Sangfor Endpoint Secure

The Future of Endpoint Security

Sangfor Endpoint Secure utilizes a different approach to defending systems from malware and APT threats compared to current next-generation Anti-virus (NGAV) or endpoint detection & response (EDR) solutions.


Endpoint Secure is part of a truly integrated cooperative security solution with Sangfor’s NGAF, IAM, and Cyber Command, providing a holistic response to malware infections and APT breaches across the entire organization's network, with ease of management, operation, and maintenance.  The solution is scalable to meet the needs of any organization needing on-premise management, cloud management, or a hybrid solution when it comes to endpoint security, protection, detection, and response.

Click Here to Watch the Video
Click Here to Watch the Video

About Sangfor Endpoint Secure - EDR Tools

Going forward, traditional endpoint security currently in use will have to be modified and updated, especially in the corporate world. With polymorphic malware being utilized in virtually all attacks today, the security solutions on offer that help with detection and response simply fall short of the mark.

With that in mind, the demand for endpoint security is expected to surge in the near future as forecasts indicate that damages from cyber security attacks and crimes are set to hit $6 trillion annually in 2021. With cyber security becoming increasingly vital in the digital age, the implementation of EDR tools will be more widespread to enhance security and protection. It will also go a long way in helping detect and respond to potential attacks in the future, making it an ideal security solution.

With endpoint security playing a greater role and being incredibly important now more than ever, it is essential to have the right EDR tools in place to combat cyber security attacks. Sangfor Endpoint Secure is the best endpoint security solution available and ensures that any security threats are curbed swiftly and effectively. This culminates into the corporate world being safer and better protected.

While safety is an essential feature of Sangfor Endpoint Secure, it doesn’t stop there as it goes above and beyond the call of duty to provide the ultimate in cyber protection. Whether this be stopping hackers in their tracks or laying the groundwork to avoid being held for ransom, Sangfor Endpoint Secure is paving the way for a safer tomorro

Sangfor EDR is one of the Cyber Forensics Tools

  • IT professionals can investigate any previous breaches to gain a better understanding of the security systems in place
  • Forensic tools can also be utilized to track down undiscovered or lurking threats in the system, such as malware

Works on any Operating Systems

  • Capable of being used across multiple operating system, Sangfor Endpoint Secure provides premier EDR tools for security, protection, detection, and response. It can be utilized on Windows and Linux operating systems.

Virtualization for any cloud services

  • As a virtualized endpoint security solution, Sangfor Endpoint Secure is being used on many cloud services, including Tencent Cloud and Alibaba Cloud.

Proven Success Records

  • Sangfor has successfully resolved cyber security attacks or implemented measures to stop them from happening for some of the world’s biggest firms, such as Coca-Cola. For a more in-depth insight into the capabilities of Sangfor’s endpoint security, protection, detection, and response, please read the success stories above.
  • You can also watch the videos that best describes functions and operations of Sangfor's EDR Security Solution. 
  • Please download and share brochure and fact sheets and share with your colleagues for better understanding. Reach us out for more details. 

Features and Capabilities

Multi-dimentional Response

Multi-dimentional Response

  • Vulnerability scanning Patch management
  • Compliance monitoring, Asset tracking & rogue identification
  • Threat intelligence Disturbed multi-stage AI engines
  • One-click/automatic host micro-isolation, One-click/automatic file disposal/restore
  • Network-Wide threat desposal, NGAF/IAM/ Endpoint Integration

Simpler Smarter Monitoring

  • Scheduled or on-demand vulnerability and security policy compliance scanning
  • Vulnerability Scan results provide informative patch recommendations, including global threat correlation.
  • Compliance monitoring compares endpoint security configuration with organizational policies
  • Enterprise asset tracking
  • Malware sandbox in Endpoint Secure Manager for dynamic analysis
  • Endpoint Secure Protect Agent Ransomware honeypot capability

World-class Malware Analysis and Detection

Endpoint Secure does not just identify and block malware & APTs, it concentrates on the detection and response, ready to contain and mitigate that one breach WHEN it happens.

Operating Systems


Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Coca Cola Feature Image

Manufacturing & Natural Resources

Coca-Cola Security Recipe

Coca Cola Feature Image

Coca-Cola Security Recipe


Cyber Command Correlates with Endpoint Secure to Automatically Deal with Network Threat

Cyber Command Correlates with Endpoint Secure to Automatically Deal with Network Threat
Guy Rosefelt Interview with Cyber Defense Magazine 2022
The PC Security Channel Security Test for Sangfor Endpoint Secure
Let Sangfor Protect you Against Ransomware
Sangfor Cloud-Firewall-Endpoint Integrated Solution

Latest Blog

latsest webinars img
Cyber Security

Is Cyber Resilience the One Thing Your Organization Is Missing?

Digital transformation is at the core of the development of all organizations; from businesses to governments and corporations, and it is present in every industry. Embracing transformation has for some been a longer process than others, but one that is generally valued, nonetheless. However, with the benefits of digital transformation, comes the unfortunate disadvantages; cyber threats and disasters. But that is nothing new, and most organizations have, for a long while, understood the importance of having a cybersecurity framework in place. The question now is whether the standard cybersecurity measures are enough? The answer is no. Cyber security is no longer enough: businesses need cyber resilience The numbers in cybercrime are on the rise with global cybercrime in 2021 amounting to $16.4 billion per day. 2022 has also seen its fair share of various cyberattacks, such as the breach in January, which resulted in the targeting of nearly 500 people’s cryptocurrency wallets, and subsequently the theft of $18 million worth of Bitcoin and $15 million worth of Ethereum. The breach was caused by a compromised two-factor authentication. More recently, The Nikkei Group fell victim to a ransomware attack on May 13th after an unknown source gained unauthorized access to their internal server. In March, Microsoft was targeted by the hacking group, Lapsus$. Although Microsoft confirmed that no data had been compromised, they are only one of many companies that the collective has hacked including Nvidia, Samsung, Ubisoft, and T-Mobile to name a few. It is not just major corporations that are vulnerable to these threats but also governments, societies, and individuals, at different organizational levels. One such example is the attempted attack on the Jordan Ministry of Foreign Affairs that ensued through a phishing email. While we may not be able to get rid of every cyber threat out there, we can navigate digital transformation in a way that allows us to get a better understanding of what we can do to protect our digital assets. This is where cyber resilience comes in to enable organizational continuity in the face of cyber adversity. Why building cyber resilience needs more than just technology Technology plays a key role in the cybersecurity solutions that combat cyber threats. Threat detection, network security, antivirus and anti-malware software, backups, firewalls, and more, are all dependent on technology. This is why cybersecurity and cyber resilience are different. BitSight defines cybersecurity as “the methods and processes of protecting electronic data. This includes identifying data and where it resides and implementing technology and business practices to protect it.” While the terms may differ, cybersecurity is an important part of cyber resilience, as both concepts are based on technology-related solutions. Cyber resilience takes it a step further by being a framework that does not just revolve around security. It aims to ensure business continuity under all circumstances. Some of the elements that are associated with cyber resilience include: Detection: Detection should be automated and advanced enough to detect even the most expertly hidden threats, as well as spot vulnerabilities that may be leaving the organization susceptible to threats or unprepared for disasters Mitigation and Prevention: After detection, solutions must be implemented that will remove and patch up all weak points, as well as the strengthen any defenses that will be put into motion should disasters occur Response: Response must be quick, and limit further damage Recovery: Recovery must take place after the damage has been assessed. It is essential to the continuity Continuity: The organization must continue to meet its business goals and grow How easy is it to build cyber resilience? Many organizations build cyber resilience through experiences that have put their cybersecurity at risk or exposed weak spots in their cybersecurity, but you do not have to wait to be the victim of a disaster to embrace cyber resilience. By understanding the importance of cyber resilience, the drive to create a cyber resilience framework should arise, and that is the first step in building cyber resilience. There are many ways to approach it, with various sources differently prioritizing the components of a strong framework. How can Sangfor help to build Cyber Resilience? As stated earlier on, cyber security isn’t enough; but it certainly is a step in the right direction. The right cyber security framework, from the right vendor, will take into consideration every aspect of what a good defense against cyber crimes and disasters looks like, and that means taking cyber resilience into account. At Sangfor, our mission is to provide a full analysis of an organization’s security network and put in adequate threat detection and response platforms that will assist in identifying any existing and potential threats, and eradicating those present while closing vulnerabilities that could lead to infections or breaches. Some of our solutions and products include: Sangfor Cyber Command: It is an NDR platform built for the sole purpose of detecting and responding to threats on an organization’s network; Sangfor Incident Response: provides a full scope on all compromises, identifying why, what, when, and how an attack or breach occurred; Sangfor Platform-X: A cloud-based security management platform; and more. Sangfor NGAF Our solutions take a full-view approach to organizational security, providing solutions that fulfill the requirements of a cyber resilience framework. Conclusion Resilience determines whether we overcome adversity and grow as humans. Our organizations are no different. And with the expansion in threats and disasters, cyber resilience frameworks implement structures, policies, and systems that ensure disaster recovery and preparation strategies that will allow businesses to continue to meet their goals with peace of mind.   Contact Sangfor to learn more

Cyber Security

Conti Ransomware Attack Throws Costa Rica into a National State of Emergency

Costa Rica has been making headlines over the last few months, especially after President Rodrigo Chaves Robles declared a national state of emergency. The declaration followed a series of ransomware attacks that halted Costa Rica’s economy, affecting several branches of government and the public sector at large. For many, this comes as no surprise in Latin America, and subsequently, Costa Rica is known to have below-average cybersecurity infrastructure and is no stranger to cyberattacks. According to Bleeping Computer, in the year 2021 alone, it was recorded that on average, most organizations in Costa Rica suffered over 1200 cyberattacks on a weekly basis, ranging from manufacturers to other businesses with penetrable infrastructure. This time, however, the attack was directed at the government of Costa Rica, with the group behind it- Conti, demanding increasing ransoms from the Costa Rican government after claiming to possess over 670GB of government data. Even with the time they had between Conti’s threats and their decision to expose some of the data they had retrieved, the Costa Rican government’s lack of preparation for such widespread cyberattacks left them without the resources to incite any kind of incident response to lessen and limit the damage, and as a result, leaving Conti with the upper hand. So, what exactly happened? Who or what is Conti? Could all of this have been prevented, or at the very least contained? And is it over yet? We explore the answers to these questions and more below. Why is Costa Rica under national emergency after the Conti ransomware cyberattack? On May 8th, on the very same day that President Rodrigo Chaves Robles took office as the newly elected president of Costa Rica, he declared a national state of emergency. The announcement followed the country’s month-long struggle with ransomware attacks that have severely crippled the economy, thus leading to Chaves’ declaration. It was estimated at the time the stagnancy of the economy was costing the country at least $38 million each day that they were down. What is the Conti ransomware attack in Costa Rica? On April 17th, 2022, Costa Rica became the victim of large-scale ransomware attacks initiated by Conti- a popular ransomware group. The hackers were initially targeting the country’s Ministry of Finance, which broke the news of the intrusion on Twitter on April 18th. At the time, Conti demanded a $10 million ransom, which the government declined to pay while still under Carlos Alvarado Quesada’s presidency. The Ministry of Finance was the first government body to be affected by Conti. The tax administration and customs services were rendered out-of-service, halting various digital financial services such as payments, taxpaying, services billing, and more. After President Chaves’ public refusal to pay the ransom on May 8th, Conti proceeded to publish 97% of the data that they had been using as collateral on their website. By May 16th, it had been confirmed that the number of institutions in Costa Rica that had been impacted had grown to twenty-seven, according to President Chaves. It was around this time that Conti doubled their ransom to $20 million, presumably feeling confident that the damage they had caused would be enough to pressure the government into bucking. The hacking group encouraged the citizens of Costa Rica to pressure their government into paying the requested amount, stating that if they failed to pay out the ransom by the 23rd of May, they would go on to delete the recovery keys, leaving the government and its people stranded. At this point, Costa Rica reached out to the United States president Joe Biden, whose law enforcement offered a $15 million bounty to anyone who could provide useful information about Conti’s operations and identity that would lead to their tracking and dismantling. While ransomware is driven by financial gain as the end goal, in the case of Conti, and Costa Rica as a target, the situation goes beyond Costa Rica being a victim randomly selected due to their network and infrastructure vulnerabilities. While Conti’s goal might not have been to make a political statement, their geopolitical state and association with Russia played a significant role in Costa Rica’s ransomware attack. After their publicized support for the Russian invasion of Ukraine, Conti lost a great deal of public support. “Their anti-US and anti-West statements attracted a lot of attention all around the world, exposing their political stance and turning away the support of organizations that previously funded them. So the amount of ransom they collected in the last few months significantly declines,” says Guy Rosefelt, Chief Product Officer at Sangfor Technologies in a webinar, “The second thing that happened is that in order to maintain a low profile, targeting large companies and nations such as the United States was no longer a good idea, so they started targeting smaller countries in Latin America because they have less security, and less of a cyber response capability.” However, this didn’t quite lead to their redemption, so Conti saw it fit to use Costa Rica as an exit strategy. “They used the Costa Rican attack as their Swan Song. They knew they were going to have to go out soon so what they did was, after probing around Latin America, they figured out how to successfully infiltrate and attack Costa Rica.” And so, this was Conti’s finale before supposedly disbanding. The Costa Rica ransom would have been their final jackpot and saving grace had it been successful. Of course, whether or not they achieved that goal does not mean that their operations have ceased altogether. It is well known that ransomware groups going away usually just means they’ve joined subgroups or other organizations. This would explain the “coincidental” cyber attack on Costa Rica’s public health service and social security fund- CSS in late May 2022. The scale of this attack was just as damaging as it affected public health systems such as COVID-19 testing and tracking, and forced hospitals in the country to revert to pen and paper as a backup. HIVE is well-known for attacking global healthcare organizations, so this attack fits their modus operandi. However, its alignment with Conti’s activities has continued to raise eyebrows, even though they denied affiliation with Conti on their website. Costa Rica continues to suffer the effects of these attacks, and it does not look as though it will fully recover any time soon. What is RaaS - Ransomware as a Service? Ransomware as a Service (RaaS) refers to the use of ransomware as a business model or strategy. Groups such as Conti, function by providing ransomware services to buyers through servers. Developers create unique ransomware codes that ransomware operators then use to infect the systems of target organizations as per the affiliate's or buyer’s request. The compensation for this service is sometimes through the profits procured using the ransomware code, or through once-off payment for the service, just as any other business operates, but many of the models used by cybercrime groups are even subscription-based coming with benefits such as forum inclusions, 24/7 support, and bundles. Read more about Expert Tips on Improving Organizational Cyber Defense to know more about securing your organization infrastructure. Conti is of course not the first cybercrime group to do this, DarkSide, REvil are two other notorious Ransomware as a Service groups. While DarkSide has supposedly ceased to be a group, they did so following an attack in 2021 that resulted in a 6-day shutdown of Colonial Pipeline which led to public outrage and DarkSide’s announcement that they were ceasing operations. The group was said to have stolen and released more than 2TB of data and received over $90 million in just nine months. REvil was another Russia-based RaaS provider. During their operations, it is estimated that they had received more than $200 million since they first became active in April 2019 after another RaaS group known as GrandCrab ended its operations. According to IBM, REvil was responsible for 37% of ransomware attacks in 2021, with ransomware being the number one type of cyberattack in that year. Russian security agency MOSCOW claimed that they had shut down REvil after a sweep was carried out across five Russian regions, according to the New York Times.  While the nature of ransomware attacks can be similar, groups tend to be particular about their targets. DarkSide for example, avoided attacking healthcare organizations, non-profit organizations, and schools, while HIVE has been known to target healthcare facilities. This only goes to show that no one is exempt from the potential of being a target. Use Sangfor Products to safeguard against cyberattacks such as Conti ransomware attack in Costa Rica Ransomware such as Conti is driven by unethical hacking professionals who have the expertise to bypass standard cybersecurity structures such as firewalls and use highly skilled methods of phishing to gain access to networks. This means that safeguarding against more complex attacks requires anti-ransomware tools and cybersecurity strategies that are equally competent, even if they are not complex, and that is what Sangfor provides. A full-proof ransomware tool will continuously monitor your organization’s environment. Automated and continuous threat detection is quintessential for remaining guarded against attacks at all times. Sangfor solutions integrate network monitoring with endpoint security solutions to provide a converged threat detection and response platform that runs continuously. Sangfor XDDR (Extended Detection, Defense and Response) framework makes use of a firewall that communicates directly with endpoint security to ensure that there have not been any breaches at any point in the attack chain, and should any be detected, the response is immediate to eradicate all threats, simultaneously tracing the origins and repairing points of weakness. Vulnerability scans are sent back to our NGAF (Next Generation Application Firewall) so that the data collected is circulated at all points for full visibility across networks. Furthermore, particularly due to the rise in remote work, XDDR uncovers hidden threats both on-site and remote. Sangfor runs continuous assessments both before and after integration to have a better view of any weaknesses in the network that create room for improvement. Finally, while relying solely on backups is not enough, integrating security solutions with Sangfor HCI allows backups to be stored on the cloud regularly for access as needed. In today’s cloud-dominant world, it is important that your cloud (private, public, or hybrid) is secure, as it plays an integral role in the inflow and outflow of organizational data. The convergence of our wide range of cybersecurity solutions makes for a full-coverage cybersecurity strategy, risk management, and disaster recovery plan. At Sangfor we do not believe that there is just one platform that is a solution to every cybersecurity issue, so we combine a range of sophisticated security and cloud computing solutions to create a simple, secure, and manageable system that meets business needs, drives performance and protects your business. So, could Costa Rica have avoided the attack? Maybe not, but they certainly could have lessened the impact. “[Costa Rica] should have considered more robust cyber screening solutions earlier on,” says Guy in his webinar. You can view the recording here. It is important to note that some cyberattacks are inevitable, but a strong recovery plan will limit your losses. Early detection and immediate response are essential to business continuity. Costa Rica is an example of what happens when organizations of all kinds, be they government or enterprises, underestimate the importance of preparedness in the context of digital crises. An investment in cybersecurity solutions is an investment in an organization’s ability to manage its assets and come back from disasters that interrupt its processes and systems. Conti may have removed their website and gone underground, but its effects are still weighing heavily on Costa Rica.   Contact Us for Business Inquiry

Cyber Security

4 Ways to Improve the Security Posture of Your Organization or You Can't Fix Stupid

Original article was published on the Cyber Defense Magazine. You Can’t Fix Stupid By Guy Rosefelt, CPO, Sangfor Technologies Stop me if you have heard this one: a customer is working late at night, been a long day, and very tired. Customer needs to clear a few remaining emails including one from the CEO. Without thinking about it, customer opens the email from the CEO, barely skims it and opens the attached Word document. Just as the Word doc opens, customer realizes the email looks a bit odd and then it hits, it is a phishing email. Laptop infected. Sound familiar? That just happened to my customer yesterday. And he knows better but was tired and on autopilot. We spent an hour online trying to figure out how bad the infection was and if he should wipe out his system and reimage since he had just done a full backup the week before. We decided to err on the side of caution and wipe and restore. The moral of the story is anti-phishing will never be 100% successful. The best security products are only ninety-nine point something successful, but even at that rate with the number of emails received in an organization daily, a few are going to get through. And someone will click on one. My customer is normally very diligent, but he slipped. Worse, there are a few employees in every company that do not really check to see if emails are suspicious and will open them anyway. Why am I rehashing this old trope? Because Barracuda Networks reported a 521% increase in phishing emails using COVID-19 Omicron variant to entice victims between October 2021 and January 2022. People looking for home testing kits were prime targets and easy prey. Webroot reported a 440% increase in May 2021. And more will keep coming. “So, Guy,” you may ask, “how can you save us from phishing?”  Well, I cannot, and no one else can either. What we need to do is bite the bullet and shift our strategy from trying to block everything to assuming we are already compromised, breached, hacked, etc. Once you start from that viewpoint, it does not matter that you cannot fix stupid, you just have to deal with the aftermath. Your focus is now on threat hunting, looking for signs of compromise. Do you have tools that can watch low and slow network behavior that are indications of stealth scanning? Can you identify regular bursty encrypted traffic being sent someplace out on the internet that might be data being exfiltrated? Can you track system resource utilization for signs of cryptomining or other malicious behavior? What makes looking for these kinds of behavior difficult is they are all AI-based. That’s right, attackers have learned to weaponize artificial intelligence (AI) into advanced persistent threats (APTs) and other malware payloads. The malicious software installed has become so much smarter than you think. It will look for specific targets, domains, even countries before it decides to activate. It can hide inside legitimate processes running in memory, evading security scans. In fact, it can disable security software running on systems without you knowing about it. There is a powerful batch script available now called Defeat-Defender that can shut down all Windows Defender processes silently. The best part is Defeat-Defender can masquerade as a legitimate process, evading the new Windows Tamper Protection functionality. All from opening an infected Word document. I see heads shaking in despair and a few of you getting ready to jump out of your office windows (you realize some of you work in the basement…). But there is a strategy that can help you through this dark and difficult time. You need to do 4 extremely simple and painless things: Look for and minimize attack surfaces Conduct external and internal attack surface assessments to find ways for the attack malware to breach. Look for signs that those surfaces were exploited. Then work to close those holes. Deploy AI-based detection and response You need to use AI to combat AI, but not just any AI. Security tools that employ broad-based AI will not find the signs of stealthy activity or APTs. Purpose-built AI models designed to identify very specific behaviors are needed, such as looking for enormous amounts of abnormal DNS requests going to malicious domains or finding short periods of bursty HTTPs traffic during off hours; both are indications of data exfiltration. Improve security system synergy All security products have a sphere of influence covering their own security domain. But the domains do not overlap causing gaps that AI-enabled APTs can exploit. Having security products share data real-time and coordinate responses can close those gaps. Augment security operations and resources by using security services Face it, you do not have enough time, staff, or resources to go into threat hunting mode. And if you are breached and under attack, can you really do incident response (IR)? Even the security teams in the largest organizations are resource limited. Leverage your VAR or security vendor to provide resources to backfill your team, help conduct assessments and IR, and do managed detection and response. Think of it as a home security monitoring service available 24 hours a day; that is there when the breach occurs during off-hours. It isn’t possible to block everything 100% and combating stupid makes it even harder. Since you can’t fix stupid, these 4 things can minimize and contain the damage caused. More importantly, thinking like an attacker will help you find signs if you were attacked and close off any holes and vulnerabilities that attackers will use. About the Author Guy Rosefelt, Chief Product Officer, Sangfor Technologies. Guy is Chief Product Officer for Sangfor Technologies. He has over 20 years’ experience (though some say it is one year’s experience twenty times) in application and network security, kicking it off with 10 years in the U.S. Air Force, reaching rank of captain. After his time in the USAF building the first fiber to the desktop LAN and other things you would find in Tom Clancy novels, Guy worked at NGAF, SIEM, WAF and CASB startups as well as big-name brands like Imperva and Citrix. He has spoken at numerous conferences around the world and in people’s living rooms, written articles about the coming Internet Apocalypse, and even managed to occasionally lead teams that designed and built security stuff. Guy is thrilled to be in his current position at Sangfor — partly because he was promised there would always be Coke Zero in the breakroom. His favorite cake is German Chocolate. Guy can be reached online at or on Twitter at @otto38dd and at our company website

Latest News

latest news img
Press Release

Sangfor Ranked the World’s 4th Largest NDR Vendor by Revenue in 2021 Gartner® Market Share Report

Sangfor Technologies Ranked the World’s 4th Largest NDR Vendor by Revenue in the Latest Gartner® Market Share Report Sangfor Technologies (300454.SZ) proudly announced today that it is ranked the world’s 4th largest vendor by revenue in 2021 for network detection and response (NDR) technology based on the Gartner Market Share: Enterprise Network Equipment by Market Segment, Worldwide 4Q21 and 2021  report, published March 25, 2022[1]. Sangfor Cyber Command, Sangfor’s signature NDR solution, achieved quarter-on-quarter worldwide revenue growth to attain the 4th largest market share in 2021. NDR was initially known as Network Traffic Analysis (NTA) and was first recognized by Gartner in 2013 with the publication of Five Styles of Advanced Threat Defense.[2] NTA was later renamed Network Detection and Response (NDR) in the 2020 Gartner Market Guide for Network Detection and Response report.[3] NDR adoption has grown rapidly in the last couple of years. According to the latest Gartner Market Share report, the worldwide NDR market was worth $1.046B USD in 2021, up 26.1% from $829.5M USD in 2020, making it one of the fastest-growing enterprise network security technologies. “We started developing our NDR solution Cyber Command in 2018 when it was becoming clear that existing security technologies at the time were no longer sufficient at protecting organizations in a deteriorating threat landscape. Cyber attackers were upping their game with sophisticated tools and techniques, and what was needed was a technology that could detect the undetectable. We are immensely proud that, in just a short space of time, Cyber Command has established itself as one of the most trusted NDR solutions on the global stage. Excellent results like this give us great encouragement and drive us to fulfill our mission of delivering the most innovative technologies to customers around the world.” beamed a delighted Kaden Zhang, President of Sangfor International Market. To learn more about Sangfor Cyber Command product capabilities, use cases, demo videos, and success stories, please visit the Cyber Command webpage at Source [1] Gartner, Inc., Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 4Q21 and 2021, Christian Canales et al., Published March 25, 2022 [2] Gartner, Inc., Five Styles of Advanced Threat Defense, Lawrence Orans, Jeremy D’Hoinne, August 20, 2013. [3] Gartner, Inc., Market Guide for Network Detection and Response, Lawrence Orans, et al., June 11, 2020 Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.

Press Release

Sangfor a Top 3 2021 APAC Security Vendor in Gartner® Security Market Share Report

Sangfor Technologies (300454.SZ) proudly announces that it is one of the top 3 cybersecurity vendors by revenue for 2021 in the Asia Pacific region* based on the recently released Gartner Market Share: Security Software, Worldwide, 2021 report.[1] The Gartner report presents the security software revenue and market share of over 90 security software vendors across all security markets and all regions of the world.  Sangfor’s security products were included in the following three security subsegments of the report:   Endpoint Protection Platform (Enterprise): Sangfor Endpoint Secure  Secure Web Gateway: Sangfor IAG  Other Security Software: Sangfor NGAF (Next-Gen Firewall), Sangfor Cyber Command (NDR), etc.  An APAC Leader The Market Share report reveals Sangfor’s excellent results in a security market for 2021 that was worth $6.2B in total:   Top 2 vendor in APAC (combination of the above subsegments)  Top 3 vendor in APAC (all security subsegments)  61.30% revenue growth in the APAC security market  In recent years, Sangfor has pursued ambitious international expansion and deep localization strategies, with Asia Pacific the focus of attention. The region has seen a sharp increase in cyber security spending due to the growing need to protect digitally transforming businesses across various industries from cyber-attacks. Indonesia, in particular, has been on the receiving end of the most ransomware attacks in the world, and organizations are in urgent need of strengthening their network defense capabilities.   With professional teams, multiple offices, and trusted partners based in countries across the region, coupled with years of rich local experience, Sangfor is perfectly positioned to help users keep their businesses secure.   “We feel great results like these are the driving forces behind our continuous innovation and strive for excellence. Sangfor is committed to delivering users worldwide the industry’s leading products and services and fulfilling our mission to make your Digital Transformation Simpler and Secure,” says Kaden Zhang, President of Sangfor International Market.   Source [1] Gartner, Inc., Market Share: Security Software, Worldwide, 2021, Shailendra Upadhyay et al., published 10 May 2022. *The Asia Pacific region referred to in this article is a combination of Emerging Asia/Pacific, Mature Asia/Pacific, and Greater China regions in the Gartner report. Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.  About Sangfor Sangfor Technologies is an APAC-based, global leading vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune 500 companies, governmental institutions, universities, and schools. Visit us at to learn more about Sangfor’s solutions and let Sangfor make your Digital Transformation Simpler and Secure.  Media Contact  Sunny Sun +86 755 8656 0605

Press Release

Sangfor Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2022

It is with great honor that we announce that Sangfor has won the “Hot Company Security Company of the Year” at the coveted 10th Annual Global InfoSec Awards at #RSAC 2022. “We’re thrilled to receive one of the most prestigious and coveted cybersecurity awards in the world from Cyber Defense Magazine, during their 10th anniversary as an independent cybersecurity news and information provider. We knew the competition would be tough and with top judges who are leading infosec experts from around the globe, we couldn’t be more pleased,” said Kaden Zhang, Group Vice President of Sangfor Technologies. “Sangfor embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine. The InfoSec Awards span a wide range of categories with hundreds of participants, making it a prestigious opportunity to receive a place amongst some of the world’s best information security specialist organizations, located here: Sangfor Technologies is continuously breaking ground in cyber security by constantly researching, developing new, and improving our existing cybersecurity solutions. We have technologies that thoroughly detect, mitigate, and respond to threats with unrivaled and fool-proof efficiency. Award-winning products include our NGAF Next-Generation Firewall (the world’s only NGFW integrated with Web Application Firewall), Endpoint Secure (endpoint protection), Cyber Command (NDR threat detection and response), and IAG Secure Internet Access Gateway (Secure Web Gateway) which work around the clock to detect and provide real-time security against known and unknown threats across all network areas (North-South, East-West). About Sangfor Technologies Founded in 2000 and a publicly-traded company since 2018 (STOCK CODE: 300454.SZ), Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure and security solutions specializing in Cyber Security and Cloud Computing. Visit us at to learn more about how Sangfor's solutions can make your digital transformation simpler & secure. About Cyber Defense Magazine Cyber Defense Magazine is the premier source of cybersecurity news and information for InfoSec professions in business and government, providing trustworthy insight, statistics, and resources on all things InfoSec. Visit for our magazine and and to see and listen to our interviews and updates from some of the award-winning industry experts. Sangfor Media Contact: Sunny Sun +86 755 8656 0605 Email: Website: Cyber Defense Magazine Media Inquiries: Contact: Irene Noser, Marketing Executive Email: Toll Free (USA): 1-833-844-9468 International: 1-646-586-9545 Website:

Subscribe To Our Newsletter

By clicking on the Submit button, you have read and consent to our privacy policy

icon notification

Frequently Asked Question

1.1. Can you install the Endpoint Secure Protect Agent on a system already running AV or EDR? You can install Endpoint Secure Protect on a system with another AV or EDR installed. During the installation, you will be asked if there is other anti-virus software installed. If you say “yes”, the installation will ask if you want to continue. If you choose to continue with the installation, the installation will continue in compatibility mode and the Protect agent will automatically disable real-time protection to not interfere with operation of the existing AV agent.

The Endpoint Secure management server includes the NGAF WAF module to prevent web-based attacks. Both the hardware and virtual versions of the management server are assessed by Sangfor’s BlueSecOps Team to determine if any risks or vulnerabilities exist. Security hardening is performed to minimize attack surfaces by closing all unnecessary ports and services.

2.1. Can you choose when agents are upgraded to minimize network impact? Yes, you can choose when agent groups or individual agents are upgraded. This gives you flexibility and control to stagger or delay agent upgrades based on organizational needs.