Threat Detection System

Intelligence driven advanced threat detection

Notifies you of security threats, malware and breaches inside your network to prevent intrusions, attacks, data leaks, and espionage

Intrusion detection with immediate notifications on all relevant malware families
Identification of infected devices in your organization’s wireless networks
Incident response with manual review of critical incidents by Group-IB experts
Top-tier usability and reporting features on detected threat
Automated daily updates of filter rules and signatures
24/7 support through IT ticketing system

TDS – Advanced Threat Detection

Group-IB TDS (Threat Detection System) is an intrusion detection and prevention tool to protect your network. It is a unique product by Group-IB, born out of our incident response expertise, skills in detecting malware and threat intelligence foundation.

As a component of Group-IB’s early warning system TDS benefits from other products, which contribute to its effectiveness. Group-IB’s SOC team is there for you 24/7 to prevent and remedy any network threats and breaches. Advanced persistent threat detection lowers cyber threats to your organization and ensure your network is protected from the most advanced cyber threats and threat actors.


86%infected computers in Botnets have anti-virus software installed
1 500 000+computers became part of the Carberp botnet
3 monthsan average time frame to detect a targeted attack
$45+ mlnlosses of the banking sector from APT groups in late 2015 - early 2016


Similar products
Signature-based malware detection with round-the-clock updates
Incident handling through outsourcing and manual screening
Seamless integration with existing IT environment
Response procedure and digital evidence as per international standards

How TDS works

TDS Sensor:

  • Traffic inspection to prevent attacks and detect malware by identifying communications with Command and Control (C&C) servers, network anomalies and unusual user behavior.
  • Analyzes suspicious files in Group-IB’s sandbox, Polygon, in order to identify attacks at the earliest stage.

TDS Polygon

Advanced threat detection in your network to shield it against:

  • Malicious e-mails
  • Attacks on browsers
  • Attacks using unknown malware or tools

Polygon, Group-IB’s sandboxing technology, embraces machine learning and advanced data analysis techniques to handle and rate cyber security incidents.

Group-IB’ SOC:

  • Identifies all information security incidents in a web-interface to give your staff an overall view of all cyber security events online.
  • Suspicious incidents are analyzed by Group-IB’s SOC team and classified for your security team 24/7/365.
  • A convenient ticketing system ensures that all inquiries and responses are easily tracked and addressed.


A physical network sensor, TDS employs deep packet inspection technology to identify network threats and detect malware. Regular automated updates of signatures, filter rules, and intelligence feeds guarantee that TDS stands guard “at the door” to your network. Signature data is transmitted about detected incidents to Group-IB’s cloud through a secure channel where Group-IB specialists carefully analyze all suspicious events.

Sandboxing technology Polygon can be delivered as physical equipment or cloud-based. After a file is extracted by TDS, Polygon launches it in an isolated environment to classify and rate its cyber threat level.

SOC captures and breaks down all information security events, identified as able to disrupt the operation of your network. Following the analysis by Group-IB experts, incidents are ranked by type and severity.

TDS is a physical network sensor with a DPI solution installed for analysis of all inbound and outbound packages. A set of signatures, “black lists” of botnets, as well as filtering rules are automatically updated. Signature data is transmitted about detected incidents to Group-IB’s cloud through a secure channel where Group-IB specialists carefully analyze all suspicious events.

Polygon launches suspicious files identified by the TDS sensor in an isolated environment in order to analyze the behavior of the file and make a conclusion on the level of the danger to the network.

A standard procedure is in place to send data on registered events related to information security incidents to any SIEM or log storage system with the use of syslog.

Technical specification

Form factor
Dimensions in mm
42,4 × 434 × 394,3
42,4 × 434 × 394,3
42,4 × 434 × 394,3
Power supply
1 × 250W
1 × 250W
2 × 350W
Network interfaces for traffic reception
1 × 1000BASE-T
2 × 1000BASE-T
4 × 1000BASE-T
Peak rate in Mbit/s
1 000

Our clients

About Group-IB

Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.

We are recognized by Gartner as a threat intelligence vendor with strong cyber security focus and the ability to provide leading insight to the Eastern European region and recommended by the Organization for Security and Co-operation in Europe (OSCE).

Group-IB’s experience and threat intelligence has been fused into an eco-system of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.

Learn more

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.

Threat Detection System

Try TDS in action — VM installation for easy access.
Please leave us your contact information to arrange
a free proof of concept.

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon to schedule your free trial.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

* Your data is protected by Privacy Policy
Thank you!
We will contact you soon.
Report an incident