language icon search icon
AIStorm TheartTrace

See Deeper. Prove Faster

home > products & solutions > AIStorm TheartTrace
Product Introduction

AIStorm ThreatTrace is a Network Detection and Response (NDR) solution specialized in detecting Advanced Persistent Threats (APTs). It monitors full-network traffic to identify both known and unknown threats, delivering comprehensive cyber threat visibility. The platform integrates signature-based detection with extensive threat intelligence, and excels at deep analysis of files transmitted across the network. Its proprietary detection engine, combined with a customized sandbox for dynamic simulation, enables rapid identification and analysis of:

  • - Malicious documents
  • - Malware
  • - Malicious webpages
  • - Unauthorized external communications
  • - Internal network attacks
  • - Targeted threats that evade traditional security defenses
Key Features
  • Threat Detection
    - Network Intrusion detection
    - Threat intelligence detection
    - Malicious file detection
    - Sandbox dynamic file detection
  • Traffic Tracing
    - Retention of complete access logs
    - Retention of metadata for critical protocols
    - Retention of network-transmitted files
  • Network Asset Discovery
    - Internal Network Discovery
    - Asset OS and Software Fingerprinting
    - Enable cloud asset discovery via cloud platform integration.
  • Automated Response
    - Integrate with third-party firewalls
    - Integrate with third-party EDR
    - Blocking traffic by sending out-of-band RST packets
Product Advantages
Integrated Threat Detection and Alert Correlation
ThreatTrace delivers unified threat detection by combining four powerful engines: Deep Packet Inspection (DPI), Network Threat Detection, Threat Intelligence, and Malicious File Analysis. This multi-layered approach ensures broad visibility across network traffic and file behavior.
  • Key Capabilities
    • Correlated Alert Analysis: Goes beyond isolated alerts by identifying relationships across multiple events using temporal proximity, shared entities (e.g., hosts, users), and recurring attack patterns.
    • Attack Chain Reconstruction: Rebuilds potential attack sequences to expose hidden threats and lateral movement.
    • Noise Reduction: Filters out irrelevant alerts and significantly lowers false positives, enabling faster, more accurate incident response.
  • Benefits
    • Enhanced situational awareness across the network
    • Reduced analyst fatigue through intelligent alert prioritization
    • Accelerated threat triage and investigation workflows
Local Sandbox for Advanced Threat Detection
ThreatTrace includes a built-in local sandbox that eliminates the need to transmit files to external cloud environments for deep analysis. This enhances privacy, speeds up detection, and ensures full control over sensitive data.
  • Detection Capabilities

    The sandbox employs multiple analysis techniques to identify sophisticated threats:

    • Static Analysis – Examines file structure and code without execution
    • Dynamic Behavior Analysis – Establish baselines to detect subtle, anomalous activities that deviate from normal patterns
    • Heuristic Analysis – Detects anomalies and suspicious patterns
    • Malicious Document Analysis – Flags embedded threats in document formats
    • Correlation Analysis – Links findings across engines to improve detection accuracy
  • Customizable Sandbox Images

    Sandbox environments can be tailored to match the user's operating system, including:

    • System configurations
    • Installed drivers and applications
    • Language versions and regional settings

    This customization improves detection rates by replicating real-world conditions.

  • Benefits
    • Faster, localized threat analysis
    • Enhanced detection of ransomware and zero-day exploits
    • Reduced reliance on cloud infrastructure
    • Improved accuracy through OS-specific sandboxing
Risky Host Identification and Forensics
ThreatTrace uses multi-dimensional data—including threat alerts and asset intelligence—to identify host assets within the internal network that may be at risk of compromise. Its built-in asset risk assessment model enables proactive detection of vulnerable or compromised systems.
  • Key Capabilities
    • Risky Host Detection: Pinpoints high-risk hosts across large alert volumes using contextual threat and asset data.
    • Attack Visualization: Displays the full attack process, including alert logs and relationship graphs.
    • Forensic Support: Provides actionable insights for threat investigation, host isolation, and incident response.
  • Benefits
    • Accelerated identification of compromised assets
    • Enhanced visibility into attack progression and relationships
    • Reliable intelligence for containment and mitigation workflows
Security Orchestration & Integration
ThreatTrace acts as an orchestration layer, seamlessly integrating with mainstream cybersecurity infrastructure—such as firewalls, Endpoint Detection and Response (EDR) platforms, and network gateways. By establishing direct API communication with third-party tools, it bridges the gap between threat detection and active mitigation.
  • Key Capabilities
    • Unified Orchestration: Synchronizes disparate security tools into a single, coordinated defense ecosystem.
    • Real-Time Enforcement: Enables immediate response actions, including blocking malicious IPs and updating firewall rules.
    • Automated Containment: Facilitates instant isolation of compromised endpoints via EDR integration to prevent lateral movement.
  • Benefits
    • Drastically reduces Mean Time to Respond (MTTR) by replacing manual tasks with automated API-driven actions.
    • Strengthens overall security by ensuring immediate, policy-based enforcement across the network.
    • Simplifies incident management through a unified workflow, reducing the burden on security analysts.