This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

{{cptGetActiveTitle}}
Security
Internet Access Gateway
NGAF Firewall Platform
Endpoint Secure
Cyber Command
Cloud Computing
Hyper Converged Infrastructure
Sangfor Cloud Platform
Infrastructure
Virtual Desktop Infrastructure
Sangfor Access
Sangfor Intelligent Edge Router
SD-WAN
WAN Optimization
Top Use Cases
Security
Cloud Computing
Top Industries
Manufacturing
Education
Finance & Banking
Government
Healthcare
ISP
Security
Botnet Detection
Engine Zero
NG WAF
Neural-X
Business Intelligence
Threat Intelligence
zSand
Cloud Computing
SRAP
Services Overview
Care Service
Case Handling
Support Plans
RMA Process
Services Policy
Privacy Policy
Support Life Cycle Policy
Warranty Policy
Support Resources
Support Community
Beta Test Program
Sangfor's Answer to COVID-19
Support Case
Tech Documents
LiveChat
FAQ
Events & Webinars
Market Activities
Online Webinars
Blog
Technology
Cyber Security
Cloud Computing and Infrastructure
IT Network Infrastructure

Incident Response Service

Contact Us for More Info

What is Sangfor Incident Response?

Sangfor operates on the premise that “Precaution is Always Better Than a Cure,” but Sangfor also believes that a lesson learned could greatly increase cybersecurity awareness among employees, including those at an executive level. Protecting the organization from attack is not the responsibility of only the IT security team, but of everyone in the organization.

  

“All men make mistakes, but only wise men learn from their mistakes.” – Winston Churchill, former PM of the UK

 

Sangfor provides a closed-loop incident response service solution to organizations, separating security incidents into three major phases:

Major Phases

Pre-Incident Phase

In the pre-incident phase, Sangfor helps the organization assess external attack surfaces and vulnerabilities before the attack occurs. Organizations immediately know if existing network architecture, network setup, security practices and security controls are sufficient to defend against malware attacks like Advanced Persistent Threat (APT) and most ransomware and mining viruses. Attack surfaces, vulnerabilities, weak areas and risks are identified before the attackers can take advantage or exploit them. Organizations are advised to fix vulnerabilities and create a risk mitigation plan according to recommendations provided by Sangfor, reducing the likelihood of being attacked and keeping associated risks to a minimum.

Mid-Incident Phase

Should a malware attack successfully, the Sangfor Incident Response Team will provide immediate support, within the scope agreed to in the SLA, to mitigate the incident and minimize impact. During this phase, Sangfor will assist customers by performing compromised machine containment, forensic investigation, evidence collection and malware eradication.

Post-Incident Phase

After the impacted services have recovered and the incident case is closed, organizational business operations will be operating as usual. Sangfor will review the organizations’ protection capabilities against malware attack, and provide external attack surface assessment services and external firewall rule set and configuration review, ensuring that new vulnerabilities, weak points and misconfiguration are identified, preventing similar attacks in the future.

Scope of Incident Response Service

  • External Attack Surface Assessment
  • Indicator of Compromise (IOC) Determination
  • External Firewall Ruleset and Configuration Review
  • Malware In-depth Analysis
  • Malware Family and Type Identification
  • Malware Eradication
  • Initial Attack Vector Identification
  • Remediation
  • Kill Chain / Chain of Infection Determination
  • Internal Network Threat Analysis and Assessment (for selected customers only)

Incident Response Service Deliverable

External Firewall Ruleset and Configuration Review Report

Security Incident Report

Security Strengthening and Reinforcement Proposal

Threat Analysis and Remediation Report (for selected customers only)

External Attack Surface Assessment Report

Yearly Security Incident Report

Why Sangfor Incident Response?

Benefits of Sangfor IR Service

1. Determination of Potential External Threats The external vulnerability assessment can simulate how an attacker identifies attack surfaces, gains entry to the network and eventually focuses on exploiting a certain point to threaten to the whole network. In this way, potential network-wide security vulnerabilities are determined.

2. Security Awareness Enhancement Any potential vulnerability, no matter how small, identified from the external view of an organization has the potential for disaster. Therefore, the external attack surface assessment service enables the responsible personnel to effectively eliminate any tiny security defect, thereby reducing the overall security risk.

3. Security Skill Improvement The user's security skills are improved during interaction with the investigators and analysts. In addition, the investigation results and lessons learned help customers in identifying the vulnerabilities and mistakes that may have been overlooked previously, allowing the customer to fixing the issue and prepare a remediation plan, reducing the likelihood a secondary attack.

How is Sangfor Different from Others?

  • Strengthened defenses against future attacks
  • Minimize impact and damages should an attack occur
  • Prepare for future attacks
  • Reduce downtime & ensure business continuity
  • Maintain public trust
  • Competitive and cost-effective services Immediate response
  • Assessment service to reduce the likelihood of attacked
  • Professional security reinforcement and strengthening advice

Success Stories

Downloads

Sangfor Ransomware Response Playbook
  0.58 MB
07 Dec 2020
Sangfor Ransomware Protection Best Practices
  1.84 MB
07 Dec 2020
Products & Services
Innovations
Support
Partners
Resources
About Us
COPYRIGHT © 2000-2021 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.
Sales Channel StatementLegal StatementIntegrity and Reporting Policy