Sangfor IAG - Secure Web Gateway & Web Filtering Solution

Accelerating modern trends such as cloud applications adoption, the move of the hybrid workplace and increased use of mobile and personal devices for work have all constantly put more pressure on the organization to ensure a secure workforce environment. At the same time, a rise in encrypted applications, proxy avoidance applications, and increasingly affordable availability of third-party VPN applications have imposed further liability for the organization where it can easily bypass your security perimeter undetected without any protection. You need an extensive secure web gateway not only to protect your organization against these common threats but also as a critical asset for safeguarding user internet access behavior.

Click Here to Watch the Video
Click Here to Watch the Video

Why Sangfor IAG?

Sangfor IAG enables you to identify, analyze and take immediate action upon user internet access behavior.

icon

Gain full visibility to find any bad behavior in encrypted traffic.

icon

Uncover user identity with analytics into who is using what applications and when it is used on your network.

icon

Take full control to increase user productivity by ensuring internet access compliance.

Product Advantages

Proxy Avoidance Protection

Web filters are commonly used by the organization to restrict user internet access to certain web applications content and it has increasingly become non-effective against proxy avoidance applications. IAG collaborates with Endpoint Secure to enforce Proxy Avoidance Protection on any user attempt to use this application for bypassing the security perimeter more effectively. R&D team within Sangfor employs a dedicated team of application signatures security experts who are continuously categorizing and adding the latest proxy avoidance applications to ensure that detection rate and blocking capabilities are current and up to date.

Intelligent Traffic Management

Sangfor IAG improves bandwidth utilization by more than 30% using three unique major traffic management solutions. Dynamic Traffic Control automatically adjusts traffic control policies and intelligently allocates idle bandwidth resources. Intelligent Flow Control precisely manages both up-link and down-link P2P traffic and can customize traffic "packages" for different users, allocating specific traffic quotas and limiting bandwidth for heavier users.

Gateway and Client Decryption to Uncover Encrypted Traffic

Typically, a majority of internet traffic is protected by SSL/TLS encryption. While encryption helps to keep user and corporate data protected and private, it also creates security challenges when it comes to the rapid growth of malware infections and other malicious content. Sangfor IAG offers both decryption methods including gateway and client decryption to overcome these challenges. This enables an organization to have the flexibility to run either one or both in parallel to uncover encrypted traffic according to your corporate IT strategy and planning. 

Unified Network-wide Management of all Clients

Sangfor IAG provides Unified Management and effectively controls both Wired and Wireless networks for the entire network. With intuitive and flexible authentication methods, it fully guarantees the security of access control, supporting a variety of traditional authentication methods such as username/password, IP/MAC binding, and a wide array of value-added marketing authentication methods (QR code, SMS, WeChat, Social media, OA account, SAML 2.0, third-party system, etc.). Permissions are controlled based on user, application, location, and client types while using IAG or third-party wireless controller as a unified authentication server, building a faster and more cost-effective wireless network. 

Precise and Accurate Application Control

Sangfor IAG manages and controls network applications more comprehensively, accurately, and conveniently with the largest application signature database in Asia, which can identify more than 6,000+ applications in its database including 700+ cloud applications, 1,000+ mobile applications, 300+ web applications, and is updated every 2 weeks. In addition, it precisely controls applications according to their specific functions, such as distinguishing upload, download, and other actions in the network. Finally, bulk management mode for large enterprises greatly improves management efficiency.

Offloading Performance When Using ICAP Integration With Third Party System

Sangfor IAG can act as an ICAP client to be used with any ICAP server-enabled network appliance by offloading threat protection or other value-added services. In addition, Sangfor IAG provides request and response inspection mode while enabling the ICAP server group to run on a round-robin or concurrent condition. 

Secure Onboarding Devices With Endpoint Security Posture

Sangfor IAG identifies and secure endpoint devices with or without agents, it helps to ensure these devices are connected with compliant and secure. You gain visibility and control what is on your environment without impacting your network performance.  

What People Say

image peer

Comprehensive reporting, ease of use and intuitive dashboard

Administrator of State and Local Government

image peer

IAG is practical and helpful. It help to kept the log for company for audit.

CTO of a Carriers Industry

image peer

IAM is a good product for improve the network security, operation and control.

Assistant IT Manager of an Industrial Company

image peer

Bye bye...... bad performance online meeting by using Sangfor IAG

CxO of an Insurance Industry

image peer

Comprehensive reporting, ease of use and intuitive dashboard

Administrator of State and Local Government

image peer

IAG is practical and helpful. It help to kept the log for company for audit.

CTO of a Carriers Industry

Customer Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Ramsay Sime Darby Healthcare Indonesia

Healthcare Providers

Ramsay Sime Darby Health Care Indonesia

Sripatum University SPU logo

Education

Sripatum University (SPU)

Bank Victoria

Banking & Securities

Bank Victoria International

Mitra Keluarga logo

Healthcare Providers

Mitra Keluarga Hospital

Ramsay Sime Darby Healthcare Indonesia

Ramsay Sime Darby Health Care Indonesia

Sripatum University SPU logo

Sripatum University (SPU)

Bank Victoria

Bank Victoria International

Mitra Keluarga logo

Mitra Keluarga Hospital

Product Models

Models M5100 M5200 M5400 M5500 M5600
Profile 1U 1U 1U 1U 1U
HD Capacity 128 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD
Application Layer Throughput Options 160 Mbps 400 Mbps 600 Mbps 1 Gbps 1.2 Gbps
Recommended Concurrent Users 600 Users 2,000 Users 3,000 Users 5,000 Users 6,000 Users
Model Datasheets
Click to Download pdf file pdf file pdf file pdf file pdf file

 

Models M6000 M6000-UPG¹ M9000 M10000 M12000
Profile 2U 2U 2U 2U 2U
HD Capacity 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD 64 GB SSD + 960 GB SSD
Application Layer Throughput Options 2 Gbps 4 Gbps 10 Gbps 20 Gbps 40 Gbps
Recommended Concurrent Users 15,000 Users 20,000 Users 50,000 Users 100,000 Users 200,000 Users
Model Datasheets
Click to Download pdf file pdf file pdf file pdf file pdf file

¹ M6000-UPG is a license upgrade from M6000 with application layer bandwidth increased from 1G to 2G.

Videos

Ramsay Sime Darby Healthcare x Sangfor: Success Story

video-image
Ramsay Sime Darby Healthcare x Sangfor: Success Story
video-image
PT Bank Victoria International Tbk x Sangfor: Success Story
video-image
Guy Rosefelt Interview with Cyber Defense Magazine 2022
video-image
Sangfor IAG – Secure Internet Access
video-image
Interview with Tun Lin Khaing from Sweety Home Myanmar
video-image
SANGFOR IAM: Ingress Client Walkthrough Video
video-image
SANGFOR IAM Newest Features and Functions (2020)
video-image
Sangfor IAM SNAT and DNAT Configuration

Latest Blog

latsest webinars img
Cyber Security

GPT-4: The Latest Revolutionary Installment From OpenAI

Artificial intelligence has been taking the world by storm in the recent decade and the advent of ChatGPT was just the start. Released in late November 2022, ChatGPT took the world by storm with its ability to seamlessly create essays, compose music, write code, and so much more in a matter of seconds. OpenAI has now released the latest version of its AI technology - the GPT-4. Although it was introduced only on Tuesday, GPT-4 is already making waves amongst developers and the public alike due to its heightened abilities that have drastically improved on its predecessor, the GPT-3.5. OpenAI describes the large multimodal program as being less capable than humans in many real-world scenarios yet able to exhibit human-level performance on various professional and academic benchmarks. So, what exactly are the new features of this advanced protégé? The Features of the GPT-4 In the program’s release post, OpenAI declared that it had been working with Microsoft in designing a supercomputer within the Azure infrastructure to train the GPT-4 model, and like the previous ChatGPT versions, the program was modeled using licensed and public internet data – most importantly the feedback from ChatGPT. The GPT-4 boasts several improved and unique capabilities: Visual Interpretation The term “multimodal” refers to the program’s ability to extrapolate information from more than one “modal” or form which is why a key new feature of the GPT-4 is its ability to accept image prompts as well as text prompts. This allows the program to interpret, analyze, and respond to any image inputted into its system. OpenAI has partnered with Be My Eyes to run this feature first before it can be available to all OpenAI users. In a blog post, Be My Eyes explained how the feature works precisely, stating that “if a user sends a picture of the inside of their refrigerator, the Virtual Volunteer will not only be able to correctly identify what’s in it but also extrapolate and analyze what can be prepared with those ingredients.” They go on to explain that the tool can then offer several recipes for those ingredients and also send a step-by-step guide on how to make each of them. Sourced from the BBC In a video introduction to the Virtual Volunteer, it’s demonstrated how the app uses AI chatbot technology to identify plants, describe the pattern of a dress, read a map, translate labels, and even tell the user which buttons to press on a vending machine. Reliability OpenAI has improved its chatbot technology substantially in terms of content, stating that “GPT-4 is more reliable, creative, and able to handle much more nuanced instructions than GPT-3.5.” The company has tried to make the program safer and more aligned through the selection and filtering of pretraining data, evaluations, and expert engagement to improve modal safety, monitoring, and enforcement. The company has also been using GPT-4 internally – for support, sales, content moderation, and programming. Multilingual Capabilities In its testing and design, the company took to using a series of benchmarks that simulated exams designed for humans as well as those designed for machine learning models. In a step towards reaching a non-English audience, the program can successfully answer thousands of multiple-choice questions with high accuracy across 26 languages. While the questions themselves only form an MMLU benchmark and cannot substitute natural speech, the results still show an improvement in making the AI program more globally accessible. Steerable Changes The concept of “steerability” refers to the AI’s ability to adapt to demands and behaviors. With the GPT-4, users won’t have to deal with the “fixed verbosity, tone, and style” used for older ChatGPT versions as the new program can be prescribed a new personality or style as prompted. The GPT-4 features “system messages” that allow the user to customize the way the AI responds –  almost like a role-playing exercise. Sourced from OpenAI The company was quick to add that these prompts are only usable within the bounds of the AI’s usage policies and that improvements are still being made to the feature as they are fully aware that it is “the easiest way to “jailbreak” the current model.” Not Easily Manipulated While ChatGPT took quite a hit in terms of how its system could be manipulated, GPT-4 has promised to be more of a force to be reckoned with. Many people tested the limitations of the ChatGPT program after its release, figuring out ways to get around its guardrails – from using ChatGPT to write malware to many other malicious prompts. The company asserted that the GPT-4 has improved in factuality, steerability, and refusal to go outside of guardrails. OpenAI noted that they’ve “decreased the model’s tendency to respond to requests for disallowed content by 82% compared to GPT-3.5,” and that the GPT-4 responds to “sensitive requests” - such as medical advice and self-harm - following policies 29% more often. An example of this is in the GPT-4’s ability to refuse requests on how to synthesize dangerous chemicals. Coding Games According to Al Jazeera, some Twitter users have found a way to use GPT-4 to code entire video games already as well. The publication includes an example of a user recreating the game Snake without any prior JavaScript knowledge. Sourced from Twitter The Twitter user noted that while the game had some issues at first when prompted, the GPT-4 fixed them immediately. Evaluated Progress While OpenAI is confident in its newest technology, it accepts and embraces the need to constantly improve and assess its AI models. This is why the company open-sourced OpenAI Evals as a framework for automated evaluation of its AI model’s performance. The feature allows anyone to report shortcomings to help guide further improvements. The program creates and runs evaluations that use datasets to generate prompts, measures the quality of completions provided by an OpenAI model, and compares performance across different datasets and models. Limitations As with everything created, GPT-4 is not without its drawbacks. OpenAI was the first to point out the limitations that its newest AI creation suffers from. According to the company, the program is prone to “hallucinating” the same way its previous GPT models would – meaning that it can make up facts and commit simple reasoning errors. This is probably due to the AI having a limited knowledge set that cuts off in September 2021 along with its inability to learn from experience. The company says that the program can also be “overly gullible” when accepting obvious false statements from users and can fail at hard problems the same way humans do. The AI can also be “confidentially wrong” in making its predictions due to its inability to double-check work even when it’s highly likely a mistake was made. However, the GPT-4 model has still improved significantly in comparison to previous versions in terms of reaching accuracy - scoring 40% higher than GPT-3.5 on internal adversarial factuality evaluations. The AI poses similar risks as its predecessors – including generating harmful advice, buggy code, cybersecurity risks, or inaccurate information. OpenAI does not deny the potential risks that this technology may create either, noting that “GPT-4 and successor models have the potential to significantly influence society in both beneficial and harmful ways.” GPT-4 is Already Being Used The GPT-4 model has already been put to use in some places, with Microsoft being among the first to have its hands in the pie. The computing giant invested $1 billion in OpenAI to support the building of Artificial General Intelligence (AGI) and revealed on Tuesday that its new Bing search engine has been running on the GPT-4 model for the last 6 weeks already. Online payment processing company, Stripe, has also leveraged the GPT-4 program to “streamline the user experience and combat fraud.” The AI was called “a game changer” by Stripe’s Applied Machine Learning Product Lead, Eugene Mann, and is used to optimize websites, answer support questions, and detect fraud. The language learning app, Duolingo, has also taken to using the GPT-4 AI for its newest subscription tier called Duolingo Max which gives users the ability to get thorough explanations and has roleplay capabilities. Morgan Stanley wealth management has also revealed its usage of GPT-4 to “deliver relevant content and insights into the hands of Financial Advisors in seconds, helping drive efficiency and scales.” Andy Saperstein, the Co-President and Head of the establishment said that the integration of AI technology will allow its financial advisors to harness “knowledge and insights in ways that were once never thought feasible.” The company is currently the only wealth management provider receiving early access to OpenAI’s new products. Can I Use GPT-4? The GPT-4 version is currently not available to users of the free ChatGPT service. GPT-4 is only available to OpenAI’s ChatGPT Plus subscribers who pay $20 per month for premium access to the service within a limited usage cap while developers wishing to use the API can sign up for the AI on a waitlist. However, at the rate that companies are integrating the AI newcomer into their services, GPT-4 could be everywhere sooner than you think. While we're excited about the GPT-4, we should also pay attention to the threat to cybersecurity that the advanced Chatbot would bring. As we discussed in a previous article, the extensive data and natural language capabilities of ChatGPT make it an attractive tool for cyber criminals who are new to the field or simply too lazy to create their malicious code/email and want to carry out a cyber-attack all the same. Read this article to learn about what cyber security risks are associated with ChatGPT and how to protect against them. Sangfor Technologies offers the best quality cybersecurity and cloud computing technology for your network. For more information, please visit www.sangfor.com.   Contact Us for Business Inquiry


Cyber Security

Recent Cyber-Attacks of 2022: The Pandemic of Cybercrime

Technology has been a runaway train of innovation and ingenuity since conception. The strides that we’ve made in advancing our world have been nothing short of incredible within the past few decades with artificial intelligence, cloud adoption, and numerous recent milestone achievements, we’ve been more reliant on digital infrastructure than ever before. It is precisely this level of reliance that allowed cyber-attacks in the modern world to thrive and disrupt in the year 2022. A cyber-attack is a malicious act carried out by cyber criminals to destabilize, infiltrate or disrupt a digital system. There is a multitude of cyber-attack methods in existence, however, the main purpose always boils down to the exploitation of weaknesses and loopholes in the victim’s networks to cause damage or for personal gain. Cyber-attacks disrupt business operations, steal sensitive data, and conscript computers and networks as proxies to launch further attacks against other victims or hold systems and data for ransom. These are not the friendly type of sophisticated advances brought about by the technological revolution. However, there are technologies available such as network firewalls, and EDR endpoint security that protects enterprises from such devasting hacks. As humans, it is only through looking at our past that we may save our future. The mistakes and shortcomings of our previous encounters with threats are what make us weary and prepared for later on. This is why we are looking at some of the biggest cyber-attacks and statistics that have shaken global headlines in 2022. Recent Cyber-Attack of 2022 Statistics The following cybersecurity statistics and security incidents are eye opening for any business enterprises. In 2022, 70% of respondents worldwide stated that their company was threatened by cyber-attacks. (Statista) Between October and December of 2022, Lithuania saw the highest number of cyber threats worldwide - with 46.8 threats per 100 scans. South Korea ranked second, with over 40 threats, while Italy followed, detecting around 35 threats per 100 scans. (Statista) Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021. (Gartner) Between October 2021 and September 2022, malware was the most common type of cyber-attack used on manufacturing organizations - targeting around 37% of organizations worldwide. Network and application anomalies ranked second with 23% while system anomalies followed with 20%. (Statista) According to a 2022 report, 39% of US respondents expect the overall number of cyber-attacks, as well as the number of successful attacks to increase. (Statista) 1802 cases of data compromise were recorded in the US in 2022. (Statista) Over 422 million individuals were affected by data compromise in the US alone in 2022 - including data breaches, data leakage, and data exposure. (Statista) Estimates from Statista’s Cybersecurity Outlook show that the global cost of cybercrime is expected to surge in the next five years - rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. (Statista) In February of 2022, car manufacturing giant Toyota announced that it had been the victim of a cyber-attack that led to the suspension of operations across 28 lines at 14 plants in Japan. In a statement released, the company described the attack as a “system failure” at its domestic supplier - Kojima Industries. The suspension of operations led to the loss of around 13,000 cars. IHG Cyber-Attack 2022 The InterContinental Hotel Group (IHG) confirmed in late September of last year that its Holiday Inn Hotel subsidiary was hit by a cyber-attack. In a statement released by the IHG, they reported that parts of the company’s digital infrastructure were subject to unauthorized activity. Source: https://www.shutterstock.com/ While no data loss was recorded after the incident, booking channels and other applications were disrupted. The attack was carried out by a Vietnamese couple that went by the name ‘TeaPot’ who reached out to the through a telegram to admit to the crime. The duo attached screenshots to prove that they had gained access to the company's internal Outlook emails, Microsoft Teams chats, and server directories - which IHG confirmed were all authentic. The couple also admitted to originally attempting a ransomware attack against the hotel conglomerate but failure in their attempts led to them issuing a wiper malware instead – destroying all the data they accessed. The IHG network was breached through a phishing scheme in which an employee was tricked into downloading a malicious piece of software through an email attachment. The EDR or endpoint security softwares protects each machine from being hacked with phishing email attachments. The hacker couple explained that "the username and password to the vault were available to all employees,” indicating that almost 200,000 staff could see and that the password itself was extremely weak – revealed later as “Qwerty1234.” The IHG spokesperson disputed claims about the vault’s password and insisted that the attackers had to pacify "multiple layers of security" – without giving any details about what exactly those security measures were. This is the reason why Sangfor suggests having managed cloud services and using enterprise hybrid cloud essential for your business. Adding insult to injury, a group of hotel franchisees based in Louisiana and three other US states have since filed a lawsuit against IHG Hotels and Resorts - claiming that the early September cyber-attack cost them millions of dollars in lost revenue. Learn more about the IHG incident here. Cyber-Attacks On Banks 2022 The banking sector is one of the major hit in our list of recent cyber-attacks 2022. Cyber-attacks on the financial sector have expensive and debilitating consequences. The Boston Consulting Group’s ‘Global Wealth 2019: Reigniting Radical Growth’ report stated that finance firms are 300 times more likely than other companies to be targeted by a cyber-attack. The 2022 banking landscape was no stranger to these targeted threats. According to Statista, between October 2021 and September 2022, the use of malware was the most common type of cyber-attack in financial and insurance organizations. Malware attacks can be investigated by incident response team and can be prevented using hardware firewall installed at your network. VTB Bank Cyber-Attack VTB Bank, Russia's second-largest financial institution, suffered a massive Distributed-Denial of Service attack in December of 2022. The establishment said it was the worse cyber-attack in its history after the banking website and mobile apps were taken offline. While the services were disrupted, the bank reassured clients that customer data is stored within the internal perimeter of the bank and was not breached in any way. Source: https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/ Bleeping Computer reported that VTB is 61% state-owned – giving the attacks a political vantage point as an indirect blow to the Russian government. The pro-Ukraine hacktivist group, 'IT Army of Ukraine,' claimed responsibility for the DDoS attacks against the Russian VTB organization - announcing the campaign on Telegram at the end of November. OP Financial Group Cyber-Attack In January, the OP Financial Group was the victim of a cyber-attack that disrupted services. The self-proclaimed biggest bank in Finland said that the attack affected logins which were quickly restored shortly afterward and that no customer data was breached. Flagstar Bank Cyber-Attack An investigation into a massive data breach of the US Flagstar Bank concluded last year – finding that almost 1.5 million customers were affected. The breach resulted in the exposure of social security numbers, banking information, and personal details and appears to have begun as early as December 2022 but the organization held off on disclosing it until it could be investigated. Hospital Cyber-Attacks 2022 The hacker groups also not left the hospital during the recent cyber-attacks in 2022. Cyber-attacks that target hospital infrastructure result in a lot more than just financial loss. The disruption of critical services provided could lead to injuries and loss of life. Hospitals suffering from cyber-attacks often have to take systems offline and interrupt crucial procedures and appointment bookings that could affect thousands of patients. These attacks happen because of network vulnerabilities and absence of network security firewall such as NGFW. Hospitals are more likely to pay off a ransomware attack to ensure the continuation of care. Below are some of the major incidents of hospital cyber attacks in 2022. That also mentions about installing cybersecurity tools such as NDR, EDR and use enterprise hybrid cloud. Doctors’ Center Hospital The Doctors’ Center Hospital reported a breach to the health department in November. Based in Puerto Rico, the hospital system cyber-attack compromised the data of more than 1.19 million people. While the organization said in a statement on its website that no misuse of patient information was reported, data breach letters were sent out to every patient who may have been affected. Andre-Mignot Hospital Cyber-Attack The André-Mignot teaching hospital shut down operations due to a ransomware attack in noticed in December. The cyber criminals demanded a ransom amount after telephone services, the internet, and all computer systems were cut off. The regional health agency (ARS) said that the hospital canceled operations, but did everything possible to keep walk-in services and consultations running. Health Minister Francois Braun said that six patients were transferred already - three from intensive care and three from the neonatal unit. The minister stated that the attack led to “a total reorganization of the hospital,” and that while the machines were still functioning in the intensive care unit, more people were needed to watch the screens as they were no longer working as part of a network. French law forbids the payment of ransoms by public establishments. Healthcare Cyber-Attacks 2022 According to Statista, the healthcare industry is one of the most vulnerable sectors to cybercrime in the list of recent cyber-attacks 2022. Between October 2021 and September 2022, the healthcare sector saw a variety of cyber-attacks – including 63% of network and application anomalies and 22% of malware threats. These network anomalies can be prevented through network traffic analysis tools and by using secure internet gateway. Goodman Campbell Brain and Spine In Indiana, Goodman Campbell Brain and Spine admitted in a report that they were the victims of a ransomware attack that resulted in the release of almost 363,000 patient files being leaked onto the dark web. Advocate Aurora Health The Illinois and Wisconsin hospital health system, Advocate Aurora, suffered a data breach that would affect 3 million patients. The organization revealed that patient data may have been exposed through the improper use of using tracking technologies from Facebook and Google – called Meta Pixel. These tools track patient trends and preferences on Advocate Aurora's websites. Meta Pixel is a JavaScript tracker that helps website operators understand how visitors interact with the site to make targeted improvements. The health system said out of caution, all users of Advocate Aurora MyChart accounts, the LiveWell application, and anyone who used the health system’s scheduling widgets were presumed to have been affected. The system said it hasn’t found any evidence of fraud stemming from the incident and that the pixels were very unlikely to result in identity theft or any financial harm. The preliminary analysis made by security experts revealed that hackers accessed IP addresses, dates and times of scheduled appointments, overviews of patient medical histories, insurance data, and proxy account information. A sophisticated NDR platform can help to detect such incidents efficiently. In August 2022, U.S. healthcare provider Novant Health also disclosed its improper use of Meta Pixel in its implementation of the 'MyChart' portal - which exposed 1.3 million patients. CommonSpirit Health Cyber-Attack The second largest non-profit health system, CommonSpirit Health was the victim of a cyber-attack in October that compromised the personal data of over 600,000 patients, records – which allegedly caused one child to be accidentally given five times the amount of medication needed. The incident interrupted access to electronic health records and delayed patient care in multiple regions. In an update released in December, the company confirmed it suffered a ransomware attack and stated that threat actors gained access to portions of its network between September 16 and October 3. The organization also clarified that the attackers “may have gained access to certain files, including files that contained personal information” belonging to patients who received care or family members of those who received care at Franciscan Health, a 12-hospital affiliate of CommonSpirit Health. Bleeping Computer noted that the U.S. Department of Health data breach portal — where healthcare organizations are legally obligated to report data breaches impacting more than 500 individuals — confirms that threat actors accessed the personal data of 623,774 patients during the CommonSpirit ransomware attack. Cyber-Attacks On Critical Infrastructure 2022 Critical infrastructure sectors are responsible for the priority functions of society. These sectors include energy production sites, water production, supply chains, healthcare, food production, and agriculture. According to Microsoft’s 2022 Digital Defense Report, cyber-attacks aimed at critical infrastructure worldwide were up to 40% of all nation-state attacks These networks are all reliant on one another and we are entirely reliant on them – meaning a cyber-attack on any critical infrastructure has dire ripple effects that can destabilize an entire population. Gartner has estimated that by 2025, hackers would have weaponized a critical infrastructure cyber-physical system (CPS) to successfully harm or kill humans. Supply Chain Cyber-Attacks Cyber-attacks on supply chains are on the rise globally. Supply chain disruptions cause a mass domino effect on manufacturing, shipping, and consumers. Gene Seroka, the executive director at the Port of Los Angeles told the in 2022 that the number of cyber-attacks that target the port is now around 40 million monthly and that they face daily ransomware, malware, spear phishing, and credential harvesting attacks - to cause as much disruption as possible and slow down economies. In February of 2022, Reuters reported that energy supplier giant, Shell, had rerouted oil supplies to other depots after a cyber-attack on two subsidiaries of German logistics firm Marquard & Bahls. The companies discovered they were affected by an attack in January that had disrupted its IT systems and supply chain. Supply chain attacks are no new feature though. Just last year, the top US fuel pipeline operator Colonial Pipeline had to shut down its entire network - the source of nearly half of the US East Coast's fuel supply - after a ransomware attack that was coined as one of the most disruptive digital operations ever reported. Colonial Pipeline revealed that it paid hackers nearly $5 million to regain access to its systems. Conti Ransomware Attack in Costa Rica The Conti Ransomware Attack cyber-attack on the country of Costa Rica made multiple headlines last year in April as well. The president of the country, Rodrigo Chaves Robles, declared a national state of emergency after a string of ransomware attacks halted Costa Rica’s economy - affecting several branches of government and the public sector at large. It was estimated at the time the stagnancy of the economy was costing the country at least $38 million each day that they were down. The attack was initiated by Conti- a popular ransomware group. The hackers initially targeted the country’s Ministry of Finance, demanding a $10 million ransom, which the government declined to pay while still under the previous presidency. Tax administration and customs services were rendered out-of-service which disrupted various digital finance services - such as payments, taxpaying, and services billing. After a public refusal to pay the ransom, the Conti group published 97% of the data it had been using as collateral onto its website. While the hacking group may not have been trying to make a political statement, their geopolitical state and association with Russia played a significant role in Costa Rica’s ransomware attack. After their publicized support for the Russian invasion of Ukraine, Conti lost a great deal of public support. Costa Rica continues to suffer the effects of these attacks, and it does not look as though it will fully recover any time soon. US Government Cyber-Attacks Currently, the FBI's Cyber Sector’s Most Wanted list features over 100 individuals and groups that conspired to commit damaging crimes against the US government - including computer intrusions, wire fraud, identity theft, espionage, trade secret theft, and many more. According to Security Week, 105 local governments in the US were hit with ransomware, along with 44 universities and colleges, 45 school districts, and 25 healthcare providers. The school districts impacted more than 1,900 individual schools, while the healthcare provider incidents hit 290 hospitals. Such incidents result in high demand of EDR and network firewalls. The publication goes on to state that of the 105 known ransomware incidents involving US state or municipal governments or agencies in 2022, at least 27 also resulted in a data breach. In Miller County, malware spread from a compromised mainframe to systems in 55 different counties resulting in data being stolen from all of them. Preventing Cyber-Attacks Going into 2023 A 2022 survey found that 80% of global corporate executives deemed meeting the legal cybersecurity and data protection requirements imposed on companies was an effective solution. Among other cybersecurity-related activities that were considered effective was the installation of technologies that protect data and IT assets from cyber-attacks. At Sangfor Technologies, we commit to bringing you secure and reliable cybersecurity solutions that will ensure you stay safe from any type of cyber-attack. Our wide range of products and platforms will ensure the highest level of protection for your network and organization at all times. The Sangfor Next Generation Firewall (NGFW) is used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints. The advanced firewall is a security device designed to inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Anything that the on-premises features cannot analyze is automatically sent to the cloud-based Neural-X sandbox for isolation and critical inspection. Additionally, Sangfor’s Disaster Recovery Management provides a full range of disaster recovery solutions based on the customer’s Recovery Time and Recovery Point Objective (RPO and RTO) requirements in a simple, resilient, and manageable way. Companies should make the continuity of their business a pivotal point despite any cyber-attack trying to halt operations – Sangfor’s DR has key features in place to ensure this can happen seamlessly without any data loss. Incident Response is a Sangfor service geared towards flexible, fast, and effective elimination and prevention of cyber-attacks. The focus of incident response is locating and eradicating threats while implementing active disaster recovery and providing tailored analysis to help safeguard your company from future cyber-attacks. Sangfor understands that the strongest test of whether an incident response plan is strong is the organization’s ability to recover from the incident. Lastly, the Sangfor Cyber Command (NDR) Platform helps to monitor for malware, residual security events, and future potential compromises in your network. The Cyber Command solution is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system and any threats detected.   Contact Us for Business Inquiry


Cyber Security

Recent Data Breaches of 2022: Is Your Business Safe?

The internet has made finding, storing, and sharing information so much easier. Data can be easily processed and sent away within seconds through an array of advances in technology. While these steps have drastically improved our lives, data safety has been a growing concern through the years. Recent data breaches in 2022  have left many wondering about the actual safety of their information. When we hear the term "data breach," we may picture a lone hacker stealing a small amount of data from a personal device. However, in our digital age, nearly all businesses, services, and government entities operate online, making data breaches much more threatening. Large corporations have access to vast amounts of personal information, such as financial details, social security numbers, and private contact information. Entrusting these companies to safeguard our data is a risk, as they could become a target for cybercriminals who then use our information for nefarious purposes on the dark web. A List of Data Breaches 2022: A  Treasure Trove Statista reported that during the third quarter of 2022, approximately 15 million data records were exposed worldwide through data breaches – which increased by 37% compared to the previous quarter. Cybercriminals are targeting businesses that hold more information to exploit the private data of individuals or companies for monetary or personal gain. We’ve drawn up a list of the most recent data breach incidents to take place in 2022: Toyota Data Breach 2022 In October, the Japanese automotive manufacturing giant Toyota suffered a data breach when the source code of one of its servers was published on GitHub. ACS reported that almost 300,000 records of email addresses and customer phone numbers were exposed in the incident. The company issued a public apology on the Japanese section of its global website, informing customers who had signed up for T-Connect - Toyota's online telematics service - that they may have had their information leaked to hackers. The breach impacted customers who signed up for the service any time after July 2017 - with a total of 296,019 cases found to have been leaked. The data breach was confirmed when part of the source code for the T-Connect platform was found on the public software development platform GitHub and contained an access key that could be used to view the private data of customers. Toyota explained that the incident happened due to a website development subcontractor mistakenly uploading the critical portion of the source code which was then accessed by a third party. The mistake went unnoticed until September of 2022, meaning that the server was left exposed for almost 5 years without any indication. While the source code was immediately made private on the same day that it was discovered on the platform and the access key changed, there remains a high possibility that a data breach already took place within the time it was left unchecked. Equifax Data Breach Settlement 2022 Credit reporting firm Equifax revealed in September 2017 that a data leak in its servers had exposed the personal information of 147 million clients. The records included customer names, residences, dates of birth, social security numbers, and credit card numbers. The company agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 US states and territories that added up to $425 million to help people affected by the data breach. In March 2017, Apache made a vulnerability in their software, Apache Struts, public and provided patches to fix it. The Department of Homeland Security informed Equifax of the flaw the following day and Equifax's Global Threats and Vulnerability Management team distributed an alert to 400 employees. However, a few days later, the Equifax network was breached through the exploit of the Apache Struts vulnerability in their online dispute portal. The attacker was able to access and steal private consumer data in the months following the initial breach. The Electronic Privacy Information Center commented that the scope of the data breach problem extends well beyond Equifax and that the consumer reporting industry has a sordid history of poor cybersecurity - citing that in May 2016, identity theft resulted in the stolen tax and salary data of more than 431,000 people from Equifax.  The hefty settlement was finalized in January 2022 and is open to claims until January 2024. The $425 million amount aims to assist with any account losses from unauthorized charges, attorney fees, notary charges, or time spent recovering from identity theft or fraud as a result of the data breach. T-Mobile Data Breach 2022 T-Mobile admitted to being the victim of a data breach in January 2023. The mobile company issued a regulatory filing saying that it had identified a bad actor accessing data through an API interface - stating that the data breach probably began around November 2022. While the accounts of approximately 37 million customers were compromised, the company insists that the data stolen did not include passwords, social security numbers, or any bank account and credit card information. The taken data was limited to menial customer account data instead - including names, billing addresses, contact details, and T-Mobile account information. Earlier in March, the Lapsus$ hacking group took credit for stealing source code from T-Mobile in a series of breaches. Confirming the attack in a statement to The Verge, the organization assured that the “systems accessed contained no customer or government information, or other similarly sensitive information.” The telecommunications company is no stranger to data breaches – having reported eight separate data breaches since 2018. According to the NPR, T-Mobile agreed to pay $350 million in July 2022 to customers who filed a class action lawsuit after the company revealed that personal data that included social security numbers and driver's license information had been stolen in 2021 – affecting almost 80 million US residents.   Source: https://edition.cnn.com/2023/01/19/tech/tmobile-hack/index.html Capital One Data Breach 2022 In September 2022, the approval of a class action settlement was granted relating to a data breach within Capital One. The weighty $190 million settlement comes after the bank holding company suffered a data breach in 2019 that exposed the personal information of more than 100 million people and resulted in the theft of social security numbers and bank account details. The organization revealed on the data breach settlement website that specific information accessed for each person included a combination of names, addresses, zip codes, phone numbers, email addresses, credit scores, balances, transactional data, and much more from 2016, 2017, and 2018. Added to this was the theft of almost 120,000 social security numbers and 80,000 linked bank account numbers. The breach was carried out by Paige Thompson, a former systems engineer at Amazon Web Services, who used a self-made tool to detect misconfigured AWS accounts and then use those accounts to hack into the systems of more than 30 organizations - including Capital One. The US Department of Justice said in a release that she had posted about the theft on GitHub which led to her eventual arrest. According to her indictment, Thompson used the access she gained to steal data while “mining” cryptocurrency with the stolen computer power through crypto-jacking. Cash App Data Breach 2022 The parent company, Block, announced in an SEC disclosure statement released in April 2022 that its subsidiary organization, Cash App, had experienced a data breach. This comes after a former employee downloaded certain reports from the mobile cash payment platform in December 2021 that contained US customer information. The statement reads that “while this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.” The data exposed included names, brokerage account numbers, brokerage portfolio values and holdings, and stock trading activity for one trading day. While the information did not include usernames, passwords, social security numbers, bank account information, or any other personally identifiable information, Cash App Investing had to still contact approximately 8.2 million of its current and former customers to inform them of the incident. A proposed class action lawsuit highlights that Block, a financial services company, detected a data breach in mid-December 2021 but delayed four months before reporting it in a regulatory filing with the Securities and Exchange Commission. The lawsuit claims that both Block and Cash App were aware of the potential risks of unauthorized disclosure of customer information, but failed to take adequate steps to protect it. The breach demonstrated that sensitive data was kept in a vulnerable condition, susceptible to misuse. Google Data Breach 2022 Search engine giant, Google recently released a security update for Google Chrome that protects users against a newly discovered security vulnerability in the browser that is already actively being exploited by hackers and risking the data of over 2.5 billion users. The company confirmed a zero-day vulnerability affected its Chrome web browser client - the 9th vulnerability of the year. Google states on the official rollout for the browser that users of Chrome on the Windows, Mac, Android, and Linux platforms are impacted by the high-severity CVE-2022-4262 0day security vulnerability.  An urgent update was pushed out that fixes the vulnerability – which is classed as high-severity that allows remote attackers to potentially exploit a Type Confusion issue in Google V8's JavaScript engine by causing heap corruption via a crafted HTML page. Source: https://earthweb.com/google-data-breaches/ Samsung Data Breach 2022 The leading cellular company, Samsung, admitted to a security breach in its system in July 2022 that resulted in the exposure of internal company data - including source code related to its Galaxy smartphones. In September 2022, Samsung released a notice admitting that some of their US systems had been breached by an unauthorized third party. The breach resulted in the exposure of personal customer information, which they discovered in August of the same year. The compromised information included names, contact details, demographic information, dates of birth, and product registration information. However, the company stated that no social security numbers or credit card information were exposed. This is the second data breach that Samsung has suffered in 2022. In March, the company discovered that the Lapsus$ hacking group had infiltrated and leaked almost 200 gigabytes of confidential data – including source code for various Samsung tech and algorithms for biometric unlock operations. A statement made to Bloomberg in March confirmed the hack when Samsung noted that "the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees." Marriott Data Breach 2022 In July 2022, hotel chain leader Marriot International revealed that it was the victim of a data breach. The company lost almost 20GB of data that included sensitive customer information such as credit card information, confidential business documents, and customer payment information. Up to 400 customers were affected and notified by Marriot following the data breach. The Verge reported that Melissa Froehlich Flood, a spokesperson for the Marriott, assured them that the company was “aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer.” The hacker tried to extort the hotel chain to no avail before going public with the breach. The hospitality industry leader has experienced data breaches before. In 2020, it had another incident where the personal information of 5.2 million guests was affected. According to a press release, the company discovered that the guest data was accessed by using the login details of two franchise property employees. They believe that this breach started in mid-January 2020 and was identified at the end of February 2020. Healthcare Data Breaches 2022 The healthcare sector has suffered a startling amount of cyber-attacks in recent years. With growing ransomware in the healthcare industry and data breaches that threaten the necessary care services that the public relies on. A study published in 2020 found that hacking incidents are the most prevalent forms of attack behind healthcare data breaches - followed by unauthorized internal disclosures. Shields Healthcare Group provides imaging and outpatient services throughout New England and suffered a data breach in March 2022. In a notice released by the hospital group, they say that an unknown actor gained access to certain Shields systems from March 7, 2022, to March 21, 2022. Upon further investigation, it was revealed that data that affected 2 million people was acquired by the unknown actor within that time frame. According to Fortified Health Security’s mid-year report, the healthcare sector suffered nearly 337 breaches in the first half of 2022 alone. Medical staff are not equipped to handle the pressure of saving lives while fighting cyber-attacks. Sangfor’s Healthcare Solution helps build up an advanced and secure IT infrastructure within medical industries to mitigate the risks of being targeted by a data breach - or any form of cyber-attack again. Data Breach Fines 2022 Data breaches are a severe violation, and it is crucial for companies and organizations to comply with stringent rules and regulations enforced by governments and lawmakers to safeguard their users' information. However, several companies tend to bypass these guidelines, leading to significant penalties. As seen above, the class action settlements for these organizations in the wake of a data breach are not a matter of easy pocket change. The past year had its fair share of penalties for companies that misused or acted carelessly with user data. Statista reported that the global average cost per data breach amounted to 4.35 million U.S. dollars as of 2022. Here's a brief overview of just some of the fines dealt with in the past year: Meta 2022 Data Breach Penalty In September 2022, the Facebook parent company, Meta, received a $400 million penalty after an investigation by Ireland's Data Protection Commission (DPC) into its handling of children's data.  According to The New York Times, the investigation started in 2020 and focused on Instagram's default settings for accounts of children between 13 and 17, which made them public by default. The investigation also looked into the platform's policy of allowing teenage business account holders to share their email addresses and phone numbers publicly. Morgan Stanley 2022 Data Breach Penalty Investment bank and financial services provider, Morgan Stanley had to pay a sum of $60 million in a legal claim settlement in January 2022 related to data security. In July 2020, the company was sued in a class-action lawsuit due to two data breaches that impacted approximately 15 million customers. The lawsuit claims that the company failed to properly wipe clean data center equipment that was decommissioned in 2016 and 2019. Additionally, a software flaw allowed unencrypted sensitive data to be accessible to anyone who purchased the equipment after the decommissioning. Enel Energia 2022 Data Breach Penalty A $29.3 million fine was handed to Enel Energia in January 2022 by the Italian data protection authority, Garante. The multi-national electrical and gas supplier failed to get user consent before using private client data for telemarketing calls. Garante received multiple complaints from customers about unwanted promotional calls. Cosmote Mobile Telecommunications 2022 Data Breach Penalty In February, the Greek data protection authority fined Cosmote Mobile Telecommunications $6.6 Million after a data breach in September 2020 led to the private information of customers being exposed.  It has come to light that the company was engaged in unlawful processing of customer data and failed to adequately secure their private information. Additionally, the parent group OTE was fined for their lack of involvement in the initial stages of the process. Sourced from EQS Group Preventing Data Breaches In 2023 While data breaches may appear to be merely avaricious or malevolent attacks on large corporations that don't harm anyone, in reality, they jeopardize the security of countless innocent individuals by revealing their personal information. To prevent such breaches, enterprises and businesses must establish sophisticated and intelligent cybersecurity systems. In March 2022, the Securities and Exchange Commission proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Gary Gensler, the EC chair, said that “cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. The Federal Trade Commission of the US provided resources in a report titled “Data Breach Response: A Guide for Business” that will help enterprises who have suffered a recent data breach. It is crucial to select a cybersecurity partner who comprehends the dangers and menaces present in the virtual domain. Sangfor Technologies provides the most optimal solution for cloud computing resources and cybersecurity, prioritizing your data security. You can rely on our broad range of products and platforms to guarantee that your customers will not have to worry about their sensitive data being compromised by a data breach. You can contact Sangfor anytime to know more about the Security, IT Infrastructure and cloud products.   Contact Us for Business Inquiry


Latest News

latest news img
Press Release

Transformative Collaboration: The 2023 Sangfor EMEA EPIC Summit

Sangfor recently hosted its 2023 EPIC summit for the EMEA region in Dubai - one of its celebrated annual events that bring together the pioneering minds of our industry. The summit was held at the Hyatt Regency hotel from the 7th to the 10th of March this year. Its 2-day festivities focused on innovative thinking, technological exchange, and the opportunity to network amongst the brightest minds. This year's theme for the event was “Guide Your Secure Digital Transformation” and featured global IT experts and esteemed Sangfor partners and customers alike - all taking part in an array of exciting activities and contests followed by a wonderful awards ceremony in which we celebrated their achievements. The aim of the EPIC EMEA summit this year was to learn new skills and connect with new people – which was achieved by inviting a host of talented guest speakers and industry leaders from more than 10 countries and regions to give transformative business advice, showcase the latest technology, and share their unique cybersecurity and cloud computing insight strategies going into the future. Being the first EPIC Summit hosted in the EMEA region since the pandemic, the event was extra special. Sangfor ensured the highest convenience by allowing attendees to use its event app to keep them updated and connected throughout the duration of the summit. The event took place over 2 days and featured an array of fun contests with amazing prizes for the attendees to win. The 1st day of the EMEA EPIC summit included these highlights: The inspired welcoming speech by Sangfor’s Co-Founder and Chief Operating Officer, Mr. Wilson Xiong, titled “360° Innovation Creates Business Values.” A keynote speech by IDC Associate Research Director, Ms. Shilpi Handa, provided insight on overcoming challenges on the journey to “Modernize Security for Evolving Business Challenges.” Mr. Guy Rosefelt, Sangfor’s Chief Product Officer, delivered a presentation titled “Synergy 2.0: Designing Your Digital Transformation Together” where he discussed  Sangfor's newest innovations in synergy, Sangfor XDDR 2.0, and Zero Trust strategies. A presentation by Omdia Chief Analyst of IT Operations, Mr. Roy Illsley, titled “2023 and What the Cloud Will Bring” in which he gave insights into the latest data on cloud adoption in EMEA in 2022 and 2023. Sangfor’s Cloud Chief Marketing Officer, Nicholas Tay presented the “Future Proof Your Cloud Journey with Sangfor Hyper Cloud” in which he discussed the current cloud landscape, its challenges, and how Sangfor Cloud can strategically help organizations. An introduction to the innovative business models that Sangfor has developed to build stronger strategic partnerships with members of our partner ecosystem in a speech by Jackie Chen, the Sales VP of Sangfor’s International Market. Cheney Hu, the Sangfor Senior HCI Product Marketing Manager, presented a speech on what to expect from Sangfor’s Hyper-Converged Infrastructure in 2023 to elevate your business. A keynote speech by Mr. Francis Tsang, our Sangfor Senior Cloud Solution Strategist, discussed Sangfor Subscription Cloud’s ability to unlock greater business value from your digital transformation. A success story from our VIP Partner, Opiquad of Italy, and their CSI Department Manager, Mr. Alessandro Motta. Sangfor’s Cloud Solution Strategist, Mr. YK Lee, delivered a speech on the 4 benefits of Hybrid Cloud. The Sangfor VDI Product Manager, Mr. Harper Zhang, introduced Sangfor's one-stop Virtual Desktop Infrastructure (VDI) solution in a keynote speech titled “A One-Stop Approach to Digitalize Your Traditional Workspace .” Sangfor VIP customer success stories from Infoteam of Italy and their Solution Architect, Mr. Ivan Dalla Zuanna, Global Care Hospital of Abu Dhabi and their IT Director, Mr. Deepak Cheraparambil, and EFU Life Assurance LTD of Pakistan, and their General Manager of IT, Mr. Sohaib Shams. The day ended with a wonderful gala dinner in which a prestigious awards ceremony was held to recognize and celebrate the outstanding achievements of Sangfor’s customers and partners over the past year. keynote speech by IDC Associate Research Director, Ms. Shilpi Handa   View the photo album of the Event (Day 1)   The 2023 EPIC EMEA Summit Customer Awards The Sangfor 2022 Customer Awards were presented by Sangfor Founder and CEO, Mr. River He, Sangfor’s Co-Founder and Chief Operating Officer, Mr. Wilson Xiong, and Sangfor’s Deputy Manager of the International Market, Jackie Chen, respectively. The results went as follows: Sangfor 2022 Diamond Customer Award English Biscuit Manufacturers EFU Life Assurance Ltd Sangfor 2022 Most Innovative Customer Award Feroze 1888 Mills Limited Sangfor 2022 Best XDDR Award China State Construction Engineering Corporation (Middle East) LLC Sangfor 2022 Cyber Security Solution Award Confartigianato Artigian Service Sangfor 2022 Infrastructure Solution Award Global Care Hospital Sangfor 2022 Most Engaged Customer Award China National Petroleum Corporation (CNPC) Middle East Sangfor 2022 Best Industry Award for Construction WAFI PROPERTY (LLC) Sangfor 2022 Best Industry Award for Healthcare Medilife Health Group Sangfor 2022 Best Industry Award for Retail Majid Al Futtaim - Carrefour Sangfor 2022 Best Industry Award for Public Administration Punjab Information Technology Board Sangfor 2022 Best Industry Award for Utilities Oman Electricity Transmission Company OETC Sangfor 2022 Best Industry Award for Telecom Telekom Networks Malawi Plc The 2023 EPIC EMEA Summit Partner Awards The next segment of the EPIC Summit’s gala dinner ceremony was for the Sangfor partner awards to celebrate their milestones and victories in the past year as esteemed partners to Sangfor. The results of the partner awards were as follows: Sangfor 2022 Best Distributor Esprinet S.p.A. Sangfor 2022 Best Distributor in Marketing CIPS Informatica srl Sangfor 2022 Fast Growing VAD Spollex Distribution Computer Trading LLC Nexta Çözüm Danışmanlık Anonim Şirketi Sangfor 2022 Most Loyal VAD Advanced Business Solutions MENA FZCo Sangfor 2022 Best Gold Partner TELEC Electronics & Machinery (PVT) Ltd. D.S.C. Digital System Computers s.r.l. Sangfor 2022 Best Managed Service Provider SI.EL.CO. Srl Sangfor 2022 Best Partner for Hybrid Cloud OMEGA GROUP SRL Sangfor 2022 First DaaS MSP in Italy Auxilium S.r.l. Sangfor 2022 Fast Growing CSP PEGASUS MSP SRL DC Technologies FZ-LLC Infoteam S.R.L. Sinergy Studio srl Sangfor 2022 Best Partner in the Exchange Industry Netmate Information Technology Sangfor 2022 Best Innovator in the Public Sector Data2Cloud Sangfor 2022 Most Innovative Cloud Service Provider Opiquad SRL Day 2 of the 2023 EPIC EMEA Summit continued with a blast with several presentations by Sangfor experts and respected customers. An overview of the event goes as follows: Starting, the Sangfor Security Product Director, Mr. Allen Lim, introduced Sangfor Access and demonstrated its use in a presentation titled “Securing Todays Network: Practical Security Planning in the Journey to Cloud.” Zoppo Chen, Sangfor’s Platform Team Leader, spoke about how to “Streamline Your Security Operations with Sangfor XDDR.” A keynote speech on “Preparing for Tomorrow's Cyber Threats” by Steven Tsui, Sangfor’s Security Product Marketing Manager, provided insight into Sangfor’s new and upcoming products, solutions, and capabilities. A presentation by Product Manager for IAG, Mr. Eugene Yew, on how Sangfor’s Internet Access Gateway can provide visibility and granular control over users and endpoint devices across your environment. The president of Sangfor’s International Market, Jeremy Jia, presented “Investing in a Brighter Future” in which partner programs are introduced that will help Sangfor partners invest wisely in the future of the industry. Transformation Mr. Jackie Chen, the Deputy Manager of Sangfor International Market, gave a speech titled “Transformation” that explored new partnership strategies. Sangfor’s Chief Product Officer, Guy Rosefelt, gave a keynote speech on “Empowering Your Business: A Channel Partner's Guide to Thriving in Today's Security Landscape.” in which Sangfor’s XDDR, Zero Trust, and security services and how they can be leveraged were discussed. Sangfor’s Cloud Operations Director, Mr. Glay Wang, presented an explanation of the strategies and proven models of “Driving Your Cloud Business Transformation to Success.”   View the photo album of the Event (Day 2)   The event also had an array of VIP customer success stories featured throughout the day that displayed their satisfaction with using Sangfor Technologies. Key presentations were noted from: Medilife Health Group and their representative, Mr. Kenan Turkyilmaz. TechnoBT and their representative Mr. Erem Korkmaz. Cattaneo Impianti and their IT and Project Manager , Mr. Federico Fracchiolla. Sogetel SRL and their IT Manager, Mr. Davide Zampatori. English Biscuit Manufacturers and their DGM of Information Technology, Mr. Zaid Umer Farooqui. The Institute of Business Administration Karachi’s Head of ICT, Mr. Wajeeh Zaidi. And Confargianato Impresse who couldn’t be there, unfortunately, but sent through a recording of their presentation. The summit also included speeches by esteemed Sangfor VIP Partners. The list of notable partner speakers included: Opiquad and their CSI Department Manager, Mr. Alessandro Motta. DC Technologies and their Business Development Manager, Mr. Sibasish Banerjee. Sielco SRL and their presales, Mr. Domenico Squadrito. Netmate Information Technology and their head of Business Development and Project Execution, Mr. Amer Khan. PEGASUS and their CEO, Mr. Giuseppe Marrone. The Sangfor 2023 EPIC EMEA Summit was a great success, and we hope that all attendees had a wonderful and insightful time with us. We would like to extend our gratitude to our esteemed and loyal partners and customers for joining Sangfor at this hallmark event and wish you an inspired and brighter digital future ahead because of it. Watch the greatest moments of this event in the highlight video below.   The Greatest Moments of Sangfor EPIC Summit 2023 - EMEA Edition


Press Release

Empowering Innovation: The 2023 Sangfor Summits in APAC

Sangfor Technologies hosted its annual APAC Summits from the 27th February to the 3rd March 2023. The Summits focused on connecting innovative minds and showcasing pioneering technology in cybersecurity and cloud computing. The 2023 Sangfor APAC Summits were even more special this year as they were the first in-person summits held by Sangfor since the Covid-19 pandemic. Exclusive event apps were also released for both the Partner Summit and EPIC Summit to assist attendees and provide maximum convenience at the touch of a button. Both events also hosted an array of exciting and interactive contests, exhibitions, and breakout sessions. The Sangfor Partner Summit 2023 – APAC Edition The Sangfor APAC Partner Summit 2023 took place at the end of February and saw more than 400 partners gathered to celebrate achievements and network amongst innovative minds. Sangfor executives and industry experts get the chance to showcase their latest products and services going into the new year. Some key highlights of the 2023 Sangfor APAC Partner Summit included: A welcoming and inspiring keynote speech by the Sangfor Co-founder and Chief Operating Officer, Mr. Wilson Xiong, that touched on “Building the Future Through New Partnership”. Sangfor’s Chief Product Officer, Mr. Guy Rosefelt, gave a keynote speech that discussed the lessons learned from 2022 and how partners can use past wisdom to better address the security needs of customers in the upcoming year. A keynote speech by Mr. Jeremy Jia, the President of Sangfor’s International Market, presenting Sangfor's master plan for partners in 2023. Mr. Allen Lim, the Sangfor Product Director for Security, presented a wonderful performance sketch of the threat to cybersecurity posed by ChatGPT and thereafter offered a presentation on the newest and enhanced Sangfor cybersecurity products and services available. A presentation by Mr. Glay Wang, the Sangfor Senior Cloud Business Operations Manager, introduced Sangfor’s new and improved cloud products, solutions, and services as well as partnership models to inspire growth. Presentations of success stories from esteemed Sangfor partners all accompanied on stage by Sangfor’s Director of Channel Partner Operations, Mr. Bory Liao. Our partners at the summit included Mr. Melvin Ong of TSI Distributors in Indonesia, Mr. Albert Tu of Data Alliance in Malaysia, Mr. Ephrem Jr Dela Cerna of PCI Innovations Tech Center in the Philippines, and Mr. Stanley Lee Chi Man of Fujifilm in Hong Kong. The night ended with an elegant partner awards ceremony held during the Gala dinner event later on at the hotel in which we celebrated the achievements and milestones of our respected partners and gave our prizes won during the contests and lucky draws throughout the day. The list of the award winners during our 2023 Sangfor Partner Summit ceremony went as follows: Sangfor 2022 Best Distributor PT Solusi Multi Tehnologi IT Green Public Company (Limited) Sangfor 2022 Best VAD Data Alliance Sdn Bhd BANBROS COMMERCIAL, INC. Sangfor 2022 Best Gold Partner FUJIFILM Business Innovation (Hong Kong) Limited Sysnect Information Co., Ltd. PT Gwen Tekno Pratama MSE DotNet Sdn Bhd IPSolutions Inc. Sangfor 2022 Best Partner for Cyber Security Momentum Z Kmit-Group Co., Ltd. Supplier Development Asia Pacific Ltd Sangfor 2022 Best Partner for Cloud Computing Map2u Sdn Bhd HOMITECH JOINT STOCK COMPANY R3HUB IT SOLUTIONS Sangfor 2022 Fastest Growing Partner First One Systems Co., Ltd. Vega Networks Co., Ltd. Business Resilience Technology PT Wira Arta Telematika Baro International Limited Sangfor 2022 Best Industry Performer ICO Technology Limited E-Content (M) Sdn Bhd Torque IT Co., Ltd. PT. Berkah Sejahtera Abadi Indonesia Massive Integrated Tech Solutions Inc.  Sundray 2022 - Fastest Growing Distributor PT Festino Indonesia Sundray 2022 - Best Gold Partner CÔNG TY TNHH HONG WEl Sundray 2022 - Fastest Growing Partner ASIA FORT SECURITY & NETWORK TECHNOLOGY CO.,LTD Sundray 2022 - Outstanding X-LINK Distributor Công ty TNHH ORIPU Overall, the 2023 APAC Sangfor Partner Summit was a delightful success and in March, the Sangfor EPIC Summit was held – Sangfor’s biggest customer event of the year.   View the photo album of the Sangfor Partner Summit 2023   The Sangfor EPIC Summit 2023 – APAC Edition The event hosted 350+ customers from more than 10 different countries and regions in the APAC. The Sangfor EPIC Summit features executives and industry experts from around the world to showcase the latest cybersecurity and cloud computing products and services. The theme of the event was innovation – led by expertise and strategies to help you protect and grow your business in 2023. INTEL played a pivotal role as a sponsor of the EPIC Summit and our esteemed guest speakers from the IDC and Forrester. Some of the main highlights of the 2023 Sangfor APAC EPIC Summit included: An opening speech by Sangfor’s Co-Founder and Chief Officer of Operations, Mr. Wilson Xiong. A keynote presentation by Mr. Michael Barnes, the Vice President and Research Director of Forrester, that delves into “Enabling a Future Fit Technology Strategy”. The esteemed guest speaker focused on the way shifting market dynamics constantly redefine operating models and require fast, flexible, and connected technology. The Sangfor Chief Product Officer , Mr. Guy Rosefelt, offering a keynote presentation on Sangfor's newest innovations in synergy with Sangfor XDDR 2.0 and the Zero Trust strategies that power Sangfor’s Managed Cloud Services and make your digital transformation simple and secure. A keynote presentation from Mr. Simon Piff, the IDC Vice President for APAC, entitled "The Future Model for Extensible Infrastructure." A focus on the challenges faced within the modern Digital-First business model and how to approach them. A keynote presentation from Sangfor’s Chief Marketing Officer for Cloud, Mr. Nicholas Tay, discussed the current cloud landscape, its challenges, and how Sangfor’s Cloud solutions can strategically help organizations operate at scale with simplified cloud operations and integrated security. The Sangfor President of the International Market, Mr. Jeremy Jia, gave a keynote speech on the risks of investing in technologies during a forecasted negative economic growth climate in 2023. Jia highlighted the ways Sangfor can minimize those risks through the powerful Synergy between security and cloud products and services. A CIO Insights Panel that featured Sangfor and industry experts to discuss their organizations' digital transformation journeys, as well as the trends, challenges, and opportunities in the cybersecurity and cloud computing business landscape. These included Mr. Benedict Sulaiman, the Vice President of Information Technology of Ramsay Sime Darby Health Care in Indonesia, Mr. Kenneth Lai, Sangfor Partner and Head of IT Services of KPMG (Hong Kong), Mr. Lutzer U. Reyes, ICT Director and Associate Professor at The Polytechnic University of the Philippines, and Mr. Jankham Krit, CIO of Asian-Pacific Can Co., Ltd in Thailand.   View the photo album of the Sangfor EPIC Summit 2023   The EPIC Summit event came to a close with an award ceremony during the Gala dinner afterwards in which our valued attendees won a host of wonderful prizes. The list of award winners for the 2023 EPIC Summit ceremony went as follows: Sangfor 2022 Diamond Customer Award Index Living Mall Public Company Limited Palace of Justice Sangfor 2022 Most Innovative Customer Award Universitas Mercu Buana RPX One Stop Logistics Sangfor 2022 Best Cyber Security Use Case Award Processing Center Company Limited Best World International Road Transport Department Malaysia Sangfor 2022 Best Cloud Computing Use Case Award Macau University of Science and Technology Sentra Medika Hospital Group Royal Malaysian Customs Department Sangfor 2022 Most Engaged Customer Award Bangkok Genomics Innovation Co., Ltd Big C Supercenter Public Company Limited Ramsay Sime Darby Health Care Sangfor 2022 Best Industry Use Case Award Walailak University Hospital DCS Card Centre Pte Ltd National Kidney and Transplant Institute Sundray 2022 Best Industry Use Case Award Philippine International Convention Center We would like to extend our deepest gratitude to those who attended the 2023 Sangfor ACAC Summits and hope to see you soon on your journey to a safer and more advanced digital landscape.


News

Sangfor Named as a Visionary in 2022 Gartner® Magic Quadrant™ for Network Firewalls

8 Consecutive Years in the Gartner Magic Quadrant for Network Firewalls Sangfor is proud to announce that it has been named as a Visionary in the prestigious 2022 Gartner® Magic Quadrant™ for Network Firewalls.1 The latest recognition marks the 8th year Sangfor has been recognized in this Magic Quadrant (previously known as Magic Quadrant for Enterprise Network Firewalls) and the 2nd consecutive year as a Visionary.   DOWNLOAD THE REPORT NOW What it means to be a Visionary The Gartner Magic Quadrant evaluates the vendors’ Completeness of Vision and Ability to Execute on a set of criteria with different weightings. The Completeness of Vision is evaluated based on 8 criteria, among which Market Understanding, Offering (Product) Strategy, and Innovation are allocated with “High” weightings. The Gartner report defines these as: Market Understanding: Ability of the vendor to understand buyers' wants and needs and to translate those into products and services. Vendors that show the highest degree of vision listen to and understand buyers' wants and needs, and can shape or enhance those with their added vision. Offering (Product) Strategy: The vendor's approach to product development and delivery that emphasizes differentiation, functionality, methodology and feature sets as they map to current and future requirements. Innovation: Direct, related, complementary and synergistic layouts of resources, expertise or capital for investment, consolidation, defensive or pre-emptive purposes. The Inspiration behind our Innovation “We are extremely proud to once again be named as a Visionary in the Gartner Magic Quadrant for Network Firewalls,” says Jeremy Jia, President of Sangfor International Market. “Our Sangfor NGAF brand of next-generation firewall truly epitomizes Sangfor’s commitment to continuous innovation, with several industry-first capabilities such as the first AI-enabled and WAF-integrated NGFW. However, we believe that our recognition as a Visionary is an achievement to be shared with all the customers we have been privileged to serve. They provide us with their valuable feedback to inspire us to break new ground in our mission to safeguard their businesses, now and into the future.” Sangfor NGAF Continues to Lead in Firewall Technology Sangfor NGAF next-generation firewall is still moving forward with new innovations and product capabilities to tackle an ever-changing security threat landscape. Sangfor believes that its continued recognition in the Gartner Magic Quadrant for Network Firewalls is the result of the following strengths: AI-Powered Protection Sangfor NGAF takes network perimeter security to the next level as the world's first AI-enabled next-generation firewall. Powered by Sangfor’s proprietary Engine Zero artificially intelligent malware detection engine and Neural-X threat intelligence (TI) platform, Sangfor NGAF is proven to keep 99.7%* of threats outside the network. Engine Zero has been trained using millions of malware samples to detect unknown malware and zero-day attacks while Neural-X TI feeds constantly enrich Sangfor NGAF with the latest indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs) to detect emerging threats. Seamless Security Integration As a core component of Sangfor’s Extended Detection, Defense and Response (XDDR) architecture, NGAF integrates seamlessly with Sangfor’s entire range of security products, including Endpoint Secure, Internet Access Gateway (IAG), and Cyber Command. By using purpose-built AI models to correlate events across the network, Cyber Command detects advanced threats that manage to evade individual security controls, while Sangfor NGAF, IAG, and Endpoint Secure coordinate to contain attacks, isolate compromised hosts, and eradicate all threats from the environment. All products work in tandem to create a truly holistic system, leaving threats nowhere to hide. Web Application Firewall Integration Sangfor NGAF is the world’s first and only next-generation firewall to fully integrate an enterprise-grade Web Application Firewall (WAF), delivering network and web application protection in one appliance, providing customers with both ease of operations and strong ROI. Sangfor NG-WAF leverages Sangfor’s WISE Engine, the industry’s first WAF threat detection engine to incorporate a virtual execution system (VES) in addition to machine learning and semantic analysis, delivering more powerful and smarter detection capabilities against all web application threats while significantly reducing the number of false-positives. Simplified Security Operations With the mission to make technology simpler for all users, Sangfor has integrated the first SOC (Security Operations Center) Lite into Sangfor NGAF to make security operations and incident response simple and intuitive for operators of any experience level. Automated policy optimization enables one-click troubleshooting to identify redundant and failed parts in complex security policies. Through asset identification and association with security events, security operators can quickly and accurately locate compromised and ransomware-infected hosts and respond immediately with native response guidance. Newest Upgrades, Features, and Capabilities Sangfor NGAF models in certain regions have received hardware upgrades to provide enhanced firewall performance, adaptability, and stability as well as new capabilities to serve emerging firewall use cases. These new features include cloud deception, which deflects attacks from local systems and improves attack detection, and IoT security coverage. Sangfor also offers a fully integrated network firewall with its zero-trust network architecture (ZTNA) and Sangfor Access Secure Access Service Edge (SASE) solutions. These new features will be made more widely available to Sangfor customers throughout this year. Please refer to future product announcements for specific release dates. Network Firewall Market Insights Network firewalls form an essential part of organizations’ security infrastructure. The Magic Quadrant for Network Firewalls observes that the network firewall market is still one of the largest security markets and is driven by several factors. Here are a few observations from the report: The rise of hybrid environments is the key factor behind vendors’ introduction of multiple firewall deployment types, such as FWaaS and cloud-native. Interest in zero trust is favoring the selection of single firewall vendors that can help enterprises achieve a ZTNA, so that they do not have to use multiple vendors. There is huge interest in visibility and control of east-west segmentation policies and enhanced security operation integrations. Advanced security capabilities remain a key driving factor, as threat vectors are using more sophisticated means of attacking hybrid workforces and cloud networks. Get your complimentary copy of the Gartner Magic Quadrant for Network Firewalls by clicking here.   DOWNLOAD THE REPORT NOW   Source [1] Gartner Inc., Magic Quadrant for Network Firewalls, Rajpreet Kaur, Adam Hils, Thomas Lintemuth, December 19, 2022 Gartner Disclaimer GARTNER is a registered trademarks and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sangfor Technologies. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Use Cases

Without Sangfor IAG the office environment is comparable to an internet cafe where users and staff can freely access video, social media, and endless entertainment. IT administrators are hard-pressed to identify exactly which users are consuming excess bandwidth, preventing effective control over user browsing behavior. Sangfor IAG can identify and control non-work-related applications in the network while allowing companies to keep a close eye on their bandwidth management, whereby they allocate all available bandwidth for key business needs, and improving business efficiency and productivity. Numerous professional traffic management features allow IAG to rationally allocate bandwidth resources and maximize bandwidth usage. For organizations with multiple branches, IAG provides a unified management platform and supports 3G link backup, making network management more efficient and reliable.

Because customers have vastly different authentication procedures, each internal network requires user authentication integration with AD, Radius to achieve SSO. IAG guest authentication provides convenient access through Facebook, WeChat, SMS and offers a unified authentication solution, which manages both the wired and wireless connected users within a single IAG platform. Sangfor IAG also offers a switch based user access control capability to help control LAN user access. Finally, Sangfor IAG can be integrated with WLAN vendors like Cisco, Aruba to allow the Unified Authentication Center to drastically simplify the process of network integration and management.

To protect the user from web threats, a secure web gateway is an effective defense over web-based threats and enabling secure internet access. Sangfor IAG can work with your on-premise applications and internet traffic. With the accelerated SSL decryption performance, all HTTP and HTTPS traffic will be monitored and analyzed with IAG, which is the huge bottleneck of other solutions like NGFW or UTM. The AI-based threat intelligence platform provides web filtering services and improves the capability of identifying known and unknown threats. It also keeps users protected while ensuring they enjoy a safe and secure web experience.

As unauthorized use of networks becomes more common, many countries and regions are developing and enforcing laws governing user internet access behavior. The IAG internal application database comprehensively logs malicious user activity including file uploads, BBS posting, email, browsing history, and applications accessed. This audit solution assists in customer compliance with local legal regulations and serves as a valuable investigative resource in the event of illegal network usage incidents.

Get in Touch With Us

icon notification

Frequently Asked Question

Please perform it following:

  • Step 1. Add a new LDAP Server under the External Auth Server.
  • Step 2. Enter the details such as Server Name, IP Address of the external authentication server, the admin account username and password and select the BaseDN. After entered all the details, click the Test Validity to check whether able to connect the external authentication server or not.
  • Step 3. After tested the validity, a message will prompt out to show the result.
  • Step 4. Click the Sync with all LDAP servers to sync all the data. Now, the configuration is successfully set.

In a typical environment, SWG is used to block access to inappropriate websites or applications, prevent malware infections, and enforce corporate internet compliance. SWG is similar to a firewall in that both prevent malicious activities and provide necessary network security protections. However, the main difference is that SWG emphasizes securing user onboarding and promoting productivity. It is common for an enterprise to use both SWG and firewall to fortify their defense as both of them usually complement each other. For more info on using both IAG and NGAF, please refer to this blog webpage. https://www.sangfor.com/blog/cybersecurity/ngaf-and-iam-a-perfect-amalgamation

The main difference is Premium Bundle will have all the Essential Bundle components with the addition of Anti-malware protection (Engine Zero) and threat intelligence (Neural-X).

What is the difference between IAG Essential Bundle and Premium Bundle