Sangfor NGAF Next-Generation Firewall (NGFW) meets all firewall security needs

Sangfor’s Next-Generation Firewall eliminates 99% of malware at the perimeter

Sangfor’s Next Generation Firewall (NGFW) is a network firewall security device designed to filter and inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Sangfor NGAF is a truly secure, integrated and simplified solution, providing a holistic view of the entire organizational security network, with ease of operation & maintenance for administration.

NGAF is the world's first AI-enabled Next-Generation Firewall, fully integrated with Web Application Firewall and Endpoint Security products, providing all-around protection from all threats and powered by the malware detection and protection of Neural-X and Engine Zero.

Sangfor NGAF databased are automatically and proactively updated to keep your network and business safe from new, unknown and zero day attacks. You can install NGAF  on premise as a Network Hardware Firewall or on cloud as a Software (Virtual) Firewall. It is compatible with Sangfor HCI or VMware ESXi.

Click Here to Watch the Video
Click Here to Watch the Video

Features & Capabilities

Endpoint Secure: All-in-One Endpoint Security Management

Sangfor NGAF Network Firewall offers the world’s first native, integrated endpoint security with Endpoint Secure, providing simplified management through a firewall GUI dashboard, to help small to mid-size enterprises (10-300 employees) simplify network & endpoint security operations, with single-pane-of-glass management.

Integrated NGAF & Endpoint Secure go beyond traditional anti-virus and EDR to provide:

  • More advanced malware protection against all malicious files, known, unknown, or zero-day
  • 60% cost savings versus EDR deployment (based on 300 agents' annual price)
  • 40% faster deployment with security event correlation & response

Engine Zero: Cutting-Edge AI-Powered Malware Protection

  • Approximately 370,000 new malware variants are deployed daily. Traditional detection technology, primarily focused on MD5, virus signatures, rule matching, virtual execution, and sandboxing, are becoming increasingly ineffective at protecting enterprise from new malware and it’s ever-changing, unique signatures.
  • NGAF, in conjunction with Sangfor AI-powered Engine Zero, provides powerful and intelligent malware detection capabilities.
  • Sangfor’s R&D, Security Team, and white hat researchers designed Engine Zero to utilize machine learning technology to analyze and synthesize input data. Engine Zero’s unique, multi-dimensional features detect and classify malicious 54files, sight unseen, and allow Sangfor NGAF to deliver a 99.76% detection rate of known and unknown malware.

Simplified Security Operation & Maintenance

Sangfor believes IT should be reliable and simple, with easy deployment and O&M as the keys to an effective and productive IT environment.

Many small & medium-sized organizations using traditional hardware firewall without a specialized IT security team and intelligent & automated reporting tools and find managing network security especially complex. Searching and analyzing thousands of alerts to identify individual issues creates a high potential for human error and is a waste of time and resources.

Sangfor NGAF uses an intuitive configuration wizard to make security policy deployment and modification simple and fast. High visibility and real-time detection features provide IT teams with the ability to determine the network security status before the system even goes online, ensuring that no vulnerabilities exist in the network.

NGAF Use Cases

icon card

Internet Gateway: Advanced Threat Prevention with Visible Reporting

Sangfor NGAF Network Firewall Security has both deep content inspection and attack behavior analysis technologies, going a step beyond traditional hardware firewall appliances. Graphical reporting tools (free-of-charge) help IT professionals identify business risks, and take immediate action to mitigate damage. Sangfor NGAF also effectively detects advanced threats, with built-in network security features like Neural-X.

icon card

DMZ: One-Stop Security Solution for Web Applications

This solution protects user's public-facing applications against various types of network & application layer threats and resolves the issues of web-page tampering, Trojans and information leakage, even if defenses are bypassed. Sangfor next generation firewall goes beyond traditional Enterprise Firewall security solutions to provide more comprehensive protection against most types of web attacks and effectively secure web business applications.

icon card

Secure SD-WAN: Visual, Controllable & Manageable Distributed Enterprise Networking

Branches are no longer the weak link in the security chain with their notoriously poor security construction. Sangfor Platform-X, a cloud-based SOC (Security Operation Center) helps truly realize centralized management and automatic operation and maintenance for branches through enhanced security protection capabilities for your WAN and helping to identify branch security risks in real-time.

icon card

2nd-Tier Firewall: Enterprise Firewall Protection & Attack Prevention

Continuously evolving cyber threats drive the evolution of security devices and the creation of new security infrastructure, as threats are increasingly able to evade traditional defenses. Malicious software, having bypassed the defense perimeter, can take advantage of a flat internal network to cause serious infection, data theft, or even APT attacks. To mitigate business risk from cyber threats, Sangfor's NGFW employs an additional defensive layer to the perimeter firewall, providing total threat protection, risk mitigation capability, easy deployment and cost-effectiveness.

What People Say

image peer

Sangfor NGFW Is Nothing Less Than No.1 As IT Security Protection

IT Manager of an Automative Industry

image peer

Quick Deployment, Easy To Use, And Practical Reports, Need More About Data Details

COO of a Media and Publishing Industry

image peer

Simple Operation And Maintenance, Rich Functions

Marketing Manager of IT Industry

image peer

Human-Machine Intelligence-Data Fusion Comprehensively Guarantees Safe Operation

CIO of a Industrial Company

image peer

Product Performance Very Good

Assistant IT officer from a Federal Government

Success Stories

Below you will find all the Success Stories of Sangfor, classified by Industry, such as Enterprises, Governments, Schools & Universities, etc.

Royal Malaysian Customs Department JKDM

Government

Sangfor NGAF for the Royal Malaysian Customs Department (JKDM)

STI Logo

Education

STI Customer Success Story

Ransomware Attack Recovery with Sangfor Indonesia 2

Ransomware Attack and Recovery with Sangfor Indonesia

thebayleafhotelslpumanilauniversity

Government

The Ministry of Science, Technology, and Innovation (MOSTI)

Royal Malaysian Customs Department JKDM

Sangfor NGAF for the Royal Malaysian Customs Department (JKDM)

STI Logo

STI Customer Success Story

Ransomware Attack Recovery with Sangfor Indonesia 2

Ransomware Attack and Recovery with Sangfor Indonesia

thebayleafhotelslpumanilauniversity

The Ministry of Science, Technology, and Innovation (MOSTI)

NGAF Firewall Product Models

Models AF-1000-B1080* AF-1000-B1120* M4500 M5100 M5150 M5200 M5250 M5300 M5400
Profile Desktop 1U Desktop 1U 1U 1U 1U 1U 1U
Firewall Throughput (1),(2) 1.05 Gbps 1.75 Gbps 2 Gbps 2.8 Gbps 3.5 Gbps 4.9 Gbps 5.5 Gbps 12 Gbps 20 Gbps
IPS+WAF Throughput(HTTP) (1) N/A 700 Mbps 1.2 Gbps 1.4 Gbps 1.4 Gbps 2.1 Gbps 2.1 Gbps 3.85 Gbps 5.6 Gbps
Threat Protection Throughput (1),(4) 600 Mbps 800 Mbps 1 Gbps 1.8 Gbps 1.8 Gbps 2.1 Gbps 2.1 Gbps 4.2 Gbps 5.6 Gbps
NGFW Throughput (1),(3) 800 Mbps 1 Gbps 1.4 Gbps 2.5Gbps 2.5 Gbps 2.8 Gbps 2.8 Gbps 5 Gbps 8.4 Gbps
IPSec VPN Throughput (1) 100 Mbps 100 Mbps 250 Mbps 250 Mbps 250 Mbps 375 Mbps 375 Mbps 1 Gbps 1.25 Gbps
Max IPsec VPN Tunnels 100 100 300 300 300 500 500 1000 1500
Concurrent Connections (TCP) 800,000 800,000 250,000 750,000 1,000,000 1,200,000 1,800,000 2,000,000 2,500,000
New Connections (TCP) 15,000 18,000 10,000 20,000 25,000 30,000 50,000 80,000 110,000
Power and Hardware Specifications
Support Dual Power Supplies N/A N/A N/A N/A N/A N/A N/A Yes Yes
Power [Watt] Max 60W 40W 60W 40W 40W 40W 40W 60W 150W
Model Datasheets
Click to Download N/A N/A pdf file pdf file pdf file pdf file pdf file pdf file pdf file

* AF-1000-B1080, AF-1000-B1120, AF-2000-B3100, AF-2000-B3200, AF-2000-B3300 are only available in specific regions, please contact our local sale representatives for more details.

  1. All performance data is measured in the laboratory environment. The real-world performance may vary depending on the configuration & network environment.
  2. Firewall Throughput is measured with 1518 Bytes UDP packets.
  3. NGFW Throughput is measured with Firewall, Application Control, Bandwidth Management and IPS enabled.
  4. Threat Prevention Throughput is measured with Firewall, Application Control, Bandwidth Management IPS and Anti-Virus enabled.
  5. For More specification details, please check the Sangfor NGAF brochure or model datasheet.

 

Models M5500 M5600 M5800 M5900 M6000 AF-2000-B3100* AF-2000-B3200* AF-2000-B3300*
Profile 2U 2U 2U 2U 2U 2U 2U 2U
Firewall Throughput (1),(2) 25 Gbps 50 Gbps 67 Gbps 105 Gbps 140 Gbps 140 Gbps 180 Gbps 240 Gbps
IPS+WAF Throughput(HTTP) (1) 8.4 Gbps 14 Gbps 21 Gbps 42 Gbps 56 Gbps 63 Gbps 84 Gbps 126 Gbps
Threat Protection Throughput (1),(4) 9.1 Gbps 18 Gbps 26.5 Gbps 50.4 Gbps 67.2 Gbps 79.4 Gbps 91.2 Gbps 105 Gbps
NGFW Throughput (1),(3) 12.6 Gbps 23 Gbps 31 Gbps 56 Gbps 84 Gbps 90 Gbps 120 Gbps 140 Gbps
IPSec VPN Throughput (1) 2 Gbps 3 Gbps 3.75 Gbps 5 Gbps 5 Gbps 7 Gbps 10 Gbps 15 Gbps
Max IPsec VPN Tunnels 3,000 4,000 5,000 10,000 10,000 15,000 20,000 30,000
Concurrent Connections (TCP) 3,000,000 4,000,000 8,000,000 12,000,000 16,000,000 20,000,000 32,000,000 35,000,000
New Connections (TCP) 220,000 300,000 330,000 450,000 600,000 650,000 800,000 900,000
Power and Hardware Specifications
Support Dual Power Supplies Yes Yes Yes Yes Yes Yes Yes Yes
Power [Watt] Max 150W 150W 150W 760W 760W 860W 860W 860W
Model Datasheets
Click to Download pdf file pdf file pdf file pdf file pdf file N/A N/A N/A

* AF-1000-B1080, AF-1000-B1120, AF-2000-B3100, AF-2000-B3200, AF-2000-B3300 are only available in specific regions, please contact our local sale representatives for more details.

  1. All performance data is measured in the laboratory environment. The real-world performance may vary depending on the configuration & network environment.
  2. Firewall Throughput is measured with 1518 Bytes UDP packets.
  3. NGFW Throughput is measured with Firewall, Application Control, Bandwidth Management and IPS enabled.
  4. Threat Prevention Throughput is measured with Firewall, Application Control, Bandwidth Management IPS and Anti-Virus enabled.
  5. For More specification details, please check the Sangfor NGAF brochure or model datasheet.

Videos

Customer Testimonial – Royal Malaysian Customs Department x Sangfor NGAF Next-Generation Firewall

video-image
Customer Testimonial – Royal Malaysian Customs Department x Sangfor NGAF Next-Generation Firewall
video-image
Cyber Command Correlates with NGAF to Automatically Deal with Network Threats
video-image
Saint Louis University (SLU) Advancing Through Digital Transformation
video-image
Guy Rosefelt Interview with Cyber Defense Magazine 2022
video-image
Interview with Tun Lin Khaing from Sweety Home Myanmar
video-image
Sangfor NGAF Animation Video
video-image
Testimonial NGAF Ministry of Industry - With En Subtitle
video-image
Testimonial IAM Universitas Gadjah Mada

Latest Blog

latsest webinars img
Cyber Security

Expert Tips on How to Improve Your Cyber Defense

Nearly every part of our lives are connected to the cyber world in some way. We use apps to buy our clothes and online stores for our groceries. Internet banking and bank applications for our finances, E-learning for education, and now more than ever due to COVID-19, remote working has made it impossible to maintain jobs or run a business without some kind of cyber footprint. But that’s nothing new for organizations that have long claimed their spot in today’s digital world. A digital footprint is an inevitable part of business operations at all levels, from staff to managers and even stakeholders. The data that businesses need to run is managed and stored using clouds that make it easier for internal members of an organization to access at all times, which is great. However, while we can praise the internet for the ease in personal and business operations and communications it has brought us, we can’t disregard the developments in issues such as cybercrime. In the years 2020-21, major organizations, such as SolarWinds and Colonial Pipeline, suffered two of the most notorious malware and ransomware attacks respectively. Colonial Pipeline’s ransomware attack resulted in the authorization of a $44.4 million ransom payment after being forced to halt its pipeline operations. The attack was said to be incited by Eastern Europe criminal hacker group DarkSide, who gained access to Colonial Pipeline’s systems using compromised VPN credentials. SolarWinds’ hack was completed using malicious code that was injected into an outgoing software update. 2022 has not been without its own cybercrime, with incidents such as Toyota’s recent supply chain attack having made waves of its own. The effects of which led to the car manufacturing giant suspending production after a key supplier in Japan was hit with a ransomware attack. Still, these are only some of the transparent cases that make up the globally growing cybercrime rates; the global cost hitting a record-breaking $6 trillion in 2021, and the amount exceeding $6 billion in the United States alone. Cyber Security Ventures forecasts that by 2025, cybercrime will cost the world $10.5 trillion annually. But, of course, while this number is expected to continue growing, it does not mean that organizations must simply accept their fate and wait their turn. The “positive” side to all of this is that cybersecurity exists to combat all these matters, and now more than ever, individuals and organizations alike must recognize the importance of cybersecurity measures if they want to avoid and cut their losses where cybercrime is concerned. Meaning, if anything, the aforementioned incidents should encourage enterprises to strengthen their cyber defense. So, the question is how? And we are here to help answer it. Understanding the Types of Cyber Threats Not only is the list of kinds of cyber threats long, but it is also growing too. Every day, thousands of attacks that are different in nature are being developed. Some of the highest-ranking by category include: Malware Ransomware Phishing DoS & DDoS (Denial of Services/Distributed Denial of Services) Data Breaches MITM (Man-in-the-middle) Social Engineering What Steps Can be Taken to Improve Your Cyber Defense? We always stress that the best cyber defense is prevention. While there are measures such as VPNs and two-factor authentication that can be put into place, protecting an organization at large requires in-depth analyses and, in most cases, professional expertise. The steps below serve as a guideline to observe as you upgrade your cyber defense strategy. 1. Secure existing network and data The use and adoption of cloud solutions and hybrid work structures have opened organizations to more threats. This means that they must ensure that their networks and data are secured from unwanted access no matter the environment. Sangfor Internet Access Gateway protects organizations from threats while observing internet access for any suspicious behavior. Furthermore, the use of Sangfor IAG gives organizations full visibility of internal network usage, allowing transparency of human-error-caused vulnerabilities. 2. Create organizational awareness An unfortunate 95% of cyber breaches result from human error, according to the Global Risks Report released by the World Economic Forum. What this means is that while cyberattacks are made on technology and networks, the internal access which leads to these attacks plays an important role in combatting them. By creating organizational awareness about issues such as Phishing, and putting in place procedures that secure and track internal user routes, organizations have one less issue to worry about. 3. Test current security measures for weaknesses By completing security health checks, organizations can identify which parts of their security are strongest and working well for them, and which parts need strengthening. By internally exposing vulnerabilities, action can be taken to patch up areas of weakness. 4. Have systems that detect threats at all times It is impossible to solve an issue that you are unaware exists. This makes detection the first and one of the most important steps. By detecting existing and potential security threats — both hidden and visible — not only in the typical North-South traffic, but the East-West traffic as well, organizations can discover previously missed lines of entry for attackers. The Sangfor NDR platform does exactly that. It further integrates network and endpoint security to provide real-time threat detection and response even to threats that might already exist in your network without your knowledge. 5. Ensure your organization is protected and knows how to respond We believe that to beat the advanced cyber threats that exist today, solutions must go above and beyond the traditional firewalls and anti-virus software. Sangfor NGAF converges Sangfor Next-Generation Firewall with Sangfor NGWAF (Next Generation Web Application Firewall) to encompass a range of functions. These include intrusion prevention functions, reporting functions, risk identification capabilities, and cyber threat protection measures forming a multifunctional cyber security solution. Sangfor Endpoint Secure defends endpoints from APT threats and malware using a different approach to our other threat detection and response solutions. 6. Have a recovery plan in place Business continuity cannot be ensured without recovery. By developing a full disaster management plan in case of cyberattacks, businesses can bounce back with confidence. Reliance on platforms such as Sangfor HCI provides backup and data protection in the case of cyber emergencies. While measures of security can be taken, in the case that threats bypass systems, having reliable infrastructure and support is just as important as having strong security. Final Thoughts About Improving Your Cyber Defense No one solution will defend every cyber threat in existence but the right service provider will cover all points of vulnerability that stand to leave an organization's assets and data exposed. At Sangfor we believe “The solution to the problem of network solution is the convergence of security functions.” As such, we provide solutions to every step needed in strengthening organizational cybersecurity. To learn more about Sangfor's solutions or how to improve your cyber defense, contact us today.   Contact Us for Business Inquiry


Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

According to the IBM 2021 Cost of a Data Breach Report, the year 2021 saw record-topping data breaches globally. With a large part of these numbers being due to the COVID-19 pandemic, there was a 10% increase in the average cost of a data breach from the previous year, with the cost difference where remote work was a factor being $1.07 million. The report showed that Asia was the most attacked region in the year, taking on 26% of all cyberattacks globally, while Europe (24%), North America (23%), the Middle East (14%), Africa (14%), and Latin America (13%) took on less of the remaining attacks. The attack vectors spanned from business email compromises to phishing attacks, social engineering, a vulnerability in third-party software, and more; this indicated that organizations experienced cyberattacks not only without third-party security parameters in place, but also with security strategies, and as a result of human error. The 2021 Sangfor Ransomware Trends Report showed that Enterprise and Research & Education were the highest attacked industries in 2021, accounting for 46.82% and 22.83% respectively, of the total number of attacks that occurred. For more information on the nature and scale of attacks globally, download the Sangfor Ransomware Trends Report here. In the year 2022, the trend of cyberattacks in Asia has continued to be popular. According to research by Kaspersky, Jakarta- Indonesia alone experienced more than 11 million attacks in the first quarter of the year only. This number reflected a 22% increase from the previous year. Furthermore, the security company blocked a total of 11,260,643 phishing links across Asia using their anti-phishing systems with the majority of them being traced to the devices of users in Vietnam, Indonesia, and Malaysia. These attacks have occurred all across Asia in every sector. Major Ransomware Attacks in Asia There have been several large-scale ransomware attacks in Asia over the last few years. An eye clinic in Singapore, web hosting services in Malaysia, and insurance companies across Thailand, Malaysia, Hong Kong, and the Philippines have all been victims, indicating the diversity of industries in which attacks take place. Fujifilm Early in June 2021, Japanese multinational conglomerate Fujifilm was hit with a ransomware attack that forced them to shut down parts of their global network. As a result, all of the company’s communications were affected. A public statement was released by the company on the 2nd of June in which they explained what had happened and expressed that they were taking measures to resolve the issue. “FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” it said, “We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.” AXA In 2021, European insurance giant AXA also fell victim to a ransomware attack. It was believed that the ransomware attack was launched by the Avaddon ransomware group, who released a statement saying they had stolen three terabytes of data from AXA in the attack, including personal data and medical record data. In a statement released by the insurance company, they said that if what the ransomware group had said was found to be true, they would handle the case with the necessary seriousness and inform all stakeholders and clients. “AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted.” The hacking group threatened to publicize the stolen data in a period of ten days if AXA failed to meet their ransom demands. To support their claims, the group published several screenshots displaying some of the data that they had retrieved. Read more about the incident here. Thai Organizations The healthcare sector has consistently ranked among the highest cyber-attacked industries. In 2020, in Thailand, several government hospitals and companies were hacked. Saraburi Hospital was one organization that was hacked, resulting in their inability to access their data, and slowed operations. While no ransom was demanded from them, other companies received demands of up to 1 million baht ($32,000). According to Statista, in Thailand in 2019, the cybersecurity expenditure per capita amounted to around four million U.S. dollars. This number was forecasted to reach 7.4 million U.S. dollars by 2025. In response to the growing attacks, Digital Economy and Society Minister Chaiwut Thanakamanusorn announced that Thailand had ushered in the Cybersecurity Act and NCSA to effectively respond to cyberattacks. "Cybersecurity is increasingly important because it is close to people's lives and a crucial global trend as digital connects many dimensions. Any activities related to digital could increase the risk of a cyber-attack," said the minister. What are the biggest causes of these ransomware attacks in Asia? The landscape of cyber threats is enormous and constantly growing, but what are the factors that leave organizations vulnerable to these attacks in the first place? As mentioned before, COVID-19 contributed greatly to the rise in cyberattacks, and remote work in particular presented companies with the challenge of new security issues to consider, just as it presented attackers with new opportunities to exploit vulnerabilities. In part, the vast changes and new concerns brought on globally for individuals and organizations alike can be attributed to digital transformation. While essential to global development, digital transformation has presented the world with new risks, especially relating to cyber threats. “The increase in digital transformation initiatives across businesses of all sizes is uncovering specific vulnerabilities for most organizations, which are only being catalyzed with the COVID-19 pandemic. With the emergence of new technologies such as cloud, artificial intelligence (AI)/machine learning, internet of things (IoT), big data, social media, and other operational technologies, technology risk is continually increasing,” writes Cyber Saint Security. “This has made it essential for CISOs and security teams to manage digital transformation risks by augmenting and enhancing IT and cyber risk management functions to support this new paradigm.” Without the right cybersecurity infrastructure to support digital transformation, organizations are exposed, leaving them vulnerable to cyberattacks. The problems leading to insufficient security measures differ amongst companies. For some, it is a matter of insufficient product knowledge. Transformation needs teams that understand the ins and outs of new systems and procedures being introduced. Many companies lack the knowledge to understand how to protect their assets, or even that they need protecting at all. Limited security staff. There are several bases to cover in the IT departments of a company. This can often lead to a stretched workforce, leaving room for the negligence of the security aspect of it all. So, while companies have security and IT staff, they just don’t have enough to keep up with constant developments and complete regular and thorough analyses to detect existing and potential threats. They simply do not care. Unfortunately, some companies underestimate the importance of good security measures until it is too late. They fail to recognize that cybersecurity can be essential to business survival, thereby neglecting to equip themselves or invest in strong security products and solutions. Of course, it is important to know that no one is invincible from being the target of a cyberattack, and negligence is exactly what attackers look for. How can companies in Asia combat the ransomware pandemic? Sangfor’s Anti-Ransomware Solutions At Sangfor, we understand how complex implementing cybersecurity solutions for an enterprise can be, so we not only do it for you, but we also simplify it too. Sangfor’s Anti-ransomware Solution takes an integrated approach to combating ransomware attacks and as such is the only solution capable of clocking every step of the ransomware kill chain. Our ransomware solution follows four steps that allow our systems to detect and completely block all threats across your business's entire network: Stage 1: Detect & Block Malware and Ransomware Infection Stage 2: Detect & Block C&C Communications Stage 3: Detect & Block Exploitation Stage 4: Detect & Block Propagation By converging Sangfor’s highly sophisticated Next Generation Firewall, Sangfor Endpoint Security, and Sangfor Engine Zero, our solution eliminates threats while repairing any vulnerabilities against future attacks, finding previously unnoticed blind spots, and tracing the source of all threats to ensure complete removal. Now more than ever, businesses all across Asia must grasp the severity of this trend and act fast to put highly effective security measures in place. Cyber resilience from past incidents allows organizations to avoid the same mistakes because prevention is better than cure. If you are interested in consulting security experts to implement a cyber security strategy tailored to your business, contact Sangfor now.   Contact Us for Business Inquiry


Cyber Security

How to Level Up Your Incident Response Plan

What’s an Incident Response Plan and why is it important? Let’s take a look at the recent example. Affordable housing provider in the United Kingdom, Clarion Housing, experienced a cybersecurity incident that disrupted their systems, forcing them to go offline. The series of disruptions began on the week of June 13th when the company began experiencing technical issues with its online account. The incident response emergency situation at Clarion Housing Residents. Source: https://twitter.com/clarionsupport Clarion began tweeting about the issues they had been facing with their online account on June 13th. Clarion later reported that they had resolved and urged customers who had previously been unable to access their accounts to reset their accounts on the following day. In the days that followed, the company continued to report issues with its systems, providing an alternative number for customers to use for emergency repairs. On the June 21st, they released a statement pointing toward the seriousness of the issue. Finally, on June 23rd, Clarion announced that a cyber security incident had caused a disruption leading to IT system issues. The housing provider’s phone and email systems were down, affecting their customer communications. “We have updated the information relating to the cyber security incident which has caused significant disruption to our services. As our work continues it is clear that the damage to our systems is extensive. This will result in a long period of disruption while we rebuild our infrastructure,” their latest update read. “We are now confident that our Customer Relationship Management (CRM) system, which is our main store of customer data, was not accessed. We are continuing the investigation into the extent to which data held in other repositories may have been impacted.” The company is currently working with its cyber security partner to resolve the incident. Instances such as this one should be a constant reminder to organizations of the importance of an incident response plan. Mitigating risk before the damage is too severe hinges on the ability of businesses to detect threats and act quickly; this is the purpose of an incident response plan. But how many organizations can safely say they have one in place? What is a Cybersecurity Incident Response Plan? An incident response plan is a set of procedures put in place to action a response in the event of any incidents that may occur in an organization’s cyber environment. The National Institute of Standards and Technology (NIST), defines an incident response plan as “the documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization’s information system(s)”. An effective incident response plan must take into consideration many of the steps that a disaster management plan would entail. This includes aspects such as preparedness, response, and recovery, but covers to a greater extent, responses to cyber security incidents including but not limited to ransomware attacks, data breaches, loss of sensitive data, data leaks, malware, and more.  How to Create a Cybersecurity Incident Response Plan? Determining which data and systems are critical and valuable is the first step to understanding which potential vulnerabilities your business may have. Thereafter, assessing your cyber infrastructure’s potential points of failure is a key step in understanding which existing and potential threats need immediate addressing. In completing these two steps, you can better understand how to respond to future threats, and you can mitigate risk and set up security measures that meet your needs. Following the response, a business continuity plan can be put into place to ensure recovery and full continuation of business activities. A strong incident response plan will cover the following aspects of potential incidents: preparedness, detection, containment, eradication, and recovery. Cybersecurity Incident Response Plan Checklist Prepare Preparation ensures that in the event of any cyberattack, there are measures in place to be taken to navigate the incident. This also involves training staff and stakeholders on how to react and make sure that all the resources required to manage all systems affected are available. Identify/Detect Detection can go a long way in determining just how much damage an organization sustains, as a result of cyber incidents. It can also determine how long it takes to trace, detain, and eradicate a threat. Platforms such as Sangfor Cyber Command are designed specially to detect and respond to various threats around the clock. By automating the detection and response, threats are identified as quickly as possible with immediate response. Contain/Detain Containment stops the spread of a breach for organizations to control the situation. It also presents the opportunity to develop counter solutions where initial ones may have failed/been late. Eradicate Eradication means eliminating the threat at its root. This involves tracing the incident to its cause and strengthening security to prevent the same incident from occurring in the future. Eradication also involves eliminating the threat where it may have spread. Recover Perhaps the strongest test of whether an incident response plan is strong is the organization’s ability to recover from the incident. Resuming business activities is the goal, and without the steps above this is difficult (if not impossible). Organizations must ensure that they have the resources needed to substitute any losses sustained, and continue to meet business goals. Another essential part of recovery is resilience. The ability to make sure that similar incidents/attacks do not occur. Sangfor Incident Response Plan Partnering with a reliable cybersecurity services and solutions vendor such as Sangfor is essential to your business success. Sangfor will assess your organization’s current cyber structures and security strategies. As such, this is one of the best ways to ensure you are able to find a cybersecurity incident response plan that protects your organization against the endless amount of cyber threats that exist. At Sangfor, we understand the struggles of not knowing what to do and how to manage a situation when under attack. Our First Responder team is backed with experience that spans over 5000 manhours in Incident Response. It is also adept at conducting malware discoveries on a frequent basis and having the latest TTPs. At Sangfor, we pride ourselves in having a motivated team culture, having served more than 250 cases. The first step in rectifying the problem is to identify the fingerprints through activity logs that have been left by the attacker pointing to the root cause. The fingerprints reconstruct the flow of events and exploits used. We then build a remediation plan for you to prevent future attacks. Our report includes realistic remediation and approach, hidden cyber gaps, and the sharing of industry best practices relevant to you. We also provide follow-up activities to find any residual or persistent malware after the investigation has been concluded to keep you answerable to the stakeholders. An incident response plan can be what stands between a business and its survival. Planning for incidents allows organizations to detect and respond to threats not only when they occur, but also before they do. Sangfor Incident Response conducts assessments to see the gaps in your organization’s security before recommending solutions that will fill these gaps and more. Sangfor also identifies potential gaps to allow you to enhance your security, strengthen your cybersecurity structures, and improve your response plan.   Contact Us to Learn More


Latest News

latest news img
Press Release

Gartner Hype Cycle for ICT in China 2022. Sangfor Recognized as a Sample Vendor.

Sangfor Technologies Recognized as a Sample Vendor in Gartner® Hype Cycle™ for ICT in China, 2022 Sangfor Technologies recognized as a Sample Vendor under multiple technologies mentioned in the Gartner Hype Cycle for ICT in China, 2022[1] report, published 26 July 2022. About the Gartner Hype Cycle for ICT in China, 2022 This Gartner Hype Cycle report assesses 28 of the most relevant and innovative information and communication technologies (ICT) in China today. Each technology is rated on their business benefit, market penetration, and maturity level while other key information such as the technology’s drivers, obstacles, user recommendations, and a list of Sample Vendors are provided. The Hype Cycle is intended to help CIOs "identify technologies to help manage IT rationalization and seize digital business opportunities." Sangfor is excited to be included as a Sample Vendor for the following technologies: Secure Access Service Edge (SASE) Hyperconverged Infrastructure (HCI) Cloud Security in China We believe our inclusion in these technologies confirms us as one of the trusted vendors for cloud computing and cyber security in China. Learn More about the Technologies and Sangfor Products Secure Access Service Edge in the Hype Cycle for ICT in China Business Benefit Rating: Transformational Market Penetration: 5% to 20% of target audience Maturity: Adolescent (2-5 years till mainstream adoption) Secure access service edge (SASE) has been rated as transformational in business benefit—the highest rating. Specifically, the report notes that SASE in China "supports branch office, remote worker, internet and cloud access security, low latency access to cloud, use cases" and " a key enabler of digital business transformation, increasing visibility, agility, resilience and security by using a platform approach to delivery services rather than a siloed approach." Sangfor Access (SASE) Sangfor Access is our SASE solution that converges network and security capabilities into an integrated service through the cloud. Sangfor Access provides a cohesive suite of security features, including NGFW, SWG, ZTNA, CASB, VPN, and more. Security gaps are eliminated by the unified delivery of security protection irrespective of user location. This makes Sangfor Access the perfect solution for organizations needing secure access to both cloud workloads and the Internet for branch and remote users. With Sangfor Access, internet-bound traffic undergoes security inspection and policy enforcement at the cloud edge as opposed to being backhauled to the security stack in on-prem data centers. This offers many benefits such as improved user experience due to lower latency and reduced operations complexity and costs due to vendor consolidation and lower data center footprint. Visit the Sangfor Access webpage to learn more about our SASE solution, including features and capabilities, advantages, use cases, and brochure. Hyperconverged Infrastructure in the Hype Cycle for ICT in China Business Benefit Rating: High Market Penetration: 20% to 50% of target audience Maturity: Early mainstream (0-2 years till mainstream adoption) The Hype Cycle recognizes hyperconverged infrastructure (HCI) as an "enabling technology for hybrid cloud, automation, edge, infrastructure agility and more." In terms of business impact, the report notes that "HCI enables on-premises IT to respond to new business requirements in a modular, small- increment and timely fashion" and "simplifies infrastructure operation, which is particularly valuable for enterprises with relatively weak IT capability or remote sites of large organizations that require operation efficiency." Sangfor Hyper-Converged Infrastructure (HCI) Sangfor HCI is a 3rd generation HCI solution and the first HCI product to incorporate security all in one appliance. By converging compute, storage, networking and security onto a simplified single software stack, customers receive ultimate reliability for business-critical applications with easy-to-use management functions. Sangfor HCI provides the foundation for many of our cloud solutions, including Sangfor Managed Cloud Services, Sangfor Hybrid Cloud, Sangfor Virtual Desktop Infrastructure (VDI), and Sangfor Disaster Recovery (DR). Sangfor Technologies has been named in the Gartner Magic Quadrant™ for Hyperconverged Infrastructure Software for 3 consecutive years since 2019.[2] It has also been recognized in Gartner Peer Insights™ ‘Voice of the Customer’: Hyperconverged Infrastructure Software report for three consecutive years.[3] Visit our HCI webpage to learn more about Sangfor HCI, including features and capabilities, advantages, use cases, and customer testimonials. Cloud Security in the Hype Cycle for ICT in China Business Benefit Rating: High Market Penetration: More than 50% of target audience Maturity: Adolescent (2-5 years till mainstream adoption) The report lists several factors that are driving the adoption of cloud security. However, obstacles mentioned include "large enterprises treat(ing) private cloud adoption as an extension of data center protection, with no desire to embrace cloud security" and the "lack of cloud security knowledge and skills lead(ing) organizations to prefer replicating traditional controls to the cloud, both in public and private." The report notes that "effective and manageable cloud security plays a vital role to help enterprises use the cloud securely and compliantly." Sources: [1] Gartner, Inc., Hype Cycle for ICT in China, 2022, Kevin Ji et al., Published 26 July 2022   [2] Gartner, Inc., Magic Quadrant for Hyperconverged Infrastructure Software 2021, Jeffrey Hewitt et al., Published 17 November 2021. This report was titled Magic Quadrant for Hyperconverged Infrastructure in 2019.  [3] Gartner, Inc., Gartner Peer Insights ‘Voice of the Customer’: Hyperconverged Infrastructure Software, Published on 28 April, 2022. This report was titled Gartner Peer Insights ‘Voice of the Customer’: Hyperconverged Infrastructure in 2020.  Disclaimer: GARTNER, MAGIC QUADRANT and HYPE CYCLE are registered trademarks and service marks, PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.  About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.   Contact Us for Business Inquiry


Press Release

2022 Gartner Hype Cycle for Workload and Network Security . Sangfor named as a Sample Vendor.

Sangfor Technologies Named as a Sample Vendor in 2022 Gartner® Hype Cycle™ for Workload and Network Security Report Sangfor Technologies named as a Sample Vendor for Secure Web Gateway in the latest Gartner Hype Cycle for Workload and Network Security, 2022[1], published July 18. Sangfor is excited to be included as 1 of 10 sample vendors worldwide for SWG. We believe our inclusion is a recognition of the outstanding capabilities of our SWG product Sangfor Internet Access Gateway (IAG). What we think are the key Insights from this Hype Cycle for Workload and Network Security report Workload and network security are combined for this Hype Cycle report (subscription required).  In our opinion, it reflects the convergence of cloud adoption and the hybrid workforce. The report notes that “confidence in and the desire to utilize cloud — whether software as a service (SaaS) or cloud infrastructure and platform services (CIPS) — have grown to the point that Gartner believes cloud usage is indispensable or heavily impactful in many enterprises.” Also, that “Despite the recent back-to-office wave, most organizations are still planning for a hybrid workforce.” We believe that this means that organizations should select security technologies that enable employees to access resources anytime and anywhere and protect workers whether they are on-premises or remote. As a result, there is a growing trend towards consolidated security platforms, such as secure access service edge (SASE) and security service edge (SSE). These offer improved functionality and a more seamless user and admin experience compared to standalone technologies. Secure Web Gateway in this Hype Cycle for Workload and Network Security SWG is rated High in business benefits in the Hype Cycle report. “Because SWGs are positioned between the user and the internet, they offer valuable protection from internet-born threats. Also, the SWG dashboards and reporting tools provide visibility into users’ behavior on the internet. In line with the trend towards consolidated platforms, the Hype Cycle report notes “Cloud SWG services are increasingly part of security service edge (SSE) offerings to provide protection regardless of the location.” About Sangfor Internet Access Gateway (IAG) Sangfor IAG is full-feature SWG solution developed by our world-class R&D team and used by over 70,000 customers. As a SWG, Sangfor IAG first and foremost protects and controls the internet access of network users and their endpoints. Security features such as URL filtering, traffic decryption, and illegal Wi-Fi hotspot detection prevent internet-born threats from infecting endpoints. Granular internet access policies for users, user groups, and endpoints control what websites, applications, and functions can be accessed. This helps to prevent malware infection and user unproductivity while ensuring regulatory compliance. Sangfor IAG is designed to provide unparallel visibility into user identity and user behavior – who is accessing what and when – and any hidden threats and applications running in the environment. Sangfor IAG offers centralized management with a single pane of glass web interface and flexible deployment as a hardware appliance, virtual appliance, or both. As a full-feature solution, Sangfor IAG offers a suite of security features and capabilities that further strengthen the organization’s security posture, including: Bandwidth management: Optimize bandwidth allocation for critical applications and restrict bandwidth of abusive users. Asset discovery: Identify onboarding devices and enforce endpoint compliance checks to ensure they do not introduce malware and vulnerabilities. Proxy avoidance protection: Detect and block anonymous proxy and VPN applications that can bypass the organization’s internet access controls. User authentication and management: Intuitive and flexible authentication methods, including a variety of traditional and value-added authentication methods. Sangfor IAG Integration in Consolidated Platforms Sangfor Access (SASE) In line with the mainstream trend towards platform consolidation, Sangfor IAG is offered as part of Sangfor Access, our SASE platform – the perfect solution for delivering secure internet connectivity for branch and work-from-anywhere (WFA) scenarios. Apart from SWG, Sangfor Access provides an integrated suite of cloud-delivered security capabilities, including firewall protection, malware detection, access control, CASB, VPN, and more. With Sangfor Access, internet-bound traffic undergoes security inspection and policy enforcement at the cloud edge as opposed to being backhauled to the security stack in on-prem data centers. This model offers a range of benefits, including: Eliminate security gaps due to a unified delivery of security services irrespective of user location. Improved user experience through lower latency. Reduce operations and management complexity and lower costs due to vendor consolidation and reduced data center footprint. According to the Priority Matrix in this Hype Cycle report, SASE is rated Transformational in benefit rating.   Sources: [1] Gartner, Inc., Hype Cycle for Workload and Network Security, 2022, Charlie Winckless, Published 18 July 2022 Disclaimer: GARTNER and HYPE CYCLE are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.   Contact Us for Business Inquiry


Press Release

Sangfor Ranked the World’s 4th Largest NDR Vendor by Revenue in 2021 Gartner® Market Share Report

Sangfor Technologies Ranked the World’s 4th Largest NDR Vendor by Revenue in the Latest Gartner® Market Share Report Sangfor Technologies (300454.SZ) proudly announced today that it is ranked the world’s 4th largest vendor by revenue in 2021 for network detection and response (NDR) technology based on the Gartner Market Share: Enterprise Network Equipment by Market Segment, Worldwide 4Q21 and 2021  report, published March 25, 2022[1]. Sangfor Cyber Command, Sangfor’s signature NDR solution, achieved quarter-on-quarter worldwide revenue growth to attain the 4th largest market share in 2021. NDR was initially known as Network Traffic Analysis (NTA) and was first recognized by Gartner in 2013 with the publication of Five Styles of Advanced Threat Defense.[2] NTA was later renamed Network Detection and Response (NDR) in the 2020 Gartner Market Guide for Network Detection and Response report.[3] NDR adoption has grown rapidly in the last couple of years. According to the latest Gartner Market Share report, the worldwide NDR market was worth $1.046B USD in 2021, up 26.1% from $829.5M USD in 2020, making it one of the fastest-growing enterprise network security technologies. “We started developing our NDR solution Cyber Command in 2018 when it was becoming clear that existing security technologies at the time were no longer sufficient at protecting organizations in a deteriorating threat landscape. Cyber attackers were upping their game with sophisticated tools and techniques, and what was needed was a technology that could detect the undetectable. We are immensely proud that, in just a short space of time, Cyber Command has established itself as one of the most trusted NDR solutions on the global stage. Excellent results like this give us great encouragement and drive us to fulfill our mission of delivering the most innovative technologies to customers around the world.” beamed a delighted Kaden Zhang, President of Sangfor International Market. To learn more about Sangfor Cyber Command product capabilities, use cases, demo videos, and success stories, please visit the Cyber Command webpage at https://www.sangfor.com/cybersecurity/products/cyber-command Source [1] Gartner, Inc., Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 4Q21 and 2021, Christian Canales et al., Published March 25, 2022 [2] Gartner, Inc., Five Styles of Advanced Threat Defense, Lawrence Orans, Jeremy D’Hoinne, August 20, 2013. [3] Gartner, Inc., Market Guide for Network Detection and Response, Lawrence Orans, et al., June 11, 2020 Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. About Sangfor Technologies Sangfor Technologies is an APAC-based, leading global vendor specializing in Cyber Security, Cloud Computing, and IT Infrastructure. Founded in 2000 and publicly listed since 2018 (STOCK CODE: 300454.SZ), Sangfor employs 9,500 employees, operates 60 offices, and serves more than 100,000 customers worldwide, many of them Fortune Global 500 companies, governmental institutions, universities, and schools. Visit us at www.sangfor.com to learn more about Sangfor’s solutions and let Sangfor make Your Digital Transformation Simpler and Secure.


Get in Touch With Us

icon notification

Frequently Asked Question

Next-generation firewalls (NGFWs) are a newer and more sophisticated type of firewall technology classified as deep-packet inspection firewalls. As well as port and protocol inspections, an NGFW has the ability to inspect on the application level. In doing so, it can actively work to filter and prevent intrusions, incorporate other cyber security technologies, and form a single, holistic cyber security solution for businesses.

Sangfor NGAF is the world’s first AI-powered NGFW solution. It incorporates other Sangfor solutions such as NGWAF and Endpoint Secure and is powered by Engine Zero and the Neural-X platform. The major benefit of using a NGFW solution comes from the combination of heightened security and simplified operation and management processes.

Next-generation firewalls like Sangfor NGAF are fully integrated solutions that offer comprehensive protection and a birds-eye view of your organization’s network. They can incorporate other security solutions and platforms to offer more efficient, simplified, and AI-powered protection.

Advantages of an NGFW solution include:

Being able to adapt to and protect against newer, more advanced, and malicious malware strains on the application level. Simplified operation and maintenance even for organizations without a dedicated IT team. Complete visibility over your network security and a granular approach to traffic and potential threats. Real-time detection and rapid response of threats, as well as learning to prevent similar attacks in the future.

Traditional firewalls are a network security system that have been around for years and are commonplace throughout all businesses and personal computers. They function on the basic principle of filtering and inspecting both incoming and outgoing traffic for anomalies or traits that might signify a security threat based on a set of pre-coded rules.

Next-generation firewalls differ in that they are a more advanced evolution of traditional firewall security systems. As well as completing the fundamental filtering process, next-generation firewalls operate on a more granular application level and can further incorporate additional solutions for an all-in-one security plan.