Sangfor NGAF Next-Generation Firewall (NGFW) meets all firewall security needs

Sangfor’s Next-Generation Firewall eliminates 99% of malware at the perimeter

Sangfor’s Next Generation Firewall (NGFW) is a network firewall security device designed to filter and inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Sangfor NGAF is a truly secure, integrated and simplified solution, providing a holistic view of the entire organizational security network, with ease of operation & maintenance for administration.

NGAF is the world's first AI-enabled Next-Generation Firewall, fully integrated with Web Application Firewall and Endpoint Security products, providing all-around protection from all threats and powered by the malware detection and protection of Neural-X and Engine Zero.

Sangfor NGAF databased are automatically and proactively updated to keep your network and business safe from new, unknown and zero day attacks. You can install NGAF  on premise as a Network Hardware Firewall or on cloud as a Software (Virtual) Firewall. It is compatible with Sangfor HCI or VMware ESXi.

Click Here to Watch the Video
Click Here to Watch the Video

Features & Capabilities

Endpoint Secure: All-in-One Endpoint Security Management

Sangfor NGAF Network Firewall offers the world’s first native, integrated endpoint security with Endpoint Secure, providing simplified management through a firewall GUI dashboard, to help small to mid-size enterprises (10-300 employees) simplify network & endpoint security operations, with single-pane-of-glass management.

Integrated NGAF & Endpoint Secure go beyond traditional anti-virus and EDR to provide:

  • More advanced malware protection against all malicious files, known, unknown, or zero-day
  • 60% cost savings versus EDR deployment (based on 300 agents' annual price)
  • 40% faster deployment with security event correlation & response

Engine Zero: Cutting-Edge AI-Powered Malware Protection

  • Approximately 370,000 new malware variants are deployed daily. Traditional detection technology, primarily focused on MD5, virus signatures, rule matching, virtual execution, and sandboxing, are becoming increasingly ineffective at protecting enterprise from new malware and it’s ever-changing, unique signatures.
  • NGAF, in conjunction with Sangfor AI-powered Engine Zero, provides powerful and intelligent malware detection capabilities.
  • Sangfor’s R&D, Security Team, and white hat researchers designed Engine Zero to utilize machine learning technology to analyze and synthesize input data. Engine Zero’s unique, multi-dimensional features detect and classify malicious 54files, sight unseen, and allow Sangfor NGAF to deliver a 99.76% detection rate of known and unknown malware.

Simplified Security Operation & Maintenance

Sangfor believes IT should be reliable and simple, with easy deployment and O&M as the keys to an effective and productive IT environment.

Many small & medium-sized organizations using traditional hardware firewall without a specialized IT security team and intelligent & automated reporting tools and find managing network security especially complex. Searching and analyzing thousands of alerts to identify individual issues creates a high potential for human error and is a waste of time and resources.

Sangfor NGAF uses an intuitive configuration wizard to make security policy deployment and modification simple and fast. High visibility and real-time detection features provide IT teams with the ability to determine the network security status before the system even goes online, ensuring that no vulnerabilities exist in the network.

NGAF Use Cases

icon card

Internet Gateway: Advanced Threat Prevention with Visible Reporting

Sangfor NGAF Network Firewall Security has both deep content inspection and attack behavior analysis technologies, going a step beyond traditional hardware firewall appliances. Graphical reporting tools (free-of-charge) help IT professionals identify business risks, and take immediate action to mitigate damage. Sangfor NGAF also effectively detects advanced threats, with built-in network security features like Neural-X.

icon card

DMZ: One-Stop Security Solution for Web Applications

This solution protects user's public-facing applications against various types of network & application layer threats and resolves the issues of web-page tampering, Trojans and information leakage, even if defenses are bypassed. Sangfor next generation firewall goes beyond traditional Enterprise Firewall security solutions to provide more comprehensive protection against most types of web attacks and effectively secure web business applications.

icon card

Secure SD-WAN: Visual, Controllable & Manageable Distributed Enterprise Networking

Branches are no longer the weak link in the security chain with their notoriously poor security construction. Sangfor Platform-X, a cloud-based SOC (Security Operation Center) helps truly realize centralized management and automatic operation and maintenance for branches through enhanced security protection capabilities for your WAN and helping to identify branch security risks in real-time.

icon card

2nd-Tier Firewall: Enterprise Firewall Protection & Attack Prevention

Continuously evolving cyber threats drive the evolution of security devices and the creation of new security infrastructure, as threats are increasingly able to evade traditional defenses. Malicious software, having bypassed the defense perimeter, can take advantage of a flat internal network to cause serious infection, data theft, or even APT attacks. To mitigate business risk from cyber threats, Sangfor's NGFW employs an additional defensive layer to the perimeter firewall, providing total threat protection, risk mitigation capability, easy deployment and cost-effectiveness.

What People Say

image peer

Sangfor NGFW Is Nothing Less Than No.1 As IT Security Protection

IT Manager of an Automative Industry

image peer

Quick Deployment, Easy To Use, And Practical Reports, Need More About Data Details

COO of a Media and Publishing Industry

image peer

Simple Operation And Maintenance, Rich Functions

Marketing Manager of IT Industry

image peer

Human-Machine Intelligence-Data Fusion Comprehensively Guarantees Safe Operation

CIO of a Industrial Company

image peer

Product Performance Very Good

Assistant IT officer from a Federal Government

Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Toshiba Success Story

Manufacturing

Toshiba Hong Kong Limited (THL)

abenson-logo

Abenson Customer Success Story

STI Logo

Education

STI Customer Success Story

harbor centre logo

Harbour Center Port Terminal Inc Customer Success Story

Toshiba Success Story

Toshiba Hong Kong Limited (THL)

abenson-logo

Abenson Customer Success Story

STI Logo

STI Customer Success Story

harbor centre logo

Harbour Center Port Terminal Inc Customer Success Story

NGAF Firewall Product Models

Models AF-1000-B1080* AF-1000-B1120* M4500 M5100 M5150 M5200 M5250 M5300 M5400
Profile Desktop 1U Desktop 1U 1U 1U 1U 1U 1U
Firewall Throughput (1) 1.05 Gbps 1.75 Gbps 2 Gbps 2.8 Gbps 3.5 Gbps 4.9 Gbps 5.5 Gbps 12 Gbps 20 Gbps
IPS + WAF Throughput N/A 700 Mbps 1.2 Gbps 1.4 Gbps 1.4 Gbps 2.1 Gbps 2.1 Gbps 3.85 Gbps 5.6 Gbps
Threat Protection Throughput (3) 600 Mbps 800 Mbps 1 Gbps 1.8 Gbps 1.8 Gbps 2.1 Gbps 2.1 Gbps 4.2 Gbps 5.6 Gbps
NGFW Throughput (2) 800 Mbps 1 Gbps 1.4 Gbps 2.5Gbps 2.5 Gbps 2.8 Gbps 2.8 Gbps 5 Gbps 8.4 Gbps
IPsec VPN Throughput 100 Mbps 100 Mbps 250 Mbps 250 Mbps 250 Mbps 375 Mbps 375 Mbps 1 Gbps 1.25 Gbps
Max IPsec VPN Tunnels 100 100 300 300 300 500 500 1000 1500
Concurrent Connections (TCP) 800,000 800,000 250,000 750,000 1,000,000 1,200,000 1,800,000 2,000,000 2,500,000
New Connections (TCP) 15,000 18,000 10,000 20,000 25,000 30,000 50,000 80,000 110,000
Power and Hardware Specifications
Support Dual Power Supplies N/A N/A N/A N/A N/A N/A N/A Customizable Customizable
Power [Watt] Max 60W 40W 60W 60W 40W 40W 40W 60W 150W
Model Datasheets
Click to Download N/A N/A pdf file pdf file pdf file pdf file pdf file pdf file pdf file
  1. 1518 Bytes UDP Packets.
  2. NGFW is measured with Firewall, Bandwidth Management, IPS, Application Control.
  3. Threat prevention is measured with Firewall, Bandwidth Management IPS, Application Control, Anti Virus.

 

Models M5500 M5600 M5800 M5900 M6000 AF-2000-B3100* AF-2000-B3200* AF-2000-B3300*
Profile 2U 2U 2U 2U 2U 2U 2U 2U
Firewall Throughput (1) 25 Gbps 50 Gbps 67 Gbps 105 Gbps 140 Gbps 140 Gbps 180 Gbps 240 Gbps
IPS + WAF Throughput 8.4 Gbps 14 Gbps 21 Gbps 42 Gbps 56 Gbps 63 Gbps 84 Gbps 126 Gbps
Threat Protection Throughput (3) 9.1 Gbps 18 Gbps 26.5 Gbps 50.4 Gbps 67.2 Gbps 79.4 Gbps 91.2 Gbps 105 Gbps
NGFW Throughput (2) 12.6 Gbps 23 Gbps 31 Gbps 56 Gbps 84 Gbps 90 Gbps 120 Gbps 140 Gbps
IPsec VPN Throughput 2 Gbps 3 Gbps 3.75 Gbps 5 Gbps 5 Gbps 7 Gbps 10 Gbps 15 Gbps
Max IPsec VPN Tunnels 3,000 4,000 5,000 10,000 10,000 15,000 20,000 30,000
Concurrent Connections (TCP) 3,000,000 4,000,000 8,000,000 12,000,000 16,000,000 20,000,000 32,000,000 35,000,000
New Connections (TCP) 220,000 300,000 330,000 450,000 600,000 650,000 800,000 900,000
Power and Hardware Specifications
Support Dual Power Supplies Yes Yes Yes Yes Yes Yes Yes Yes
Power [Watt] Max 150W 150W 150W 760W 760W 860W 860W 860W
Model Datasheets
Click to Download pdf file pdf file pdf file pdf file pdf file N/A N/A N/A
  1. 1518 Bytes UDP Packets.
  2. NGFW is measured with Firewall, Bandwidth Management, IPS, Application Control.
  3. Threat prevention is measured with Firewall, Bandwidth Management IPS, Application Control, Anti Virus.

Videos

Saint Louis University (SLU) Advancing Through Digital Transformation

video-image
Saint Louis University (SLU) Advancing Through Digital Transformation
video-image
Guy Rosefelt Interview with Cyber Defense Magazine 2022
video-image
Sangfor NGAF Animation Video
video-image
Testimonial NGAF Ministry of Industry - With En Subtitle
video-image
Testimonial IAM Universitas Gadjah Mada

Latest Blog

latsest webinars img
Cyber Security

Parrot TDS Infects Thousands of Websites for Targeted Malware Distribution

Threat Overview Last month, Avast Threat Labs reported on the newly discovered Parrot Traffic Direction System (TDS), which was found to have compromised tens of thousands of websites. As the name suggests, traffic direction systems are leveraged as Internet landing pages by cybercriminals to filter users according to various criteria to determine whether they are desired targets for malware distribution. As of March 2022, Parrot TDS, using malicious JavaScript code, infected more than 16,500 websites, including personal, university, adult, and local government sites. The infected web servers share one particular commonality in that many hosted poorly secured content management systems (CMS), primarily WordPress, with weak login credentials. It is suspected that attackers picked their targets based on their level of security as opposed to other factors. Unlike previous malicious DTS such as Prometheus, Parrot has much greater reach. Based on analysis and investigation conducted by Avast, Parrot TDS is believed to have been in operation since October 2021, with heightened levels of activity observed in February and March 2022. Targeted users are spread across the world; the Avast report reveals most targeted users were in Brazil, India, the U.S, Singapore, Indonesia, Thailand, the Philippines, Argentina, Mexico, France, Pakistan, and Russia. Chain of Infection Websites infected with Parrot DTS are manipulated by FakeUpdate (also known as SocGholish) to initiate a drive-by-download attack. The JavaScript code displays a fraudulent yet authentic-looking software update page, such as that of Google Chrome, to trick users into clicking the malicious link. Once clicked, Parrot DTS, via a malicious PHP script compiled into the compromised web server, filters users based on various criteria, such as IP address, user agreement, referrer, and cookies. The requests of users who are deemed to be of interest are then forwarded to the command and control (C2) server under the adversary’s control. What is more, the malicious PHP script allows attackers to perform arbitrary code execution on the compromised server creating a backdoor for more convenient access. Example of fake software update page The C2 server responds by first, loading JavaScript code onto the victim’s machine which further capture information about the logged-on user and client, including the name of the PC, username, domain name, installed antivirus and antispyware products, MAC address, list of processes, etc. Next, the C2 delivers the final payload, a NetSupport Client remote access tool (RAT) that gives the attacker full access to the client machine for further exploitation.  The RAT is commonly downloaded to the "AppData\Roaming" folder and masquerades as ctfmon.exe, the same name as a common, legitimate Microsoft process, and thus could easily go unnoticed. The RAT runs automatically after the client machine is switched on, and with chat functions disabled and the silent option turned on, it can operate stealthily in the background and be difficult to detect. NetSupport RAT disguised as ctfmon.exe Remediations Indicators of Compromise (IoC) & Sangfor Protection Avast Threat Labs provides in its report a list of IoCs for Parrot TDS, FakeUpdate, and NetSupport RAT. Sangfor NGAF (Next-Generation Firewall) and Endpoint Secure (endpoint protection) using threat intelligence from Sangfor Neural-X are proven to detect, alert, and kill the malicious activity in each step of the attack kill chain, keeping users safe from intrusion. The following are examples of Sangfor Neural-X’s detection of key Parrot TDS IoCs (Screenshots taken from Sangfor Neural-X Threat Intelligence Platform). Sangfor Neural-X detects SHA256 of Parrot TDS (direct version JavaScript) Sangfor Neural-X detects SHA256 of FakeUpdate JavaScript Sangfor Neural-X detects SHA256 of NetSupport RAT Other Workarounds Sangfor suggests the following recommendations for developers to prevent servers from being compromised. Scan all files on the web server with antivirus. Sangfor recommends using Endpoint Secure for the least amount of impact to a system when scanning. Use the latest CMS version. Use the latest versions of installed plugins. Inspect all JavaScript and PHP files on the web server and replace with original ones if any appear to have been tampered with. Check for automatically running tasks on the web server (for example, cron jobs). Check and set up secure credentials. Make sure to always use unique credentials for every service. Check the administrator accounts on the server. Make sure each of them belongs to you and have strong passwords. When applicable, set up 2FA for all the web server admin accounts. Use some of the available security plugins (WordPress, Joomla). About Sangfor Technologies Sangfor Technologies is an APAC-based, global leading vendor of Cyber Security, Cloud Computing, and Network Infrastructure solutions. To find out more about Sangfor’s full range of offerings, please visit us at www.sangfor.com, and let Sangfor make your digital transformation simpler and secure.


Cyber Security

What Is A DDOS Attack | How Does It Work | Sangfor Glossary

Distributed Denial of Service (DDoS) Attack A DDoS attack is not like other cyber attacks; it does not infect computers with malware or steal information. A DDoS attack makes a computer or network service unavailable by overloading it with a tidal wave of traffic that is too much to handle. A DDoS attack can be launched by almost anyone, even by people with low tech skills or by renting huge botnet armies through DDoS-as-a-Service (DaaS) for as little as $50 USD.  Because of this, businesses and organizations need to have a thorough understanding of how common but dangerous cyber attacks happen, as well as how to protect themselves against them. You can read more about the most common cyber attacks here, but for now let’s start with DDoS attacks:  What is a Distributed Denial of Service (DDoS) attack, and how does it work? A distributed denial of service attack, also known as a DDoS attack, is a cyber attack where the cybercriminal floods a server or network with so much traffic that it cannot properly handle all the requests. This results in unusably slow response or loading times for legitimate users or, in worse case scenarios, complete bringing down the server.  DDoS attacks vary in terms of scale. Smaller attacks launch traffic less than 5Gbps, while large attacks can send hundreds of Gbps. However, when considering the scale of the attack, it must be compared relative to the size of the server being targeted. Many websites of smaller or medium-sized businesses do not need heavy traffic loads to completely overrun them, while larger websites will require significantly more traffic. Often, many businesses will be the targeted of multiple DDoS attacks in succession originating from the same cybercriminal over periods of time.  What is the difference between a DDoS attack and a DoS attack? Denial of Service, or DoS, attacks. are when only one computer sends out enormous amounts of malicious traffic to attack a server. A distributed attack leverages hundreds, thousands or even millions of computers around the world to send traffic on a much larger scale - even without the knowledge of the owners of those computers. Think of it as one cannon firing verses one hundred cannons firing at the same time. What are the motivations behind DDoS attacks? DDoS attacks are launched for a wide variety of reasons, all malicious in intent. Motivations behind a DDoS attack may be: Political: If, for example, an individual or group wanted to somehow change the political scene to an opponent's detriment or their favored groups' benefit, they may resort to DDoS attacks.  Hacktivism:  Hacktivism is a form of protest done to make a statement. It is a merger of the words “hacking” and “activism.”  Emotional drivers:  Many DDoS attacks are motivated from an emotional standpoint and acted out of revenge, boredom, or hatred. Religious: Some DDoS attacks are religiously motivated. Terrorism: Some DDoS attacks, especially those against governmental organizations, are considered acts of terrorism.  Financial: Making ecommerce servers unavailable prevents a business from making money which could put them out of business. Cybercriminals may also demand a ransom be paid to stop the attacks. And many other reasons… The most concerning thing about DDoS attacks is that such a wide range of motivations mean almost any business or organization can be the target of a DDoS attack.  Who DOES get targeted by DDoS attacks? As mentioned, any business or organization, large or small, may become a victim of a DDoS attack. However, certain industries are at significantly higher risk than others. Notably, the gaming and gambling industries are targeted significantly more than business and finance sites. These industries are extremely popular, have high-value content, and are extremely reliant on low latency responses for their users. DDoS attacks, even if not strong enough to completely bring down the server, will cause havoc for online games and gambling services where even a few seconds of latency (or delay) can severely damage the usability of the game or site, and thus the reputation of the host. Many of the attacks in these industries are also born from emotional sources like anger leading to revenge and protest against a game developer.  How does a DDoS attack work?  DDoS attacks can be broken down into three major phases: Phase #1: Finding computers to become botnets The first stage of any DDoS attack is creating the botnet. A botnet is a collection of computers that will execute the DDoS attack and bring down or hamper the victim server. To do this, hackers will use malware to scan the internet for computers or IoT devices and infect them to gain control. Using a botnet has another benefit for the hacker: by distributing the attack out to other machines, it helps hide their own IP and identity.  Phase #2: Loading the infected computers with commands ready to carry out the attack The second phase of a DDoS attack is loading these botnet computers with the commands necessary to execute the attack. All the individual machines infected are commonly referred to as zombie computers, agents, bots, or simply victim computers. These zombie computers are legitimate devices used by people who are simply unaware that their device is being leveraged by an attacker for a DDoS attack. Phase #3: Using the botnet to execute the attack In the last phase, the hacker executes the command across the botnet telling all the zombie computers to send traffic requests to the target website. The botnet sends abnormally high amounts of traffic which crash or severely slow down the victim server.  The hacker may also hide or use fake IP addresses, making it far more difficult for the targeted website to find and block the source of the attacks and get their website back up and running. On top of this, since the malicious traffic is coming from legitimate sources, it becomes extremely difficult for the website host to differentiate and block the attacking traffic from legitimate requests.  Different types of DDoS attacks There are several types of DDoS attacks. When a victim is finally able to defend against an DDoS attack, the hacker may try an alternate method of DDoS attack using the same botnet. Different DDoS attacks target different levels of the OSI model of the victim’s network. Some of the most common DDoS attacks include:  Application layer attacks:  These are at the very top of the OSI model, where visitors interact with the website itself. One example would be HTTP flooding. HTTP flooding is sending so many HTTP requests that they completely overwhelm the server. Imagine the entire botnet trying to load the website all at once - the server simply cannot handle such a load. Unlike the other attack types discussed, application layer attacks have significantly less volume because of the TCP connection handshake required to create a connection. Protocol attacks:  Unlike application layer attacks, protocol attacks target weaknesses in the network and transport layers of the OSI model – layers 3 and 4 respectively. Protocol attacks, such as SYN floods allow the hacker to establish a huge quantity of connections with the server. This is done continually without finishing the previous connections, rendering the server overwhelmed and unable to accept any new connection requests.  Volumetric attacks:  Volumetric attacks send continuous tidal waves of traffic. One type of volumetric attack is DNS amplifications. This attack sends huge amounts of small DNS requests spoofed to come from the victim server whereupon the DNS servers flood the target with huge amounts of DNS response traffic, amplifying the request traffic by 100 fold for example.  Multi-vector attacks:  Some DDoS attacks will target the victim server using more than one method at once. These attacks are difficult to stop as it takes longer to determine where the source of traffic is, and the protocols used.  How can businesses protect themselves from distributed denial of service (DDoS) attacks? To protect themselves and their servers from DDoS attacks, businesses need to look for security solutions from a reputable cyber security vendor like Sangfor. This is because of the nature of DDoS attacks; by targeting different weaknesses, no single solution can completely protect against DDoS attacks. At Sangfor, we offer businesses the capability to withstand and defend against DDoS attacks with minimal disruption to service. Some of the solutions that protect against DDoS attacks include:  Blackhole routing: This direct all site traffic to a fake IP address in the event of a DDoS attack. While it will help protect the server from a period of down-time, legitimate traffic will still be guided into this “blackhole” and not be able to access the site.  Rate limiting: A security device is used to control the amount of web requests or network traffic allowed through negating a DDoS attack. However, this will limit the amount of legitimate users trying to access it.  A Next-generation firewall:  A next-generation firewall like Sangfor NGAF is instrumental in detecting and defending against DDoS attacks. It offers both inbound and outbound (in the event your systems are part of a botnet) attack protection. You can learn more about how Sangfor NGAF protects against DDoS attacks by watching this video.  Botnet detection:  Sangfor Botnet Detection helps you scan for botnets in your network through deep learning, visual display of traffic, and flow analysis. Using this advanced technology to detect botnets, Sangfor can help its customers defend against DDoS attacks.  Learn more with Sangfor To learn more about distributed denial of service (DDoS) attacks and how to protect your business or organization from them, don’t hesitate to get in touch with a specialist from Sangfor. 


Cyber Security

What Is DLP (Data Loss Prevention) | Sangfor Glossary

Data Loss Prevention Data loss prevention is a mandatory component of any successful business today. As more business processes transition into cloud-based solutions, the amount of sensitive business data in stored or transmitted digitally has skyrocketed. Any businesses that manage client-sensitive information, must ensure keeping data secure is of utmost importance else losing any will impact not only reputation, but financially as well. Just one major leak is enough to severely damage the way customers perceive your brand, and the cost associated with these damages can be heavy.  Fortunately, there are a wide range of data loss prevention strategies and solutions that your business or brand can implement to keep your data safe in the digital realm. Let’s take a deeper look into what data loss prevention (DLP) is, how it works, and what benefits it brings. What is data loss prevention (DLP)? Data loss prevention is a solution that keeps important or sensitive business data secure. DLP prevents both data loss and data leakage, two similar terms but different in that data loss of sensitive information results from a breach related to cyber attacks or system errors, while data leakage results from vulnerabilities in your systems being exploited that reveal data to unauthorized parties.  Data leaks and losses are common due to poor protections. DLP ensures that no sensitive data is transferred inside or outside the network without the proper authorization. The three areas where data leaks or losses occur are endpoints (including all network-connected devices like laptops, computers, phones, and IoT), networks, and the cloud. DLP solutions will monitor data exchange points such as email, messaging platforms, file transfers, and more, detecting any unauthorized flow of sensitive data to ensure none is sent illicitly. DLP solutions are also extremely important for businesses that need to comply with regional and global regulations regarding customer privacy. DLP solutions ensure that the business holds its own and its customers' sensitive data securely across all on-premise and cloud-based systems and alert if data is accessed inappropriately. How does DLP work? Data loss prevention solutions monitor data exchanges on networks, data streams, endpoints, in the cloud, emails, printing, and every other channel by which data can be transferred. DLP solutions actively monitor data in three different states: #1: Data at rest Data at rest is data that is not being processed or transferred at that point in time. This data, despite not being involved in any processes, is still vulnerable to unauthorized access or data breaches from cyber attacks. DLP solutions are programmed to monitor this data, manage who and when they can access it, encrypt it if necessary, and other protective measures to ensure that it is not leaked or lost.  #2: Data being processed Many data leaks or data loss incidents occur as data is being processed or in use by a user or application. By actively controlling and monitoring the process and who is accessing it, DLP solutions ensure that sensitive information is kept secure.  #3: Data in transit Another common vector for data leaks is when data is being transferred over networks. Properly encrypting data ensures that even if the data is intercepted travelling across networks, it is unusable without the proper decryption keys.  Given that there are so many ways information can be stored, processed, and transferred, different data loss prevention solutions may be needed depending on which state the data is in. However, all DLP solutions follow these three basic principles:  Step #1: Identifying and classifying all sensitive or important data All DLP solutions start here. It is the most fundamental building block of any solution as without knowing which pieces of data are sensitive, where they reside, who they were created by, who can access them, etc., DLP solutions would not be able to defend against malicious or accidental breaches and leaks.  Step #2: Monitoring the data to detect potential leaks or losses Next, data loss prevention solutions will monitor the data and ensure that only authorized personnel are accessing it, and that it is only transferred over approved networks or processed by approved endpoints and applications. DLP solutions monitor data using content-aware filters, whereby certain words or datasets are flagged when suspicious or risky activities are initiated.  Step #3: Responding to security violations in real-time Should an access violation be found during step #2, the DLP solution will respond in real-time to prevent any potential damages. Response can range from encrypting the data, halting the processes, alerting system administrators or operators, etc.  What are some data loss prevention solutions you should look into? Again, there is no data loss prevention solution that can cover all aspects of your business’ or organization’s digital data landscape. The good news is that many data loss prevention solutions are not complex. Some may already be implemented in your security systems against other threats. Think of antivirus software, firewalls, and other cyber security solutions that protect your networks and endpoints from a huge array of cyber attacks. All of these solutions protect your business from attacks and therefore data breaches and leaks.  DLP solutions will protect one of three areas: #1: Networks Network-based DLP solutions like Sangfor Secure Internet Access (SIA) are deployed at the perimeter of your business networks. SIA will scan for any sensitive data that are sent through a variety of communication channels and web applications. #2: Storage Other data loss prevention solutions focus on the storage component of your data. Whether it is stored on-premise or in the cloud, these solutions ensure that your data is kept in a secure location and possibly encrypt it without the threat of leaks or vulnerabilities to attacks.  #3: Endpoints Endpoints are one of the most common sources of data leaks when it comes to file transfers, downloads, printing, etc. An endpoint DLP solution will monitor these actions and alert when potentially suspicious activity is detected.  What threats does data loss prevention protect you from? There are several benefits to having a strong data loss prevention solution in place. We’ve talked plenty about how they work, so let’s take a closer look at what exactly they are protecting you from.  #1: Insider threats Nobody likes to think that someone from within their own business or organization will be the cause of a data leak or attack, but it happens, so it is vital to be protected from disgruntled or compromised employees. Worse, malicious insiders have a greater chance of successfully launching cyber attacks that exploit internal weaknesses to gain access to data they would otherwise not have access to.  #2: External threats Cyber attacks are ever increasing around the world, and almost all attacks target data. External attackers are using advanced persistent threats (APTs) such as ransomware to gain entry into organizations and access data. Ransomware groups have been known to release private data to ensure ransoms are paid. #3: Accidental leaks Sometimes, data leaks are entirely accidental and not malicious in nature. Many accidental leaks stem from users within your network not being properly educated on data privacy techniques or from negligence. DLP solutions can detect, notify, and stop costly accidental leaks.  Who can benefit from data loss prevention? All businesses - small, medium, and large enterprises alike - will benefit from data loss prevention solutions. No matter the size of your business, protecting customer data should always be a top priority. More importantly, businesses that must comply with data privacy or security regulations will hugely benefit from DLP solutions. In many cases, they are necessary to pass regulatory audits and to not incur hefty fines. Furthermore, DLP solutions are not only essential for protecting intellectual property (IP), but they also provide significant visibility into the access of IP data - imperative for seeing if data within your organization is being moved or accessed without authorization.  Learn more about DLP with Sangfor Data loss prevention (DLP) is a crucial part of any successful business. If you want to see how you can improve your data’s security or simply want to learn more about data loss prevention (DLP), don’t hesitate to get in touch with a specialist from Sangfor.


Latest News

latest news img
News

Sangfor Next-Generation Firewall (NGAF) Customers Speak through Gartner® Peer Insights™

Looking for a peer reviewed Next-Generation Firewall (NGAF)?  Check out 2022 Gartner® Peer Insights™ ‘Voice of the Customer’: Network Firewalls report.   Sangfor Technologies has been listed in Gartner® Peer Insights™ ‘Voice of the Customer’: Network Firewalls report for the second consecutive year, for its cutting-edge next-generation firewall Sangfor NGAF with an Overall Rating of 4.8 out of 5 as of February 2022. Sangfor Technologies was recognized as a ‘Strong Performer’, and received the following ratings in four categories: Product Capabilities [4.8/5] Sales Experience [4.8/5] Deployment Experience [4.8/5]  Support Experience [4.9/5] According to the report, 93% of reviewers would recommend Sangfor NGAF.  At Sangfor, we are always striving to enhance our products and services and we believe our innovation and dedication has really shown through in the latest Gartner report, and further reflected on Gartner Peer Insights based on NGAF reviews from the past 12 months (as of May 12, 2022).    Screenshots from Gartner Peer Insights comparing Sangfor NGAF all time ratings and ratings from the past 12 months (as of May 12, 2022) Customers from various industries and of varying sizes (SMB to large enterprises) have kindly shared their thoughts and experiences with Sangfor NGAF. Let’s dig a little deeper to find out what they have had to say. In one review from February 18, 2022, the IT Assistant Officer of a Malaysian government organization which deployed Sangfor NGAF On-Premise wrote: Screenshot from Gartner Peer Insights In another review from February 27, 2022, the Deputy General Manager/Chief Supply Chain Officer of a manufacturing firm in Thailand noted that:  Screenshot from Gartner Peer Insights For plenty more detailed reviews on Sangfor NGAF, visit Gartner Peer Insights by clicking here. Sangfor would like to express its sincere gratitude to all customers and partners for their continued support. Your positive experiences and success stories are the driving forces behind our continuous innovation and strive for excellence.   Sangfor is committed to bringing users old and new the industry’s leading products and services to make your digital transformation simpler and secure. Source: Gartner Peer Insights ‘Voice of the Customer’: Network Firewalls, Peer Contributors, Published on 29 April, 2022 Disclaimer: GARTNER  is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. About Sangfor NGAF Listed in the Gartner Magic Quadrant for Network Firewalls as Visionary, Sangfor NGAF is the world's first AI-enabled, WAF-integrated next-generation firewall (NGFW) designed with robust malware detection and response capabilities to secure the network from malicious intrusion and unknown zero-day attacks, eliminating over 99% of threats at the perimeter.   Powered by Sangfor Neural-X and Engine Zero, and fully correlated with Sangfor Endpoint Secure (EDR) and Cyber Command (NDR), NGAF filters and inspects all network and application traffic for threats to provide a holistic view of the entire organizational security network. NGAF can be installed on-premise as a network hardware firewall or on cloud as a software (virtual) firewall, compatible with Sangfor HCI or VMware ESXi.  To find out more about Sangfor NGAF, including product advantages, success stories, and videos, please visit us at https://www.sangfor.com/cybersecurity/products/ngaf-next-generation-firewall. About Sangfor Sangfor Technologies is an APAC-based, global leading vendor specializing in Cyber Security, Cloud Computing, and IT infrastructure. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make your Digital Transformation simpler and secure.


Press Release

Sangfor Technologies included in Web Application Firewalls, Q2 2022 Report

Sangfor Technologies was listed by Forrester, the leading research and advisory firm, in the recently released "Now Tech: Web Application Firewalls, Q2 2022" report, in which Forrester offers insights into the web application firewall (WAF) market plus an overview of 28 web application firewall providers. Key Insights of the Forrester: Now Tech Report WAFs have gained renewed attention as a result of the Log4Shell vulnerability, with 77% of security decision-makers deploying WAF as an application security tool, a figure expected to increase by a further 11% in the next 12 months. WAFs are useful for defending against known malicious attack patterns but additional protections are needed against more complex attacks, such as bot and API attacks. WAFs should thus be the start but not the end of application security.  Sangfor NGAF Segmentation in Forrester Now Tech Report Functionality Sangfor falls into the network-performance-adjacent WAF functionality segment.  Sangfor delivers WAF capability through the world’s first WAF-Integrated next-generation firewall Sangfor NGAF. NGAF can be deployed on-prem or on the cloud to secure web applications at the data center or the network edge. Our NGWAF Engine leverages machine learning and semantic analysis for more intelligent and comprehensive web application protection compared to signature-based protection against known attack patterns. Built-in botnet control acts as an additional layer of security against stealthy automated traffic of botnet attacks and detects botnet and backdoor leftovers on application servers. Logging and reporting functions further provides security administrators with full visibility and validation of attacks.  Vertical Market Focus According to the Forrester report, Sangfor’s WAF vertical market focus is in the enterprise, government, and education sectors, with China Unicom (big 3 Chinese mobile carrier), Guangzhou Municipal Bureau of Finance, and J&T Express (multinational Indonesian logistics company) listed as customers. Our WAF-integrated NGAF serves a wide range of customers, from aspiring SMBs to established enterprises across various industries as well as government organizations. Forrester has fact-checked their report with vendors before publishing.  To read the Forrester report in its entirety, please visit: Now Tech: Web Application Firewalls, Q2 2022 (NB: Report is only available to Forrester subscribers or for purchase) To learn more about our industry-leading WAF-integrated next-gen firewall Sangfor NGAF, including product advantages, features, success stories, videos and more, please visit: Sangfor NGAF - Next Generation Firewall (NGFW) Source: Now Tech: Web Application Firewalls, Q2 2022, Published May 2, 2022 By Sandy Carielli with Amy DeMartine, Isabelle Raposo About Sangfor Technologies Sangfor Technologies is an APAC-based, global leading vendor of Cyber Security, Cloud Computing, and Network Infrastructure solutions. To find out more about Sangfor’s full range of offerings, please visit us at www.sangfor.com, and let Sangfor make your digital transformation simpler and secure.


News

Sangfor Invited by the Macau CDSS to Share Research on Apache Log4j2

Sangfor Invited by the Cyber and Data Security Society Macau CDSS to Share Its Latest Research on Apache Log4j2 Recently, the Macau Cybersecurity Incident Alert and Response Centre (CARIC) announced the remote code execution vulnerability in the Apache Log4j2 to inform various government departments and public institutions that the situation is urgent. Feng Jinsong, the vice-chairman of the Macau Cyber and Data Security Society (CDSS), said that in recent years, the number of attacks on local enterprises has been increasing, attacking not only operating systems but also Internet of Things (IoT) devices. Network attacks occur frequently, and many user data are stolen by hackers, or even published or sold online. The increasingly severe network security threats and offensives show that ensuring network security is more than important to enterprise operations. Mr. Feng said that due to the recursive parsing function of Apache Log4j2, attackers can use this vulnerability to construct malicious data for remote code execution attacks without authorization, and finally obtain the highest permission on the server. To help enterprises better understand and deal with Apache Log4j2, the scientific research and social concern group of CDSS held a seminar and invited Sangfor security expert, Edmond Ho, to share its analysis & research on this vulnerability. The Sangfor security team detected a remote code execution vulnerability in the Apache Log4j2 component and successfully reproduced the vulnerability. According to the interception data of Sangfor Neural-X, there are more than 3,000 attacks exploiting vulnerabilities in just one hour, and the number of attacks is growing very fast. Industries including education, government, and manufacturing are the most vulnerable to this exploit attack. Without effective maintenance, there will be a huge impact on businesses and the public. Sangfor, as the technical support unit of Macau Cyber and Data Security Society, will continuously help government customers to deal with the vulnerability with Sangfor Emergency Incident Response and mitigation methods. Assent management is critical to identify and categorize the business risk of potential target servers. Sangfor Endpoint Secure can assist users who have a great number of host, system, and application assets that need categorization. Users can quickly sort host assets (operating system, middleware, application software) using the Endpoint Secure Asset Management capabilities without requiring updates to software versions. Endpoint Secure can quickly locate and identify high-risk versions of Apache Log4j2, evaluate high-risk middleware and applications, and assess the population of affected servers. Sangfor Cyber Command network detection and response (NDR) platform update vulnerability threat detection models using Neural-X data as soon as a vulnerability is discovered and reported. Cyber Command can accurately locate any affected assets and evaluate their repair priority, quickly converge on the exposed attack surface, and directly trace back the exploits that have occurred. Sangfor also provides Incident Response and Assessment services to help organizations build full visibility of their entire network and quickly determine the risk of attack or if now suffering attacks exploiting the Apache Log4j2 vulnerability. About Macau Cyber and Data Security Society Macau Cyber and Data Security Society (CDSS) is a non-profit organization that has always been concerned about the cyber security of business enterprises and continues to hold relevant seminars to continuously improve the understanding of local enterprises in related fields and help enterprises adapt to their information technology systems, correspondingly enhance network security and make business smooth. About Sangfor Technologies Inc. Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure and security solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor's Security solutions and how Sangfor makes each user’s digital transformation easier and more secure. Source: https://www.exmoo.com/article/191495.html


Subscribe To Our Newsletter

By clicking on the Submit button, you have read and consent to our privacy policy

icon notification

Frequently Asked Question

Next-generation firewalls (NGFWs) are a newer and more sophisticated type of firewall technology classified as deep-packet inspection firewalls. As well as port and protocol inspections, an NGFW has the ability to inspect on the application level. In doing so, it can actively work to filter and prevent intrusions, incorporate other cyber security technologies, and form a single, holistic cyber security solution for businesses.

 

Sangfor NGAF is the world’s first AI-powered NGFW solution. It incorporates other Sangfor solutions such as NGWAF and Endpoint Secure and is powered by Engine Zero and the Neural-X platform. The major benefit of using a NGFW solution comes from the combination of heightened security and simplified operation and management processes.

Next-generation firewalls like Sangfor NGAF are fully integrated solutions that offer comprehensive protection and a birds-eye view of your organization’s network. They can incorporate other security solutions and platforms to offer more efficient, simplified, and AI-powered protection.

 

Advantages of an NGFW solution include:

 

Being able to adapt to and protect against newer, more advanced, and malicious malware strains on the application level. Simplified operation and maintenance even for organizations without a dedicated IT team. Complete visibility over your network security and a granular approach to traffic and potential threats. Real-time detection and rapid response of threats, as well as learning to prevent similar attacks in the future.

Traditional firewalls are a network security system that have been around for years and are commonplace throughout all businesses and personal computers. They function on the basic principle of filtering and inspecting both incoming and outgoing traffic for anomalies or traits that might signify a security threat based on a set of pre-coded rules.

 

Next-generation firewalls differ in that they are a more advanced evolution of traditional firewall security systems. As well as completing the fundamental filtering process, next-generation firewalls operate on a more granular application level and can further incorporate additional solutions for an all-in-one security plan.