Sangfor Athena NGFW (previously known as Sangfor Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
AI-Powered Malware Inspection
Athena NGFW integrates with Sangfor Engine Zero, an AI-powered malware detection engine. Engine Zero was developed using advanced machine learning models and AI algorithms, enabling Athena NGFW to achieve a 99.76% detection rate for both known and unknown malware across the internet.
Real-Time Threat Intelligence
Athena NGFW leverages Sangfor Neural-X, a cloud-based, AI-powered threat intelligence and analytics platform.
Neural-X is continuously updated to protect against the latest indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs). For example, Athena NGFW can submit a suspicious DNS address to Neural-X for analysis. If it is identified as a known command-and-control (C&C) server, Athena NGFW automatically blocks communications to prevent further damage.
Anti-Ransomware
Athena NGFW integrates with Athena Endpoint Protection Platform (EPP) as part of Sangfor’s Anti-Ransomware solution.
Forensic threat intelligence data—collected from both network and endpoints—is visualized via the Athena NGFW GUI to reveal hidden ransomware processes. The solution also offers a "one-click quarantine" feature to remove the encryption-controlling application from all infected hosts.
Web Attack Prevention
Athena NGFW includes Sangfor’s Next-Generation Web Application Firewall (NGWAF) to provide robust protection for web applications.
Using semantic analysis and the industry’s first WAF with a built-in virtual execution system (VES), Sangfor NGWAF secures web applications from advanced attacks, such as SQL injection and cross-site scripting.
Simplified Operation
Sangfor believes that firewalls should make life easier for security administrators. Athena NGFW includes a SOC Lite feature that simplifies security operations and incident response.
Instead of analyzing tons of security logs, security administrators can intuitively assess the threat levels of users and hosts through Athena NGFW’s management console. What's more, it provides actionable guidance on how to respond to detected threats.
Athena NGFW integrates with Sangfor Engine Zero, an AI-powered malware detection engine. Engine Zero was developed using advanced machine learning models and AI algorithms, enabling Athena NGFW to achieve a 99.76% detection rate for both known and unknown malware across the internet.
Athena NGFW leverages Sangfor Neural-X, a cloud-based, AI-powered threat intelligence and analytics platform.
Neural-X is continuously updated to protect against the latest indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs). For example, Athena NGFW can submit a suspicious DNS address to Neural-X for analysis. If it is identified as a known command-and-control (C&C) server, Athena NGFW automatically blocks communications to prevent further damage.
Athena NGFW integrates with Athena Endpoint Protection Platform (EPP) as part of Sangfor’s Anti-Ransomware solution.
Forensic threat intelligence data—collected from both network and endpoints—is visualized via the Athena NGFW GUI to reveal hidden ransomware processes. The solution also offers a "one-click quarantine" feature to remove the encryption-controlling application from all infected hosts.
Athena NGFW includes Sangfor’s Next-Generation Web Application Firewall (NGWAF) to provide robust protection for web applications.
Using semantic analysis and the industry’s first WAF with a built-in virtual execution system (VES), Sangfor NGWAF secures web applications from advanced attacks, such as SQL injection and cross-site scripting.
Sangfor believes that firewalls should make life easier for security administrators. Athena NGFW includes a SOC Lite feature that simplifies security operations and incident response.
Instead of analyzing tons of security logs, security administrators can intuitively assess the threat levels of users and hosts through Athena NGFW’s management console. What's more, it provides actionable guidance on how to respond to detected threats.
Robust Perimeter Security
Combines antivirus, intrusion prevention system, AI-powered malware detection and real-time threat intelligence to block over 99% of threats at the network perimeter.
Secure SD-WAN
Offers built-in SD-WAN capabilities to secure access for various scenarios, including HQ-to-branch, branch-to-branch, and work-from-anywhere (WFX).
Second-tier Firewall
Supplement your existing firewall with a next-generation firewall equipped with AI-powered threat detection, the latest threat intelligence, and NGWAF.
Athena NGFW has achieved the highest rating (AAA and Recommended) in the CyberRatings Enterprise Firewall Test for three consecutive evaluations, performing on par with, or better than, leading NGFW vendors in terms of security effectiveness.
Athena NGFW delivers comparable security capabilities and effectiveness to leading NGFW vendors—but at much lower price points. This results in an industry-leading cost-to-performance ratio, making it an ideal choice for organizations seeking maximum ROI.
Powered by Sangfor Neural-X, Athena NGFW benefits from a comprehensive threat intelligence feed and automatic global intelligence sharing, enabling rapid detection and mitigation of emerging threats.Additionally, Sangfor collaborates with major security platforms such as CVE, VirusTotal, and CNVD to ensure timely updates on newly discovered vulnerabilities.
Sangfor offers complete security solutions rather than just a firewall. Starting with Athena NGFW, organizations can build a fully integrated security framework with enhanced capabilities, simpler management, and reduced costs.
Recommended Rating in the CyberRatings Enterprise Firewall TestThe CyberRatings.org Enterprise Firewall Test is an independent evaluation of leading firewall solutions, assessing their security effectiveness, performance, SSL/TLS capabilities, and resilience against evasions. In this exclusive video, Vikram Phatak, CEO of CyberRatings.org, shares his insights on why Sangfor's Next-Generation Firewall has achieved the Recommended rating. |
| Models | NSF-1030A-I | NSF-1050A-I | NSF-1100A-I | NSF-1200A-I | NSF-3100A-I | NSF-3200A-I | NSF-3400A-I | NSF-7100A-I | NSF-7200A-I | NSF-7300A-I | NSF-7500A-I |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Firewall Throughput1, 2 | 2Gbps | 10Gbps | 20Gbps | 20Gbps | 30Gbps | 40Gbps | 55G | 70Gbps | 70Gbps | 80Gbps | 170Gbps |
| Application Control Throughput1, 3 | 750Mbps | 6Gbps | 12Gbps | 14Gbps | 20Gbps | 28Gbps | 32Gbps | 40Gbps | 45Gbps | 50Gbps | 90Gbps |
| NGFW Throughput1, 4 | 380Mbps | 1.5Gbps | 3Gbps | 3.5Gbps | 7Gbps | 10Gbps | 16Gbps | 25Gbps | 28Gbps | 32Gbps | 60Gbps |
| Threat Prevention Throughput1, 5 | 300Mbps | 820Mbps | 1.5Gbps | 2Gbps | 3.6Gbps | 4Gbps | 12Gbps | 15Gbps | 18Gbps | 24Gbps | 38Gbps |
| Web Application Protection Throughput1, 6 | N/A | 950Mbps | 2.3Gbps | 2.5Gbps | 3.2Gbps | 4Gbps | 9.5Gbps | 20Gbps | 20Gbps | 23Gbps | 30Gbps |
| IPsec VPN Throughput1, 7 | 220Mbps | 600Mbps | 1.5Gbps | 1.8Gbps | 3.5Gbps | 4Gbps | 7Gbps | 10Gbps | 10Gbps | 10Gbps | 40Gbps |
| Max IPsec VPN Tunnels | 100 | 100 | 1,000 | 1,000 | 4,000 | 6,000 | 10,000 | 20,000 | 20,000 | 20,000 | 25,000 |
| Concurrent Connections(TCP) | 800,000 | 800,000 | 2,000,000 | 2,000,000 | 4,000,000 | 4,100,000 | 10,000,000 | 25,000,000 | 25,000,000 | 27,000,000 | 50,000,000 |
| New Connections(TCP) | 30,000 | 20,000 | 90,000 | 90,000 | 180,000 | 180,000 | 500,000 | 600,000 | 600,000 | 600,000 | 1,500,000 |
| Virtual Domains(Recommended/Max) | 1/1 | 1/6 | 3/6 | 3/6 | 5/10 | 5/10 | 10/20 | 24/48 | 24/48 | 24/48 | 25/225 |
| Click to Download |  | | | | | | | | | | |
Remarks
A firewall is a network security tool that inspects and filters traffic between devices in a private computer network and the internet. Firewalls allow or deny incoming and outgoing network traffic based on defined rules. This enables users to block unauthorized data as well as prevent malware and other security threats from breaching the network.
Network Firewalls generally come as hardware network devices or software applications. Hardware firewalls are placed in a central network location to filter traffic for an entire network. Software firewalls are installed on endpoints to filter traffic to and from specific devices.
There are also different types of firewalls, including packet filtering firewalls, stateful inspection firewalls, proxy firewalls, network address translation (NAT) firewalls, and next generation firewalls (NGFW).
Next generation firewalls (NGFWs) are the newest generation of firewall technology. NGFWs use something called deep packet inspection (DPI) to inspect the content (payload) of data packets. This allows users to create more granular firewall rules based on specific types of data, applications, devices, and users.
Moreover, NGFWs are a type of unified threat management (UTM) solution. UTMs integrate multiple security features into one device. In the case of NGFW’s, this includes antivirus, intrusion detection system, threat intelligence, application control, email security, and more.
Traditional firewalls like packet filtering and stateful inspection firewalls only support rules based on packet header information, namely the source and destination IP address, protocol, and port number. This is very limited and does not offer much flexibility.
Next generation firewalls use something called deep packet inspection (DPI). DPI allows NGFWs to inspect the content (payload) of data packets and is a key enabler of enhanced firewall protection. One the one hand, users can create granular firewall rules based on specific types of data, applications, services, devices, and users. The allows NGFWs to block malicious data that exploit specific applications and services. DPI also provides the basis for the additional security features of NGFWs to function. With visibility into the data, antivirus can scan traffic for malware and the integrated intrusion prevention system can detect suspicious traffic activity.
Next generation firewalls are a type of unified threat management (UTM) solution that integrates multiple security features into one device. Typical features of NGFWs include:
Granular Traffic Filtering: Thanks to DPI, next generation firewalls have visibility into the type of data and the applications, services, devices, and users processing the data. This allows organizations to create firewall rules to enforce granular access policies. DPI also enables NGFWs block malicious data that targets specific apps and services.
Early Threat Detection: NGFWs are integrated with security features like antivirus and intrusion detection system to detect malware and cyber-attacks before they can breach the network. This is important because threats are harder to detect after a breach, which increases the likelihood of a successful attack.
Security Logging: NGFWs support security logging, which is important for several reasons. For example, security analysts can analyze logs to hunt for threats that were missed by the firewall. Security logs are also needed to meet compliance requirements in certain industries and jurisdictions.
An organization should deploy a next generation firewall if compromise of its data and systems lead to material impact. This can be anything from significant financial loss, business downtime, business loss, and reputation damage. Given the sophistication of today’s security threats and the limitations of traditional firewalls to detect them, NGFWs should be the default firewall of choice for organizations looking for robust protection. NGFW vendors typically offer models of varying specifications and capabilities to suit the needs of different organizations, from small businesses to large enterprises.
Next generation firewalls provide superior protection to enterprise networks. This ultimately helps organizations minimize the chances of experiencing a cyber-attack. Considering how damaging cyber-attacks are, effective defense against them is vital for business continuity and prosperity.
NGFWs are also more cost-effective and reduce complexity by integrating various security features that would otherwise be deployed separately. This is especially beneficial for SMBs that lack the resources and expertise to deploy and manage disparate tools.
Next generation firewalls are relatively harder to use than traditional firewalls and may require a dedicated professional to operate and maintain. However, NGFW vendors are responsible for creating the complex firewall and IDS rules that detect and block security threats. Users simply need to keep their firewall up to date. NGFWs require extra work when organizations wish to create their own firewall rules, but NGFWs may come with templates to aid this process.
Because multiple security features are integrated into one device, NGFWs can be managed from a single interface. This in fact makes NGFWs easier to manage compared to separate security tools.
Next generation firewalls do a great job at keeping threats out of the network. However, cyber criminals are constantly refining and evolving their tactics, techniques, and procedures (TTP), so no single cyber security tool can always achieve total protection. That is why it is standard practice for organizations to deploy other security tools in addition to a firewall.
For example, antivirus or more advanced Endpoint Detection and Response (EDR) solutions are needed to detect threats that managed to evade the firewall and land on endpoints. For advanced persistent threats (APTs) that hide and spread in the network for a long period, a User and Entity Behavior Analytics (UEBA) solution like Network Detection and Response (NDR) works best.
NGFW vendors generally offer various models to suit different needs. Organizations should choose a firewall that fits their unique situation to get the best out of their NGFW. Important factors to consider include the NGFWs security capabilities, specifications such as throughput, cost, deployment mode, ease of operation, service, etc. For a more detailed discussion on choosing the right NGFW, feel free to read our enterprise firewall buyer’s guide.
Customer reviews are also an excellent source of reference. For example, Gartner Peer Insights provides vetted and verified reviews to help prospective buyers gain objective and trustworthy insight into the NGFW products of different vendors.
