The Cyber Command Analysis Center collects a broad range of network and security data including North-South and East-West traffic data, logs from network gateways and EDRs, decodes it using network applications like DNS or mail, and applies AI analysis to uncover undesirable behavior. As Cyber Command is paired with threat intelligence, attacks on all levels of the attack chain are detected, meaning faster alerts to exploitation attempts, slow brute force attacks, C&C activities, lateral movements, P2P traffic, and data theft. 

The Cyber Command Response Center provides a broad range of attack investigation experience, all presented visually within the attack chain. Threat mitigation is prioritized based on the criticality of the at-risk business assets. Combined with Sangfor Endpoint Secure and NGAF, Cyber Command provides flexible and effective mitigation in a timely manner, offering recommendations for policy or patching, endpoint correlation, and network correlation. 

Cyber Command helps security administrators to perform comprehensive impact analysis of known breaches and to track “patient zero,” by evaluating all possible points of entrance. Cyber Command’s unique “Golden Eye” feature studies the behavior of compromised assets like inbound and outbound connections and usage of ports and protocols, and uses this valuable information to strengthen external and internal system defenses.