Alienvault SIEM

  • Siem & Logger
  • Ransomware /Malware Detection
  • Vulnerability Assessment
  • Threat Intelligence Exchange
  • User behavioral Analysis
  • Deloitte Techology Fast
  • SC Best Buy
Alienvault SIEM

Easy to operate , easy to understand

  • Integration with SIEM and Logger
  • Compliance Management Platform
  • Dynamic Dashboard
  • Deep Learning analysis
OneMan SOC Portal

Log Master

  • Logger
  • Cyber Threat Intelligence
  • Digital Signature
  • Account Behavioral Analysis
  • Change Management
Taipei City Place Type SBIR
Log Master

Our Customers

  • 中華民國外交部
  • 行政院研考會
  • 中央研究院
  • 資策會
  • 台灣銀行
  • 聯邦銀行
  • 中華電信
  • 中華電信研究院
  • 馬偕醫院
  • 桃園機場
  • 新竹縣政府
  • 台北科技大學


  • 2013/07 Billows Technology was founded
  • 2014/01 Became AT &T AlienVault's distributor
  • 2014/08 Developed our own product “Billows LogMaster” and received SBIR grant and patent from Taipei City Government
  • 2015/03 Billows participated in Taipei SBIR Achievement Ceremony
  • 2016/01 Billows developed “Billows Security monitoring platform” and received SBIR grant from Ministry of Economic Affairs
  • 2016/07 Billows won the NTUT Highlight Enterprise Awards of 2016
  • 2018/02 Billows signed an MOU with Institute for Information Industry to collaborate with MSSP's development project
  • 2018/06 Billows became AlienVault MSSP partner
  • 2018/06 Became TWCERT/CC Partner & Signed an MOU to exchange threat Intelligence in 2018
  • 2018/07 Received Certificate of Registration as a Technological Service Organization from Industrial Development Bureau
  • 2019/09 Billows qualified as a Critical Information Infrastructure Protection testing Security vendor of Industrial Bureau of the Ministry of Economic Affairs

WHAT is our service?

All in One SOC

Our platform provides intelligence-driven proactive defense, combining AT&T's threat intelligence, TeamT5's endpoint threat forensic analysis, and Acalvio deception technology are used to observe the attack trajectory and patterns for correlation analysis. When incidents occur, relevant information can be quickly shared for defense effectively, reducing victim cases. Moreover, the exchange of intelligence and assistance in notifications of cybersecurity incidents with Taiwan ISAC can more appropriately assist enterprises in cybersecurity defense.

All in one SOC

WHO can use it?

  • 學校
  • 政府單位
  • 金融單位
  • 電信

Education, Government, Financial institutions, Telecommunications, and other companies and units that need to automate audits, personal data, and security.

Alienvault USM

AT & T Cybersecurity's AlienVault USM is an all-in-one platform. Unlike traditional SIEM or security point products. The USM Appliance platform provides five security essential s in a single console, giving you everything you need to manage both compliance and threats. Including:

  • Asset discovery,
  • Vulnerability assessment,
  • Intrusion detection
  • Behavioral monitoring
  • SIEM

The main capability of USM comes from Open Threat Exchange(OTX). The world's largest open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. OTX has gathered more than 80,000 users from 140 countries around the world. Through the platform, more than 19 million potential threats are shared daily. The USM is updated every 15 minutes and audited OTX information, so it can detect almost all kinds of real-time threats flowing around the world.

In addition, AT & T joins the Global Telco Security Alliance consisting of Softbank, Etisalat, Singtel, and Telefónica.

Alliance combines resources and capabilities of telecom operators to help protect all types of businesses from the growing threat of sophisticated cyber-attacks.

The inclusion of AT&T heightens the Alliance's ability to share insights and best practices for customers globally by harnessing the expertise of more than 6,000 security experts and a global network of more than 28 Security Operations Centers. Combined, the members of the Alliance now cover more than 1.2 billion customers in more than 60 countries across Asia-Pacific, Europe, the Middle East and the Americas.

Threat Detection

Detect malicious traffic on your network

  • Network IDS
  • Host IDS
  • File Integrity Monitoring (FIM)

Threat Detection

Asset Discovery

Find all assets on your network before a bad actor does

  • Active Network Scanning
  • Passive Network Monitoring
  • Asset Inventory

Asset Discovery

Vulnerability Assessment

Identify systems on your network that are vulnerable to exploits

  • Network Vulnerability Testing
  • Continuous Vulnerability Monitoring

Vulnerability Assessment

Features: AlienVault USM Traditional SIEM
Log Management Yes Yes
Event Management Yes Yes
Event Correlation Yes Yes
Reporting Yes Yes
Trouble Ticketing Built-In $$
(3rd-party product that requires integration)
Security Monitoring Technologies:
Asset Discovery Built-In $$
(3rd-party product that requires integration)
Network IDS Built-In $$
(3rd-party product that requires integration)
Host IDS Built-In $$
(3rd-party product that requires integration)
Netflow Built-In $$
(3rd-party product that requires integration)
Full Packet Capture Built-In $$
(3rd-party product that requires integration)
File Integrity Monitoring Built-In $$
(3rd-party product that requires integration)
Vulnerability Assessment Built-In $$
(3rd-party product that requires integration)
Additional Capabilities:
Continuous Threat Intelligence Built-In Not Available
Unified Management Console for security monitoring technologies Built-In Not Available

Show Case

  • Internal Server connected to malicious website
    Case 1

    Internal Server connected to malicious website

    • Related Devices:Checkpoint Firewall(Log) & AlienLab Threat Intelligence System
    • Scenarios:
      1. The internal server is suspected of being installed with a backdoor and sending data to an external malicious website.
      2. When the internal server performs general web browsing, there may be an advertisement page embedded in the malicious link.
    • Response:
      1. Confirm the external malicious website whether it's still dangerous
      2. Check if the internal server is implanted with malware and clean it
      3. Host forensic of endpoint detection for the related hosts
  • The Sender is from a malicious IP
    Case 2

    The Sender is from a malicious IP

    • Related Devices:Checkpoint Firewall(Log) & AlienLab Threat Intelligence System
    • Scenarios:
      1. Suspected external malicious server was sending mails to internal server
    • Response:
      1. Confirm the internal server whether has a mail service
      2. Tracking the external sending server whether is abnormal
      3. Confirm whether the email is sent successfully, and notify the recipient to check if the email is abnormal or delete it directly.
      4. If check it's a malicious mail or the mail is already open, proceed clearing the malicious software and evaluated for possible damage.
  • Webpage Attack
    Case 3

    Webpage Attack

    • Related Devices:Data packet and AlienLab vulnerability Scanning database
    • Scenarios:
      1. The web server is being attack by a hacker, for example
        • Execution instruction
        • Stealing passwords
        • Stealing database data
    • Response:
      1. Confirm that the web attack was whether successful and evaluate the damage that may be caused
      2. Immediately reinforce all webpages' vulnerability and re-execute vulnerability scans
      3. Host forensic of endpoint detection for the related hosts 
  • Blocking Service Attack
    Case 4

    Blocking Service Attack

    • Related Data packet
    • Scenarios:
      1. Suffering from hackers to perform UDP Flooding attacks
    • Response:
      1. Evaluate damage that may be caused by blocking service attacks
      2. If necessary, include the attack IP in the firewall on a short-term blocking list
  •  Network Scanning Attack
    Case 5

    Network Scanning Attack

    • Related Device:Intrusive Prevention Device Log
    • Scenarios:
      1. Scenarios
    • Response:
      1. Confirm the domain query request from the server is whether legal
      2. If necessary, include the attack IP in the firewall on a short-term blocking list
  • Brutal attack of password cracking
    Case 6

    Brutal attack of password cracking

    • elated Device:Sever System Log and AlienLab NIDS
    • Scenarios:
      1. he file transfer service opened by the web server suffers intensive attempts to log in in a short period of time.
    • Response:
      1. Confirm whether the attempted account is a valid account and the password has been guessed or not.
      2. Require customers to set more complicated passwords and change them regularly
      3. Limit the IP of each account that can be connected if necessary.

Log Master

Log Master

Billows LogMaster allows collecting, compressing and saving large volumes of raw logs. It also allows for integration with other reporting software to maximize visibility and allow effective visualization of internal information. Additionally, users can also automatically forward security logs to their threat analysis platform based on their custom cyber security analysis needs. LogMaster offers the following capabilities.

Log Storage: collecting and normalizing logs while performing long-term log storage and non-repudiation verification

Threat analysis: Integrating analysis within inbuilt threat modules so as to detect abnormal events

Packet storage: automatically saving packets when a specific security incident occurs, preserving the integrity of digital forensics

Quick response: provisioning of an automated response mechanism that effectively shortens response time and automatically generates the required event messages, simplifying and shortening incident response steps.


Acalvio ShadowPlex was highly effective in identifying, at high accuracy, malicious activity within the internal networks and detecting related east-west movement and reconnaissance. Acalvio ShadowPlex proved to have the sensitivity and accuracy to detect this sophisticated type of attack and then to alert the SOC team to it promptly. ShadowPlex detected the cyberattacker's activity early, at high integrity, and did not require any signature nor endpoint agent.

A few of the technology advantages within ShadowPlex that helped identify the incident were:

  • The signature-less approach adopted by ShadowPlex helps enterprises detect even unknown versions of malware. Acalvio has found from earlier similar engagements that malware infections are sometimes undetected either because the AV protection tool could not be installed for various operational reasons or when AV protection failed to identify completely new strains of malware. The ShadowPlex solution has been proved to be effective even in such scenarios as ShadowPlex does not rely on signature of the malware for detection.
  • ShadowPlex environment effectively deployed believable deceptions. Believability and attractiveness of Deceptions are extremely important for a production deception deployment that ensures attacks happen against the deployed deceptions.
  • The high-fidelity incidents that were reported ensured that the right incident was captured and the enterprise was protected.


Contact us

Billows Technology

  • Office
    12F., No 29-1, Sinsheng N. Rd., Jhongshan Dist., Taipei City 104, Taiwan (R.O.C)
  • Tel
  • Fax
  • Line
  • Email