Do you know how much new malware is created every day? The answer is 450,000. This means that, even if your organization is using the world’s best next generation firewall that blocks 99% of new malware attacks, there are still over 4,500 pieces of new malware that can bypass your firewall.
Supplement Threat Prevention with Threat Detection and Response
After extensive research by our SOC analysts, we found that time is a critical factor in incident response after a breach. The earlier we can detect the threat in the network, the less impact the breach will have on the organization. By contrast, if we find the threat very late, the organization will likely suffer a big impact, whether financially or in business continuity. Hence, when we talk about network security, it is not only about threat prevention, like using a firewall. It should include effective Threat Detection and Response (TDR). Based on the timeline when facing threats, there is a PDR model (P=protection, D=detection, R=response, and t=time). When P(t)>D(t)+R(t), it means that we have detected and responded to the threat before the attacker successfully compromised our critical systems to, say, exfiltrate data or deploy ransomware. From the PDR model, we can easily understand that organizations should not only enhance their threat prevention, but also their threat detection and response.
What Is Threat Detection and Response
Threat detection and response means using a set of cyber security tools to mitigate various advanced malware. It makes use of automated monitoring, sandboxing, behavioral analysis, and other functions to mitigate various advanced malware.
Threat Detection and Response Using NDR
However, one challenge is that firewalls can only detect north-south traffic and not east-west traffic. What’s more, firewalls don’t have a large enough data lake to do further behavior analysis. Gateway security devices like firewalls are like security guards. After unknown threats bypass the gateway security control, the gateway firewall is almost useless. Another challenge is that AI-enabled malware can quickly understand the environment it is operating in. This allows it to take evasive measures to escape detection and removal.
What we really need is a solution to solve the above challenges. That solution is NDR (Network Detection and Response). NDR is a cyber security solution that continuously monitors an organization’s network to detect advanced threats and anomalous behavior using non-signature-based detection tools or techniques. NDR then responds to these threats via native capabilities or by integrating with other cyber security tools/solutions.
Sangfor Cyber Command NDR
Cyber Command is Sangfor’s state-of-the-art NDR solution. It provides unrivaled detection and response capabilities against unknown and advanced threats. How does Cyber Command achieve this?
- First of all, Cyber Command monitors all internal network traffic and correlates existing security events. It then applies artificial intelligence and behavior analysis, aided by global threat intelligence.
- Second, Cyber Command compares the analyzed traffic data with baselines of network behavior to uncover anomalous behavior. Since attack activity differs from regular business, anomalous behavior is highly indicative of attacks that breached existing security controls. Attack patterns based on the MITRE ATT&CK framework are also modeled to detect known adversary tactics, techniques, and procedures (TTP).
- Third, Cyber Command integrates with Sangfor’s network and endpoint security solutions (NGAF - Next Generation Firewall, IAG - Internet Access Gateway, Endpoint Secure) to initiate a coordinated and automated response against detected threat incidents based on pre-defined playbooks.
After responding to the threat, Cyber Command helps security analysts perform impact analysis of known breaches and track “patient zero” by evaluating all possible points of entry. With the unique “Golden Eye” feature, Cyber Command traces the behavior of compromised assets, such as inbound and outbound connections and usage of ports and protocols. This valuable information can be used for the detection and remediation of residual threats and to harden external and internal systems.
NDR Case Study – How Cyber Command Thwarted IP Theft
To give you an idea of the power of NDR, let’s look at how a smart car hardware vendor benefited from Cyber Command. Since 2017, the company found that competitors were always releasing the same new products or features at the same time, or even faster. After a long period of seeing similar functionalities released by competitors almost in lockstep to their development, the company’s management began to suspect a major breach in their data security infrastructure, causing possible data leaks. Eventually, the company turned to Sangfor for help.
We deployed Sangfor Cyber Command to conduct real-time and historical log analysis to hunt for threats in their environment. Thanks to Cyber Command, we helped the company discover many rogue PCs and servers, plus hidden and deleted traces of hackers. Root-cause analysis identified step by step how their cyber security infrastructure was penetrated and for how long. In the end, we removed all threats from the company’s network and remediated weaknesses that led to the breach.
Level Up Your Threat Detection and Response with Sangfor
As today’s cyber threats become more complex and targeted, security teams need to change their mindset from trying to prevent all attacks and threats to assuming the threat is already there.
Sangfor Cyber Command delivers unmatched threat detection and response capabilities, including 800+ AI detection models, relevant and actionable threat intelligence, and continuous monitoring of east-west and north-south traffic on the network. Sangfor Cyber Command helps organizations detect unknown threats, visualize the security posture of the entire infrastructure, understand what has already been compromised and what needs to be prioritized, and respond faster to improve overall security control.
Sangfor’s Entire Range of Detection and Response Solutions
Apart from Cyber Command, Sangfor offers a suite of detection and response solutions. These include Endpoint Detection and Response (EDR), which is designed to protect endpoints. Our Extended Detection, Defense, and Response (XDDR) platform integrates all of Sangfor’s security products to create a holistic security system. XDDR forms the basis of our Anti-ransomware and Application Containment solutions. Our Managed Detection and Response (MDR) service is perfect for organizations wishing to supplement their security operations with world-class security technology and experts.
Visit us at www.sangfor.com/cybersecurity to learn more about Sangfor’s security products and services to level up your threat detection and response today.