Sangfor Stealth Threat Analysis (STA) is the sensor used in the Cyber
Command solution. It is a hardware device that collects raw network traffic mirrored from switches and extracts traffic metadata, such as the source and destination IP addresses, protocol, port, packet size, timestamp, and other network-level data. It correlates the data into contextualized event logs and then forwards them to Cyber Command for more in-depth analysis.
Cyber Command collects data from the STA sensor and applies AI and machine learning techniques to correlate and analyze the data. It then compares the real-time analysis results with established baselines of normal network behaviours to detect anomalies concealing malicious activities, such as stealthy command and control (C2) communication, lateral movement disguised as business traffic and irregular user behaviour indicating insider threats.