Cyber Command - Advanced Network Detection and Response NDR

Cyber Threat Hunting

Cyber Command can be trusted to improve overall IT security and risk posture:

  • Significantly improves overall security detection and response capabilities by monitoring internal network traffic.
  • Correlating existing security events, applying AI and behavior analysis, all aided by global threat intelligence.
  • Uncovers breaches of existing security controls while impact analysis identifies hidden threats within the network.
  • Integrates network and endpoint security solutions so that it can respond to threats is automated and simplified.
Click Here to Watch the Video
Click Here to Watch the Video

AUTOMATED THREAT RESPONSE LIKE NEVER BEFORE

Advanced Network Detection and Response

Ransomware protection is must for every business in this post-pandemic world. A good ransomware protection solution must have both ransomware detection and cyber threat hunting tools to identify threats early and eliminate them. Cyber Command is the next-generation, AI-driven Network Detection and automated threat response platform that helps businesses identify threats and hunt them down. Cyber Command simplifies cyber forensics by providing 100% visibility of the threat kill chain and easy integration delivering comprehensive threat detection. Businesses can take immediate corrective actions against attacks & threats based on detailed network traffic analysis that gives clear understanding of how the attacks took place.

DETECT MY THREATS

Stop Threats, Breaches and Ransomware Attacks

Intelligent Threat Hunting and Response Cyber Command is an intelligent threat detection and response platform that significantly improves security detection, network threat detection, threat hunting and response capabilities.

 

Only Cyber Command can Easily Detect, Mitigate and Stop Threats in Advance.

 

 

CONTACT US TO KNOW MORE

 

 

 

Gartner says, “Applying machine learning and other analytical techniques to network traffic is helping enterprises detect suspicious traffic that other security tools are missing”. That’s why we built Cyber Command – a threat hunting tool to make network security traffic analysis simple.
 

Leave no gaps for attackers.

Sangfor Cyber Command finds network anomalies way before the attack happens. You are under total control. The full visibility of your network leaves no place to hide for attackers. Get your sniper ready to hunt threats..

 

 

A Smart NDR Security Product that Protects you 24x7

Features and Capabilities

  1. Sophisticated Threat Detection and Response The Cyber Command Analysis Center collects a broad range of network and security data including North-South and East-West traffic data, logs from network gateways and EDRs, decodes it, and applies AI analysis to uncover undesirable behavior. As Cyber Command is paired with threat intelligence, attacks on all lstages of the attack chain can easily be detected, meaning faster alerts on exploitation attempts, slow brute force attacks, C&C activities, lateral movements, P2P traffic, and data theft.
  2. Faster and More Efficient Response The Cyber Command Response Center provides a broad range of attack investigation options, all presented visually within the attack chain. Threat mitigation is prioritized based on the criticality of the at-risk business assets. Combined with Sangfor Endpoint Secure and NGAF, Cyber Command provides flexible and effective mitigation in a timely manner, offering recommendations for policy or patching, endpoint correlation, and network correlation.
  3. Simplify Threat Hunting As a threat hunting tool, Cyber Command helps security administrators to perform comprehensive impact analysis of known breaches and to track “patient zero,” by evaluating all possible points of entry. Cyber Command’s unique “Golden Eye” feature studies the behavior of compromised assets like inbound and outbound connections and usage of ports and protocols, and uses this valuable information to strengthen external and internal system defenses.

Awards & Achievements

Gartner logo

World’s 4th Largest NDR Vendor

The World’s 4th Largest NDR Vendor by Revenue in 2021 Gartner® Market Share Report

Gartner logo

Top 3 2021 APAC Security Vendor

Sangfor Cyber Command was included Gartner® Security Market Share Report

Winner of the Coveted Global InfoSec Awards icon

Winner of the InfoSec Awards

Sangfor Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2022

What's Unique about Cyber Command?

The future of threat hunting

icon card

100% visibility E/W and N/S Traffic

A huge blind spot in most organization is the inability to see threats that spread laterally across the network. Cyber Command monitors, analyzes and visualizes East/West traffic as well as North/South traffic. You now have the fastest and most efficient way to find threats across your cloud, data center, enterprise network, and IoT devices.

icon card

Detect the 1%

There are more than 500,000 new malware variants created daily, and while your existing security solutions may be able to block 99% of them, there are still thousands of new malware variants that can bypass your security devices and cause damage. You now have the power to detect that 1%.

icon card

AI vs AI

Cyber attackers have weaponized advanced Artificial Intelligence technology in malware. Traditional security products have rudimentary behavior-based threat detection functions which cannot keep up with new threats. Cyber Command uses multiple AI-powered behavior analysis models that help you defeat sophisticated AI-enhanced cyber-attacks.

NDR Use Cases

Ransomware/ Bitcoin Mining Security Incident

  • Timeline traceback to the entry point and root cause.
  • AI and Machine Learning algorithms help detect hidden threats, C&C communications and stop ransomware propagations by automated response.
  • cUser can visualize business risks that may arise due to compromised business assets

Insider Threats & Privileged Accounts Violations

Effective detection and response for both external and internal threats. Internal DDoS attacks, DGA Botnet and abnormal behaviors can be detected by NTA, UEBA technologies. 

Continuous Threat Detection and Response

  • Integrate with network and endpoint security products to provide detailed threat analyses and responses.
  • Unique algorithms automatically combine network logs, reduce the number of alerts, and boost productivity.
  • AI-based policy analysis and real-time monitoring ensures that security rules effectively protect business assets against new threats.

Sangfor Cyber Command

Whiteboard Video on Sangfor Cyber Command: What is Network Detection and Response (NDR)

CONTACT US TO KNOW MORE
CONTACT US TO KNOW MORE

What people say

image peer

Sangfor Cyber Command is a truely cool product and helps us so much

IT Security Manager from a State and Local Government

image peer

A reliable NDR product with AI-powered technology

IT Manager from a Rail Transportation industry

image peer

The response module and golden eye of this product is very cool

CIO from a Communications Equipment industry

image peer

It is a very popular NDR product in China and good enough to try it

IT Operation Manager from a Construction industry

Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Index Living Mall logo

Retail

Index Living Mall

J&T Express

Transportation

J&T Express

Zhongshan Hospital

Healthcare Providers

Zhongshan Hospital Case Study: Secure Digital Transformation in Healthcare

PT Toyota Astra Motor (TAM) logo

Manufacturing & Natural Resources

PT Toyota Astra Motor (TAM)

Index Living Mall logo

Index Living Mall

J&T Express

J&T Express

Zhongshan Hospital

Zhongshan Hospital Case Study: Secure Digital Transformation in Healthcare

PT Toyota Astra Motor (TAM) logo

PT Toyota Astra Motor (TAM)

Videos

Cyber Command Correlates with HCI to Automatically Deal with Network Threats

video-image
Cyber Command Correlates with HCI to Automatically Deal with Network Threats
video-image
Cyber Command Correlates with NGAF to Automatically Deal with Network Threats
video-image
Cyber Command Correlates with Endpoint Secure to Automatically Deal with Network Threat
video-image
Sangfor Cyber Command: Online Demo
video-image
Guy Rosefelt Interview with Cyber Defense Magazine 2022
video-image
Sangfor Cyber Command What is NDR Whiteboard Video
video-image
Cyber Command Live Attack Demo
video-image
Introducing Cyber Command - Threat Detection and Response Platform

Sangfor Services & Solutions

Get started now and assisted to our products for your business.

server img

Latest Blog

latsest webinars img
Cyber Security

Healthcare Data Security: How to Prevent Ransomware in Healthcare

The healthcare industry has made incredible leaps in technological advancements – straining itself to stay ahead with innovative and intelligent software. Deloitte estimates that 70% of medical devices will be connected by 2023 - with healthcare agencies taking more advanced steps, such as implementing smart technology like IoT. However, with these strides taken, the threat of ransomware attacks has become even more prevalent, especially within Asia. Cybersecurity has not always been at the forefront of issues concerning the healthcare industry but the Covid-19 pandemic showed the vulnerabilities of having enhanced tech within such a crucial field. After the release of the INTERPOL 2021 ASEAN cyberthreat assessment report, INTERPOL’s Director of Cybercrime Craig Jones said that “the COVID-19 pandemic has accelerated digital transformation, which has opened new opportunities for cybercriminals.” The same report also stated that within the ASEAN region hospitals in Indonesia and Thailand have also fallen victim to cybercrimes. Healthcare organizations are implored to deploy better cybersecurity and healthcare data security measures within their facilities as it may very well be a matter of life and death if not. Ransomware Used Against Healthcare Data Security Most cyber-attacks against the healthcare industry are in the form of ransomware threats. It's a type of malware that prevents users from accessing their system, either by locking the system's screen or by locking users' files unless a ransom is paid to the criminals. Modern ransomware - collectively categorized as crypto-ransomware, uses encryption and forces users to pay the ransom through specific online payment methods to receive a specific decryption key to unlock their data. While it’s reasonable to assume that such an essential and life-affecting sector would be left out of the grasp of cybercriminals, a new sectoral survey report by Sophos revealed a 94% increase in ransomware attacks on the healthcare industry, as reported by Techwire Asia. The question then begs, why are hospitals being targeted at all? Why Target Healthcare Data? The general idea of maintaining a strict cybersecurity presence and healthcare data security within the healthcare sector is to maintain the confidentiality and integrity of critical patient data. This Maryville University article upholds that healthcare cybersecurity focuses on preventing attacks by defending systems from unauthorized access, use, and disclosure of patient data. There are many reasons these facilities come under perilous attack from ransomware: Faster Ransomware Response Cybercriminals already know that these institutions are usually strained under enormous pressure and are therefore more likely to pay the ransom amount faster in order to gain access to their systems. Doctors and nurses simply cannot afford to risk the lives of others in trying to negotiate terms of ransom and opt to pay them off immediately. Overwhelmed Resources Cyber-criminals prefer to take advantage of hospitals in dire constraints that are pushed beyond capacity. This was seen in the vaccine booking system ransomware attack in Italy that halted essential Covid-19 vaccine distribution. Times of crisis in the healthcare industry act as the perfect breeding ground for malware attacks, thus leading to compromised healthcare data security. Outdated Equipment While most healthcare industries have pushed to digitalize their infrastructure, a startling amount of these facilities still rely on legacy technology - risking patient data and critical hospital functions with the use of inefficient equipment. Resistance to Cloud Technology The idea of change can be daunting and this is no different in the healthcare industry when it comes to updating IT infrastructures to a cloud platform. According to a report done by ClearDATA, smaller healthcare providers may have fewer resources to manage the complexity of cloud migration and healthcare data security and are more likely to identify it as a barrier. Interest in Data Mining The growing surge of ransomware is being used to infiltrate and compromise healthcare data security and has become a major point of reference for these attacks – with criminals looking to gain access to patient files in order to release them onto the dark web to the highest bidder. These are only some of the reasons but Sangfor Technologies goes into more detail about the reasons why healthcare industries may be targeted in a blog article. The Effects of Healthcare Industry Ransomware Attacks The effects of cyber-attacks on the healthcare industry are critically damaging, especially when considering the implications globally. Due to the advanced technological strides made within the healthcare system, reliance on technology for most practical and administrative procedures will be affected and frozen by a ransomware attack. Some real-life examples of these ripple effects can be categorized as follows: Life Endangerment Naturally, the first line of consequence when a cyber-attack is launched against any healthcare facility would be the immediate danger posed to human life. When a ransomware attack is in progress, access to life-saving machinery and technology is halted – risking the lives of patients. There are 2 incidents of death caused by ransomware attacks on hospitals in recent years. As proven in the harrowing case reported by the Wall Street Journal of a newborn baby delivered at the Springhill Medical Center in the USA – whose IT system suffered a recent ransomware attack. The baby passed away shortly after birth when the machinery needed to detect any health issues was rendered obsolete due to the cyber-attack. Financial implications In August 2022, St. Charles Health System overpaid 2 million dollars to 2,358 employees. This comes after the hospital was prevented from accessing timecard data for months after a cyber-attack in December on the Ultimate Kronos Group – a company responsible for scheduling, timekeeping, payroll, and human resources data. St. Charles is now demanding repayment from the employees. This is just one example of the devastating ripple effects on people’s lives and livelihoods that ransomware attacks hold on the health industry. This ransomware attack on Kronos affected numerous other organizations financially as well. Patient Confidentiality When ransomware attacks take place, the data that is hijacked and encrypted can also be leaked onto the dark web – risking the sensitive information of thousands. A recent example of this was when Practice Resources LLC notified 28 healthcare entity clients that 942,000 of their patients’ sensitive information was compromised in a ransomware attack in April. The New York-based management and billing vendor said in their incident report that hackers may have obtained names, home addresses, dates of treatment, and internal account numbers. Another incident of this kind was in Indiana when Goodman Campbell Brain and Spine admitted in a report that they were the victims of a ransomware attack that resulted in the release of almost 363,000 patient files being leaked onto the dark web. The Texas Methodist McKinney Hospital also reported a cyber-breach in their systems in July of this year. These incidents prove that an unstable cybersecurity system in healthcare can snowball into affecting every client in your facility’s system log. What Solutions Are There to Maintain Healthcare Data Security? We can understand the tumultuous implications of ransomware on entire industries, with entire nations sometimes falling prey to this line of attack, as in the case of the ransomware attack in Costa Rica. However, the debilitating effects of these ransomware attacks hold a significantly higher toll on the healthcare industry and the security of healthcare data as a whole. So how do we combat these threats and maintain healthcare data security? Some general security solutions to note would be to: Hire expert cybersecurity service providers to perform full security assessments. This will help you understand and take the necessary actions to improve your organization’s state of security. Leverage a security partner and resources that supplement your organization and improve your technology. Use a cybersecurity vendor that has excellent threat detection and response. Outsource part of or all network security operations and maintenance to a security service vendor through a Managed Security Service (MSS). The Sangfor Solution for Healthcare Ransomware Attacks Sangfor Technologies is a world-class cybersecurity and cloud computing company that offers intensive and advanced enterprise ransomware prevention and state-of-the-art IT infrastructure for the healthcare industry. Ransomware detection and avoidance have never been simpler with this integrated solution that pieces together several advanced Sangfor products: Next-Generation Firewall (NGAF): Sangfor’s ransomware solution uses an advanced network security firewall for comprehensive and integrated surveillance and protection of your entire security network with help from Endpoint Secure to root out any malicious threats. Sangfor Managed Cloud Services: Sangfor’s Managed Cloud Services makes the transition to cloud infrastructure simplified and secured. It allows your organization to use integrated cloud technology to stay updated and ahead while the Hyperconverged Infrastructure ensures that your cloud computing is fully optimized by converging compute, storage, networking, and security on a single software stack. Sangfor’s Internet Access Gateway: Effective Ransomware protection requires a secure web gateway that defends company resources by allowing you to identify, analyze, and take immediate action upon user internet access behavior. In addition, it allows you to discover intelligent network traffic solutions to take full control from within. Cyber Command: The groundbreaking network detection and response solution from Sangfor provides automated responses to threats – with AI and machine learning technology to help your company isolate, analyze and eliminate potential threats before they can infiltrate your system. Sangfor’s Security Solution for Ransomware is the only complete, holistic security solution to prevent and mitigate ransomware attacks in real-time. No other anti-ransomware prevention tool can impact every step in the ransomware kill chain and no other solution is modular enough to be tailored to the requirements and budget of an organization. Sangfor provides tangible solutions for ransomware affecting healthcare data security in an automated and simplified manner – allowing doctors and nurses to focus on saving lives while we protect your data. Read the success stories of our satisfied customers in the healthcare industry, such as Mariano Marcos Memorial Hospital and Medical Center and Zhongshan Hospital, or contact us for more information.   Contact Us for Business Inquiry


Cyber Security

How Supply Chain Cyber-Attacks Are Squeezing Businesses

The 21st century has led many companies to push towards advanced logistics and technology infrastructure in order to keep up with an expanding digitalized climate. The strides made within the global shipping industry have been extensive. The rapid increase in modernized technology however came with the risk of vulnerability from newer and more dangerous cyber threats. The world relies on supply chain ports and shipping company industries for manufacturing, obtaining raw materials, and the delivery of products. Corporations lean heavily on the integrity of the supply chain to keep their businesses running efficiently - even the slightest disruption to the supply chain can have devastating ripple effects. Due to this glaring vulnerability, shipping ports have now become the target of many supply chain cyber-attacks, and companies must now face a reality where entire supply lines can be crippled by a click of a button. Why Target Shipping Ports? The amount of traffic that most shipping ports see within a day is staggering, to say the least. Container News notes that with most of the largest and busiest container ports found in Asia, the continent is a crucial part of the global supply chain. The networks of most modern freight infrastructure depend on connectivity to remain at the forefront of technology. Supply chain ports require more advanced structures and opt to digitalize the entire framework of operation - from navigation, design requirements, and distribution to production schedules, invoicing, and payments. With all these features suddenly cloud-based and non-tangible, every step forward becomes a step towards vulnerability to multiple cyber-threats. The Effects of Supply Chain Cyber Attacks The trickle-down effects of a supply chain cyber-attack can have devastating effects – not only on companies but entire economies. A simple malicious software could halt the production process of an entire nation by simply targeting the ports they operate from. The Port of Los Angeles executive director Gene Seroka told Sam Fenwick at the BBC that the number of attacks targeting the port is now around 40 million monthly. Fenwick reported that “they face daily ransomware, malware, spear phishing, and credential harvesting attacks, with the aim of causing as much disruption as possible and slowing down economies.” Cyber-attacks on ports push to cause as much disturbance to the supply chain as possible by targeting the vulnerable software of ships. In a rush to modernize, most companies neglect the security aspects of their installed systems and leave themselves open to a number of vicious malware. What Happens When Supply Chains to Ports are Disrupted? Supply chain blockages have a domino effect on multiple industries - from raw material transportation to end product delivery. Published as part of the ECB Economic Bulletin, it’s suggested: “that supply chain shocks account for around one-third of the strains in global production networks.” The effects of the Covid-19 pandemic alone served as a visceral reminder to industries and consumers alike that the consequences of supply chain interferences have far-reaching and lasting effects. When shortages of supply occur, the repercussions spill over into every sector. Financial losses The financial fallout of halting a supply chain is met with the most apprehension. Companies face extensive fiscal backlash after supply chain cyber-attacks hinder supply/demand - from paying off ransoms to consumer litigation costs and the overall loss of production. Cybersecurity Ventures estimates that globally cybercrime will cost $10.5 Trillion annually by 2025. The 2017 Maersk NotPetya ransomware attack showed substantial financial consequences when the shipping giant froze worldwide logistics operations, costing the firm up to $300 million in damages. The possible financial impacts were demonstrated by the University of Cambridge Centre of Risk Studies (CCRS) in the publication of “Shen attack” – a report created based on the hypothetical scenario in which a computer virus carried by ships scrambled the cargo database records of 15 major Asia-Pacific ports - leading to dire effects on the global economy. The report found that economic losses from the theoretical disruption would lead to losses ranging from an estimated $40.8 billion to $109.8 billion. Consumer Price Hikes Supply chain disruptions also affect inflation - pushing the prices of essential goods and materials to alarming levels. The problem is in the supply being unable to meet demand - making the cost to consumers skyrocket with every delay. Production Expenditure While consumers do bear the brunt of supply chain disruptions, there is a drastic increase in production costs possibly as a result of being directly exposed to the damage. Supply chain cyber-attacks such as the one on energy giant Shell forced them to reroute oil supplies after malware affected their systems, similar to the Colonial Pipeline incident which also saw the halting of production. Other countries such as Belgium and the Netherlands endured cyber attacks on their ports as well – resulting in huge supply line gridlocks. Shortage of materials and services A supply hindrance also affects the availability of resources and cuts down on manufacturing. Supply chainvcyber-attacks slow down the supply of services and materials – which is what happened to car manufacturing giant Toyota which suspended production after a key supplier in Japan was hit with a ransomware attack. What Causes Cyber-Threats to Supply Chains? Most causes of supply chain cyber-attacks stem from a basic lack of knowledge but it is not the only cause of the surge in cyber-crime against shipping companies. Increased Cyber Facilities The amount of information and leverage that can be used against companies pulled from vulnerable networks is astounding. Many hackers, and even governments, find it strategically more convenient to destabilize organizations through cyber-attacks – procuring sensitive information, ransoms, and generally disrupting supply chain port operations. Sophistication of Malware The dramatic development in technology comes with its own negative reflex of having equally, if not more advanced, cyber-threats to face. Supply chains now come under direct attack from types of malicious software that have worse implications and faster rates of infection. Remote Work Since the Covid-19 pandemic, the escalation of remote working environments has put a toll on supply chains as well. With more people needing tablets, laptops, and other products to create an in-home workplace - the surplus of product needs has bottlenecked supply chain ports globally. In pushing to virtualize operations, many companies tend to neglect security protocols – inviting in cyber-threats. This vulnerability still exists even within the hybrid work model - which is a blend of both in-person and remote working structures. Larger companies may have the resources to cope with these cyber attacks, but smaller businesses or systems accessed on home-based computer systems may find themmuch more difficult to thwart. The complexity of Cloud Infrastructure Many companies fail to push toward cloud computing infrastructure as they find the operation and management of cloud technology daunting. This allows the risk of on-site servers being compromised and a dangerously low level of security – leaving the company and supply chain vulnerable to cyber-attacks. Lack of Expertise The general complacency of production and consumer-driven logistics also plays a huge role in these disruptions. Supply chain cyber-attacks depend mostly on human error and lack of preparation. Arina Palchik, the global commercial director of remediation at NCC Group has advised that “specific areas for improvement include clarity around responsibility for preventing, detecting, and resolving attacks.” It has never been more necessary to implement sound cybersecurity and IT infrastructure in your organization to avoid the risk of any supply chain cyber-attack. This is where Sangfor steps in. Recognized in Forbes China 50 Most Innovative Companies 2022, Sangfor is dedicated to ensuring your cyber security needs are met. How Do We Prevent Supply Chain Cyber-Attacks? The risk of supply chain cyber-attacks is forever imminent and while we should remain optimistic, the threat to supply chains from cyber-criminals is too high to risk your company. We’ve seen how even the slightest disruption to supply chains can have overwhelming consequences in numerous ways, so how can businesses help secure themselves from cyber-threats against their supply chain? Apply Supply Chain Risk Management The supply chain is a very delicate and dynamic operation which requires applied assessment and engagement to ensure it runs smoothly. Dedicate your company’s resources to monitoring and disarming potential threats to the supply chain – from supply chain ports to the delivery logistics. Building Up a Safety Stock A safety stock is the additional products held in the inventory to null the consequences of potential supply chain disruptions. It acts as a buffer for your company in the event of a supply chain cyber-attack – ensuring sales and distribution do not halt if the supply chain does. Diversifying Manufacturers and Suppliers Supply chain cyber-attacks stand to break down entire production lines from attacking a single port. Relying on a single manufacturer for key components might result in catastrophe – invest in different supply partners to avoid the risk of cyber-attacks on supply chain ports destabilizing production. Investing in Better Technology The type of technology that a company uses is its biggest vulnerability – with outdated and lax security systems that act as the perfect doorway for cyber-attacks to debilitate your company’s software infrastructure. Breaches in security are a loss of credibility in the public eye and risks losing consumers to organizations better equipped to deal with cyber-attacks. Sangfor prides itself in being a leading cloud computing and cyber security provider and will ensure your company and assets are protected in the case of a supply chain cyber-attack. In Closing: What Solutions are Provided by Sangfor? Sangfor prides itself on being a leading cloud computing and cyber security provider. With advanced cloud infrastructure and managed cloud computing facilities, Sangfor takes the pressure off clients to build and maintain world-class data centers by providing the services needed to take your operation to new digital heights. While Sangfor is at the forefront of technology – they can also understand that with every advancement, the cyber-threat increases as well. Sangfor provides the most encompassing and dedicated security for all your company’s needs: Sangfor’s Cyber Security Solutions Sangfor’s Next Generation Firewall provides a holistic view of the entire organizational security network - with ease of operation and maintenance for administration. Sangfor’s Endpoint Secure is the best endpoint security solution available and ensures that any security threats are curbed swiftly and effectively. Cyber Command is the next-generation, AI-driven Network Detection and automated threat response platform that helps businesses identify threats and hunt them down. Sangfor’s Anti-Ransomware Solution impacts every step in the ransomware kill chain and is modular enough to be tailored to the requirements and budget of an organization. Sangfor’s SASE offers simple product implementation with real-time cloud-based incident response, active incident alerts, and one-click handling. Sangfor’s Extended Detection Defense and Response (XDDR) directly coordinate responses between Sangfor and some 3rd party products together using Cyber Command to integrate threat information - uncovering hidden threats to on-site or remote employees. Sangfor’s Incident Response: provides a full scope of all compromises, identifying every aspect of how an attack occurred. Sangfor’s Hyper-Converged Infrastructure Reliance on platforms such as Sangfor’s Hyper-Converged Infrastructure (HCI) provides backup and data protection in the case of cyber emergencies. While measures of security can be taken - in the case that threats bypass systems, having reliable infrastructure and support is just as important as having strong security. In a drastically changing world of cyber-crime and technology threats, Sangfor aims to provide maximum security against supply chain cyber attacks and provide you with peace of mind. Find out more on the Sangfor website.   Contact Us for Business Inquiry


Cyber Security

IHG Hack Claimed by Vindictive Couple Using Wiper Malware. How Safe are You?

The Hospitality industry has always strived to stay ahead with technology – expanding its reach across borders with advanced IT infrastructure to manage a seamless and efficient experience for holidaymakers, businesspeople, and regular travelers alike. Relying on technology for almost all administrative needs in accommodation raises crucial security concerns about the data safety of guests. The InterContinental Hotel Group (IHG), the hospitality giant which manages some of the world’s leading hotel chains, came under scrutiny in early September when a cyberattack halted business operations and prevented people from making bookings on their websites. At the time, the IHG admitted that parts of the company’s technology systems had been subject to “unauthorized activity” but now there’s been an update to the situation as a Vietnamese couple is claiming to have been the artists behind the attack. Holiday Inn Hotel Cyber Security Incident   Source: https://www.shutterstock.com/ The hospitality conglomerate, InterContinental Hotel Group (IHG) manages 17 of the world's largest hotel chains – including the Regent, Crowne Plaza, Holiday Inn, and Candlewood Suites, to name just a few. IHG boasts the running of 6,028 hotels with 882,897 rooms in more than 100 different countries. The company confirmed that the Holiday Inn Hotel subsidiary of IHG was hit by a cyber-attack and in a statement released by the IHG, they reported “that parts of the company’s technology systems have been subject to unauthorized activity.” While the IHG did not say in the press release that there was any loss of client data, the systems for “booking channels and other applications have been significantly disrupted.” Attempts to book a room online through the IHG Kimpton and Holiday Inn websites were unsuccessful according to Forbes. IHG maintains that they are working to fully restore all systems as soon as possible and to assess the nature, extent, and impact of the incident. Holiday Hotel Hacking Pair Confesses The couple - going by the name “TeaPot” - reached out to the BBC through a telegram to admit to the crime and attached screenshots showcasing that they had gained access to the company's internal Outlook emails, Microsoft Teams chats, and server directories - which IHG confirmed were all authentic. The duo admits to trying to orchestrate a ransomware attack against the hotel conglomerate but is being foiled in their attempts. "Our attack was originally planned to be ransomware but the company's IT team kept isolating servers before we had a chance to deploy it, so we thought to have some funny [sic]. We did a wiper attack instead," one of the hackers shared with the BBC. While most cyberattacks are designed to leverage data for monetary gain, a wiper malware is entirely destructive – erasing all data and preventing any options for recovery. An expert at the BBC described the couple as “vindictive” as the decision to simply destroy the data displayed a spiteful impulse after not being able to achieve their initial goal. The couple gained access to the IHG network through a phishing scheme - tricking an employee into downloading a malicious piece of software through an email attachment, then accessing the database quite easily. "The username and password to the vault were available to all employees, so 200,000 staff could see,” the couple explained to the BBC, “the password was extremely weak.” The password in question - “Qwerty1234”, is one of the most used passwords on the internet. However, an IHG spokesperson still disputes that the password vault details were compromising and insists that the attackers had to pacify "multiple layers of security" – without giving any details about what exactly those security measures were. The couple does not feel remorse for the cyberattack, citing that the minimum wage in Vietnam is $300 per month and that they were sure the hack “won't hurt the company a lot." In a press release, the IHG maintains that “by Wednesday 7 September IHG had re-activated its booking websites and mobile app together with most of its other booking channels and revenue-generating systems.” The holiday hotel group assured that they have also “reported the criminal activity to law enforcement.” However, that may not be the end of the repercussions of this cyberattack for the IHG corporation. Lawsuit Filed Against IHG A group of hotel franchisees based in Louisiana and three other US states have since filed a lawsuit against IHG Hotels and Resorts - claiming that the early September cyberattack cost them millions of dollars in lost revenue. Mayur Patel and a group of other hotel owners filed the class-action lawsuit against IHG in a US District Court in Atlanta on the 15th of September. Mr. Patel remains that in addition to the compensation, the hotels require an explanation from the industry giant about what data was exposed and demands that executives take responsibility for the company’s lacking cybersecurity. “The Data Breach was the inevitable result of IHG’s inadequate data security measures and lackadaisical approach to network security. Despite the well-publicized and ever-growing threat of cyberattacks, particularly in the hospitality industry, IHG refused to implement certain best practices, failed to upgrade critical security systems, ignored warnings about the vulnerability of its computer network and disregarded and/or violated applicable industry standards,” the lawsuit determined. Laura Lee Blake, the president and chief executive of the Asian American Hotel Owners Association - which represents around 20,000 hotel owners in the US - added that the IHG “should be able to share the minimum information so the hotel owners aren’t left in the dark for days on end as they are trying to address the very livelihood of their business.” She announced that her association’s members responded to a survey about the attack and have estimated losses of between $30,000 and $75,000 each. The need for advanced cybersecurity had never been higher with the risks of ransomware attacks and data loss having such far-reaching and debilitating consequences. Investment in world-class cybersecurity has become an imperative rather than a luxury.  Cyberattacks on the Rise The hospitality colossus is not new to the cruelty of cyber-attacks - finding malware in their systems in April of 2016. The attack affected 1,200 of its hotels in the United States who were victims of a three-month-long cyber-attack that compromised the card data of guests and saw the IHG settling to a $1.5 million class action lawsuit in 2020. More recently, the Lockbit ransomware gang claimed last month that it had stolen data from the Holiday Inn branch in Istanbul. Recent strings of ransomware attacks have pushed the general public and corporations to reconsider their cyber security needs this year. Several public sector organizations in the United States suffered attacks in June and there has been a noticeable rise in ransomware attacks all across Asia. The trend of ransomware attacks this year has escalated noticeably. Notable 2022 Ransomware Attacks Nvidia, the world’s largest semiconductor chip company, was compromised by a cyber-attack in February of 2022. The California-based company confirmed that the threat actor had started leaking employee credentials and proprietary information online. Lapsus$ - a hacking gang, took responsibility for the attack and claimed they had access to 1TB of crucial company data then demanded a $1 million ransom and a percentage of an unspecified fee from Nvidia. Lapsus$ also claimed the credit in January for the ransomware attack on Impresa - which is Portugal’s largest media conglomerate. Another devastating ransomware attack affected the entire country of Costa Rica. The Conti Ransomware Attack halted the economy of the Central American country - affecting several branches of government and the public sector at large. A national state of emergency was declared on May 8th by the president. Likewise, the media giant Nikkei Group’s Singapore-based headquarters was the victim of a ransomware attack in May of 2022. When unauthorized access to their internal server was noticed, the company discovered the breach and stated that it was likely that customer data has been affected. Back within the hospitality industry, DataBreaches reported that Marriott Hotels had been hit by the third cyberattack in four years in July. The cybercriminals gained access to 20GB of data - including credit card information and internal company documents. Hotel industries are targeted by cyber-criminals due to the vulnerability of guest information and inadequate cybersecurity in place. A blog post adds that hotels are frequent targets of data breaches due to online bookings and the processing of numerous credit card payments – making their IT systems an attractive weakness. Hospitality corporations may come under even more severe ransomware attacks due to this vulnerability. People let their guard down when traveling and rely on their lodging for dependable and secure services, therefore it should be the responsibility of hotel industries to deploy stringent cybersecurity measures to assure guests that their personal information will never be compromised. This is where Sangfor Technologies shines – offering state-of-the-art protection from all types of malware.  Sangfor’s Cybersecurity Solutions Sangfor offers the only complete and holistic security measure to prevent and mitigate ransomware attacks in real time. Integrating key products and services within Sangfor ensures advanced and automated security features to safeguard your company’s and your guest’s data.   The Sangfor Cyber Command (NDR) Platform monitors for malware, residual security events, and future potential compromises in your network and is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system and any threats detected.   While Sangfor’s Next Generation Firewall (NGFW) is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints.   Then the advanced Sangfor Anti-Ransomware provides an innovative strategy that successfully mitigates ransomware attacks by breaking every step in the kill chain – providing encompassing protection and using Sangfor’s Engine Zero with multi-stage AI analysis capabilities to detect anomalies.  Moreover, Sangfor’s Disaster Recovery Management provides a full range of disaster recovery solutions to make the continuity of their business a pivotal point despite any cyber-attack trying to halt operations.  Finally, the Sangfor Incident Response is focused on locating and eradicating threats while implementing active disaster recovery and providing tailored analysis to help safeguard your company from future cyber-attacks.   Sangfor understands how damaging the failure of cybersecurity measures can be and how important client and company data safety is. This is why Sangfor prides itself in providing the best cybersecurity and most advanced computing technology available today. For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.   Contact Us for Business Inquiry


Latest News

latest news img
Press Release

AV-Test Certified Ransomware Protection with Sangfor Endpoint Secure

Sangfor Endpoint Secure Achieves 100% Ransomware Protection Sangfor is excited to announce that Sangfor Endpoint Secure achieved 100% ransomware protection in the Advanced Threat Detection Test conducted by AV-Test, one of the world's leading independent test institutes for IT security products. In the Advanced Threat Detection Test, Sangfor Endpoint Secure scored a maximum of 40 points and was awarded the “Advanced Approved Endpoint Protection” certificate. The latest AV-Test certification follows on from the AV-Test “TOP PRODUCT” award received in recognition of Endpoint Secure’s 100% protection against hundreds of 0-day attacks and thousands of newly-discovered malware.  RaaS Heightens the Urgency for Ransomware Protection The Advanced Threat Detection Test report by AV-Test notes that Ransomware-as-a-Service (RaaS) is gaining traction, a trend also reported in Sangfor’s Global Ransomware Trends Report. RaaS is essentially a ransomware-for-hire model that allows non-specialists to take part in ransomware attacks. Sangfor has data proving this criminal business model has contributed to an increase in recent ransomware attacks and likely more in the future. It is imperative for organizations to adopt robust ransomware protection to safeguard their business.  The Advanced Threat Detection Test from AV-Test provides organizations with objective and authoritative research into the effectiveness of ransomware protection software on the market.  Advanced Threat Detection Test by AV-Test The Test The Advanced Threat Detection Test evaluated 34 endpoint security products from market-leading vendors, including Microsoft, McAfee, Trend Micro, and Sangfor. The 34 products were further divided into 17 consumer solutions and 17 corporate solutions. The Test Scenarios Each security product was tested against 10 realistic ransomware attack scenarios on Windows operating systems. One attack involves a spear phishing email with a zip attachment that contains an executable file. The file launches immediately upon unzipping, and the ransomware starts to encrypt the system using a series of steps called a kill chain. AV-Test mapped each kill chain step of the ransomware attacks to the MITRE ATT&CK Framework (see Figure 1 for an example).  Figure 1. Ransomware Scenario 01 in the Advanced Threat Detection Test, Courtesy of AV-Test The Scoring Criteria According to AV-Test, an attack is considered thwarted if the security product detects and stops ransomware in one of the first two steps (Initial Access or Execution). Four points are awarded for complete ransomware detection and defense, meaning a maximum of 40 points for 10 scenarios. Points are deducted for non-detection, partial detection (ransomware manages to encrypt files), or if the ransomware threat remains on the system. AV-Test color-coded the attack steps to help readers quickly evaluate the performance of security products in each scenario (see Figures 2-3 for examples): Green (detected and attack stopped) Yellow (detected but not completely blocked) Orange (no detection) Figure 2. Sangfor Endpoint Secure’s performance in Scenarios 01-06 Figure 3. Sangfor Endpoint Secure’s performance in Scenarios 07-10 The Test Results Out of the 17 consumer solutions, 12 products were awarded the maximum 40 points.  Out of the 17 corporate solutions, 12 products were awarded the maximum 40 points, including Sangfor Endpoint Secure, proving that Sangfor Endpoint Secure is one of the best ransomware protection solutions on the market.  To learn more about the Advanced Threat Detection Test, visit the official AV-Test website to read the test report in its entirety. Ransomware Protection with Sangfor Solutions Sangfor Endpoint Secure is a powerful Endpoint Detection and Response (EDR) solution that goes beyond traditional anti-malware and antivirus software. Sangfor Endpoint Secure leverages Sangfor’s proprietary Engine Zero AI malware detection engine and Neural-X threat intelligence platform to deliver unrivaled malware protection for endpoints.  Sangfor Endpoint Secure is built with innovative anti-ransomware tools, including the world’s first and only endpoint ransomware honeypot, which quickly detects and kills the ransomware encryption process, minimizing any damage to the system. The encryption controlling application is also identified and then located on other infected systems allowing “One-Click Kill” to eradicate the detected ransomware throughout the organization with just a single mouse click. Sangfor NGAF - Next Generation Firewall (NGFW), Sangfor IAG, Sangfor Cyber Command, and Sangfor Endpoint Secure integrate together as part of  Sangfor’s Anti-Ransomware solution. With security deployed at the perimeter, endpoint, and network, Sangfor’s Anti-Ransomware is a holistic solution that breaks every step of the ransomware kill chain. Sangfor Anti-Ransomware is a modular solution that can be tailored to meet the ransomware protection requirements of any organization.  Visit the Sangfor Anti-Ransomware webpage to find out how Sangfor keeps customers safe from ransomware infection. To learn more about ransomware attacks and how they work, read our glossary article that gives you a good overview of ransomware attacks. Figure 4. Sangfor Anti-Ransomware Solution About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.   Contact Us for Business Inquiry


News

Sangfor Ranks in Forbes 50 Most Innovative Companies in China

Sangfor Named in 50 Most Innovative Companies by Forbes China Sangfor Technologies is very honored to announce that it has been recognized in Forbes China 50 Most Innovative Companies 2022. Sangfor has been a mainstay in this prestigious annual publication, having ranked in the 50 Most Innovative Companies for four consecutive years and is one of five companies in the Software Services category in 2022. Sangfor is continuously breaking ground in cyber security and cloud computing and the listing reaffirms our unwavering commitment to delivering the world’s most innovative and transformative technologies to help our customers thrive. The latest publication commented that technology companies have shown technological optimism amid global antitrust sentiment, cultural isolation, and downside risks. During the selection process of the most innovative companies, Forbes discovered more technological breakthroughs and accomplishments compared to previous years. “We are immensely proud once again to make it into the top 50 Most Innovative Companies,” says Kaden Zhang, President of Sangfor International Market. “Innovation is the lifeblood of this company. It is ingrained in our corporate culture and is what drives us to forward even in the face of adversity. That is why I am thrilled by the construction of our sixth R&D center, which will take our product innovation capabilities to a whole new level.” Source: https://www.forbeschina.com/innovation/innovation/61521 About Sangfor Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.   Contact Us for Business Inquiry


Press Release

Gartner Hype Cycle for ICT in China 2022. Sangfor Recognized as a Sample Vendor.

Sangfor Technologies Recognized as a Sample Vendor in Gartner® Hype Cycle™ for ICT in China, 2022 Sangfor Technologies recognized as a Sample Vendor under multiple technologies mentioned in the Gartner Hype Cycle for ICT in China, 2022[1] report, published 26 July 2022. About the Gartner Hype Cycle for ICT in China, 2022 This Gartner Hype Cycle report assesses 28 of the most relevant and innovative information and communication technologies (ICT) in China today. Each technology is rated on their business benefit, market penetration, and maturity level while other key information such as the technology’s drivers, obstacles, user recommendations, and a list of Sample Vendors are provided. The Hype Cycle is intended to help CIOs "identify technologies to help manage IT rationalization and seize digital business opportunities." Sangfor is excited to be included as a Sample Vendor for the following technologies: Secure Access Service Edge (SASE) Hyperconverged Infrastructure (HCI) Cloud Security in China We believe our inclusion in these technologies confirms us as one of the trusted vendors for cloud computing and cyber security in China. Learn More about the Technologies and Sangfor Products Secure Access Service Edge in the Hype Cycle for ICT in China Business Benefit Rating: Transformational Market Penetration: 5% to 20% of target audience Maturity: Adolescent (2-5 years till mainstream adoption) Secure access service edge (SASE) has been rated as transformational in business benefit—the highest rating. Specifically, the report notes that SASE in China "supports branch office, remote worker, internet and cloud access security, low latency access to cloud, use cases" and " a key enabler of digital business transformation, increasing visibility, agility, resilience and security by using a platform approach to delivery services rather than a siloed approach." Sangfor Access (SASE) Sangfor Access is our SASE solution that converges network and security capabilities into an integrated service through the cloud. Sangfor Access provides a cohesive suite of security features, including NGFW, SWG, ZTNA, CASB, VPN, and more. Security gaps are eliminated by the unified delivery of security protection irrespective of user location. This makes Sangfor Access the perfect solution for organizations needing secure access to both cloud workloads and the Internet for branch and remote users. With Sangfor Access, internet-bound traffic undergoes security inspection and policy enforcement at the cloud edge as opposed to being backhauled to the security stack in on-prem data centers. This offers many benefits such as improved user experience due to lower latency and reduced operations complexity and costs due to vendor consolidation and lower data center footprint. Visit the Sangfor Access webpage to learn more about our SASE solution, including features and capabilities, advantages, use cases, and brochure. Hyperconverged Infrastructure in the Hype Cycle for ICT in China Business Benefit Rating: High Market Penetration: 20% to 50% of target audience Maturity: Early mainstream (0-2 years till mainstream adoption) The Hype Cycle recognizes hyperconverged infrastructure (HCI) as an "enabling technology for hybrid cloud, automation, edge, infrastructure agility and more." In terms of business impact, the report notes that "HCI enables on-premises IT to respond to new business requirements in a modular, small- increment and timely fashion" and "simplifies infrastructure operation, which is particularly valuable for enterprises with relatively weak IT capability or remote sites of large organizations that require operation efficiency." Sangfor Hyper-Converged Infrastructure (HCI) Sangfor HCI is a 3rd generation HCI solution and the first HCI product to incorporate security all in one appliance. By converging compute, storage, networking and security onto a simplified single software stack, customers receive ultimate reliability for business-critical applications with easy-to-use management functions. Sangfor HCI provides the foundation for many of our cloud solutions, including Sangfor Managed Cloud Services, Sangfor Hybrid Cloud, Sangfor Virtual Desktop Infrastructure (VDI), and Sangfor Disaster Recovery (DR). Sangfor Technologies has been named in the Gartner Magic Quadrant™ for Hyperconverged Infrastructure Software for 3 consecutive years since 2019.[2] It has also been recognized in Gartner Peer Insights™ ‘Voice of the Customer’: Hyperconverged Infrastructure Software report for three consecutive years.[3] Visit our HCI webpage to learn more about Sangfor HCI, including features and capabilities, advantages, use cases, and customer testimonials. Cloud Security in the Hype Cycle for ICT in China Business Benefit Rating: High Market Penetration: More than 50% of target audience Maturity: Adolescent (2-5 years till mainstream adoption) The report lists several factors that are driving the adoption of cloud security. However, obstacles mentioned include "large enterprises treat(ing) private cloud adoption as an extension of data center protection, with no desire to embrace cloud security" and the "lack of cloud security knowledge and skills lead(ing) organizations to prefer replicating traditional controls to the cloud, both in public and private." The report notes that "effective and manageable cloud security plays a vital role to help enterprises use the cloud securely and compliantly." Sources: [1] Gartner, Inc., Hype Cycle for ICT in China, 2022, Kevin Ji et al., Published 26 July 2022   [2] Gartner, Inc., Magic Quadrant for Hyperconverged Infrastructure Software 2021, Jeffrey Hewitt et al., Published 17 November 2021. This report was titled Magic Quadrant for Hyperconverged Infrastructure in 2019.  [3] Gartner, Inc., Gartner Peer Insights ‘Voice of the Customer’: Hyperconverged Infrastructure Software, Published on 28 April, 2022. This report was titled Gartner Peer Insights ‘Voice of the Customer’: Hyperconverged Infrastructure in 2020.  Disclaimer: GARTNER, MAGIC QUADRANT and HYPE CYCLE are registered trademarks and service marks, PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.  About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.   Contact Us for Business Inquiry


Get in Touch With Us

icon notification