/06

    Billows Technology became AlienVault’s MSSP Partner

  • 2018/02

    Billows Technology Signed MOU with Institute for Information Industry

  • 2016 / 10

    Billows Technology Won the NTUT Highlight Enterprise Awards of 2016

  • 2015 / 10

    AlienVault Won the Computer Security Awards of 2015

  • 2015 / 04

    Billows Technology LogMaster & AlienVault USM officially incorporated into the list of software and co-suppliers of Taiwan Industrial Bureau

  • 2015 / 03

    Obtained SBIR Grant from Taipei Government

  • 2014 / 08

    Obtained SBIR Grant from Taipei Government

  • 2014 / 01

    Became AlienVault Distributor

  • 2013 / 09

    Integrated with RFID & Big data to develop an Intelligence IDC Management platform

About us

  • Security Monitoring

    Security Monitoring

  • Compliance Management

    Compliance Management

  • SIEM

    SIEM

The internet can be a hazardous place, many threats jeopardize protecting personal and sensitive information. Information technology is everyone’s responsibility. That’s why Six years ago, Billows Technology began to provide security solutions and services in response to the compliance needs of the International Cyber Security and Protection of Personal Data.

Prior to starting our business, Our Team members have gained many years experience in building, operating and managing SIEM/SOC in the fields of government and local enterprises. Since its inception, the company has been pursing productive innovation. In addition to focusing on new product development, we acquired the distributorship of AlienVault. And due to years of experiences in system integration, we successfully established SIEM/SOC for our customers and gained their recognitions.

WHAT is our service?

  • Alienvault USM
  • Billows Log Master
  • Security Portal
  • Consultant Tutorship

Three stages “Implement, Integration, Development” to build the most secure and easy manage Security Operation Center.

WHO can use it?

  • 學校
  • 政府單位
  • 金融單位
  • 電信

Education, Government, Financial institutions, Telecommunications, and other companies and units that need to automate audits, personal data, and security.

Alienvault USM

Many people often ask me why I bought all of my security products and implement SIEM, but the company system still has some security problems. I always say: ”This is not only a technical issue but also the people and process. Just like you bought a pair of shoes like Michael Jordan, it doesn't mean you can play basketball like him. “ Equipment is only a tool, and it also needs relevant elements (process and people) to effectively secure the environment.

SIEM is used to collect and analyze the logs of IT devices to find the abnormal. However, in a real-world environment, it may be impossible to collect complete log into SIEM due to factors such as the technical capabilities of the vendor or host performance. This is also the main reason why most traditional SIEMs do not work as well as it designed to be. In view of this, AlienVault USM provides different data modules "log, traffic, vulnerability, assets, HIDS", etc., in addition to the log correlation function, the cross-correlate different module data, such as Internal traffic data and vulnerability data to improve analyst accuracy。

Threat Detection

Detect malicious traffic on your network

  • Network IDS
  • Host IDS
  • File Integrity Monitoring (FIM)

Threat Detection

Asset Discovery

Find all assets on your network before a bad actor does

  • Active Network Scanning
  • Passive Network Monitoring
  • Asset Inventory

Asset Discovery

Vulnerability Assessment

Identify systems on your network that are vulnerable to exploits

  • Network Vulnerability Testing
  • Continuous Vulnerability Monitoring

Vulnerability Assessment

Features: AlienVault USM Traditional SIEM
Management:
Log Management Yes Yes
Event Management Yes Yes
Event Correlation Yes Yes
Reporting Yes Yes
Trouble Ticketing Built-In $$
(3rd-party product that requires integration)
Security Monitoring Technologies:
Asset Discovery Built-In $$
(3rd-party product that requires integration)
Network IDS Built-In $$
(3rd-party product that requires integration)
Host IDS Built-In $$
(3rd-party product that requires integration)
Netflow Built-In $$
(3rd-party product that requires integration)
Full Packet Capture Built-In $$
(3rd-party product that requires integration)
File Integrity Monitoring Built-In $$
(3rd-party product that requires integration)
Vulnerability Assessment Built-In $$
(3rd-party product that requires integration)
Additional Capabilities:
Continuous Threat Intelligence Built-In Not Available
Unified Management Console for security monitoring technologies Built-In Not Available

Show Case

  • Internal Server connected to malicious website
    Case 1

    Internal Server connected to malicious website

    • Related Devices:Checkpoint Firewall(Log) & AlienVault Threat Intelligence System
    • Scenarios:
      1. The internal server is suspected of being installed with a backdoor and sending data to an external malicious website.
      2. When the internal server performs general web browsing, there may be an advertisement page embedded in the malicious link.
    • Response:
      1. Confirm the external malicious website whether it’s still dangerous
      2. Check if the internal server is implanted with malware and clean it
      3. Evaluate possible damage, change password immediately or reinstall the system
  • The Sender is from a malicious IP
    Case 2

    The Sender is from a malicious IP

    • Related Devices:Checkpoint Firewall(Log) & AlienVault Threat Intelligence System
    • Scenarios:
      1. Suspected external malicious server was sending mails to internal server
    • Response:
      1. Confirm the internal server whether has a mail service
      2. Tracking the external sending server whether is abnormal
      3. Confirm whether the email is sent successfully, and notify the recipient to check if the email is abnormal or delete it directly.
      4. If check it’s a malicious mail or the mail is already open, proceed clearing the malicious software and evaluated for possible damage.
  • Webpage Attack
    Case 3

    Webpage Attack

    • Related Devices:Intrusion Prevention Device and AlienVault vulnerability Scanning database
    • Scenarios:
      1. The web server is being attack by a hacker, for example
        • Execution instruction
        • Stealing passwords
        • Stealing database data
    • Response:
      1. Confirm that the web attack was whether successful and evaluate the damage that may be caused
      2. Immediately reinforce all webpages’ vulnerability and re-execute vulnerability scans
  • Blocking Service Attack
    Case 4

    Blocking Service Attack

    • Related Intrusion Prevention Device
    • Scenarios:
      1. Suffering from hackers to perform UDP Flooding attacks
    • Response:
      1. Evaluate damage that may be caused by blocking service attacks
      2. If necessary, include the attack IP in the firewall on a short-term blocking list
  •  Network Scanning Attack
    Case 5

    Network Scanning Attack

    • Related Device:Intrusive Prevention Device Log
    • Scenarios:
      1. Scenarios
    • Response:
      1. Confirm the domain query request from the server is whether legal
      2. If necessary, include the attack IP in the firewall on a short-term blocking list
  • Brutal attack of password cracking
    Case 6

    Brutal attack of password cracking

    • elated Device:Sever System Log and AlienVault NIDS
    • Scenarios:
      1. he file transfer service opened by the web server suffers intensive attempts to log in in a short period of time.
    • Response:
      1. Confirm whether the attempted account is a valid account and the password has been guessed or not.
      2. Require customers to set more complicated passwords and change them regularly
      3. Limit the IP of each account that can be connected if necessary.

Log Master

Log Master

In order to preserve the system data for a long term in response to the compliance, Billows Technology has developed a compliance management platform for many years, in which can effectively confirm the data collection status, collect the customized software log, and assist the customer to simplify the logger implement process.

The platform has the ability to operate independently, and can provide a complete log solution with customers' existing log products to meet various log analysis and statistics needs of customers. This platform provides horizontal expansion to increase the overall capacity and performance of the system.

Contact us

  • Office
    12F., No 29-1, Sinsheng N. Rd., Jhongshan Dist., Taipei City 104, Taiwan (R.O.C)
  • Tel
    02-25623952
  • Fax
    02-25363763
  • Line
    @vri4754n
  • Email