Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
cybatk.com’s crawled content appears to consist of technical pages/blog posts related to “CYBerATtacK,” with topics centered on PDNS, NetFlow traffic analysis, malicious website discovery, DDoS reflection/amplification detection, scanners, and threat intelligence. The text says the team operates China’s largest PDNS database, observing hundreds of billions of DNS requests and more than 200,000 NODs (Newly Observed Domains) per day, and identifies malicious websites through relationships between resources loaded by websites.
Its focus is not a traditional perimeter protection product, but rather detection methods for security data analysis. The PDNS section emphasizes that malicious websites frequently rotate domain names, while statistical links, images, JS fragments, download resources, third-party plugin IDs, and other resources remain relatively stable. These resources can therefore be labeled as “malicious resources” and used to discover new malicious websites in reverse. The NetFlow section proposes a “bidirectional, multi-layer, multi-trigger” pivot model, aggregating by IP, protocol, and port, and detecting anomalies such as UDP reflection/amplification and scanning through triggers like STWPop, EarlyPop, and AETWPop combined with rules.
The article describes an architecture of “distribution—aggregation—matching—output”: raw traffic is distributed by hash(ip), aggregation nodes continuously accumulate time windows, and the matching stage uses a white-black-gray workflow to filter clearly irrelevant data, match known malicious events, and build historical baselines on the remaining data to discover anomalies. Keywords such as HDFS, Hadoop, HBase, MongoDB, MySQL, ZMQ, C++, Python, and Rust also appear, indicating that the approach is aimed at large-scale data engineering. However, no deployable package, cloud service, API, console, or alerting channel is provided.
The crawled content does not disclose any commercial pricing, subscription model, free trial, payment methods, SLA, or compliance certifications. It should therefore be viewed more as a research article or technical solution showcase than as a cybersecurity SaaS product or appliance that can be purchased directly.
Its strengths are the level of technical detail: rule conditions, aggregation granularity, spike detection, prioritization, and baseline methodology are all described in a fairly complete way. It is suitable as a reference for security researchers, threat intelligence teams, carriers, and security data platforms at large internet companies. The downside is the lack of productization information, making it difficult for ordinary enterprises to implement directly. There is also no visible explanation of support services, visual management, or false-positive handling workflows.
Access from China cannot be determined from the article, and payment methods are not disclosed. If you need a purchasable domestic alternative, consider products from ThreatBook, QiAnXin, 360 Threat Intelligence, DBAPPSecurity, NSFOCUS, and others in areas such as threat intelligence, DDoS protection, situational awareness, and traffic analysis.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on cybatk.com official site.
cybatk.com is an China Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach cybatk.com directly.