This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.

What is Sangfor Incident Response?

Sangfor operates on the premise that “Precaution is Always Better Than a Cure,” but Sangfor also believes that a lesson learned could greatly increase cybersecurity awareness among employees, including those at an executive level. Protecting the organization from attack is not the responsibility of only the IT security team, but of everyone in the organization.


“All men make mistakes, but only wise men learn from their mistakes.” – Winston Churchill, former PM of the UK


Sangfor provides a closed-loop incident response service solution to organizations, separating security incidents into three major phases:


Pre Incident Mid Incident Post Incident

Major Phases

Example svg Icon

Pre-Incident Phase

In the pre-incident phase, Sangfor helps the organization assess external attack surfaces and vulnerabilities before the attack occurs. Organizations immediately know if existing network architecture, network setup, security practices and security controls are sufficient to defend against malware attacks like Advanced Persistent Threat (APT) and most ransomware and mining viruses. Attack surfaces, vulnerabilities, weak areas and risks are identified before the attackers can take advantage or exploit them. Organizations are advised to fix vulnerabilities and create a risk mitigation plan according to recommendations provided by Sangfor, reducing the likelihood of being attacked and keeping associated risks to a minimum.

Example svg Icon

Mid-Incident Phase

Should a malware attack successfully, the Sangfor Incident Response Team will provide immediate support, within the scope agreed to in the SLA, to mitigate the incident and minimize impact. During this phase, Sangfor will assist customers by performing compromised machine containment, forensic investigation, evidence collection and malware eradication.

Example svg Icon

Post-Incident Phase

After the impacted services have recovered and the incident case is closed, organizational business operations will be operating as usual. Sangfor will review the organizations’ protection capabilities against malware attack, and provide external attack surface assessment services and external firewall rule set and configuration review, ensuring that new vulnerabilities, weak points and misconfiguration are identified, preventing similar attacks in the future.

Scope of Incident Response Service

  • External Attack Surface Assessment
  • Indicator of Compromise (IOC) Determination
  • External Firewall Ruleset and Configuration Review
  • Malware In-depth Analysis
  • Malware Family and Type Identification
  • Malware Eradication
  • Initial Attack Vector Identification
  • Remediation
  • Kill Chain / Chain of Infection Determination
  • Internal Network Threat Analysis and Assessment (for selected customers only)

Incident Response Service Deliverable

External Firewall Ruleset and Configuration Review Report

Security Incident Report

Security Strengthening and Reinforcement Proposal

Threat Analysis and Remediation Report (for selected customers only)

External Attack Surface Assessment Report

Yearly Security Incident Report

Success Stories

Related Videos

Incident Response Video Thumbnail

Sangfor Incident Response Anti Ransomware Solution Animation Video


Sangfor Ransomware Response Playbook
  0.58 MB
08 Dec 2020
Sangfor Ransomware Protection Best Practices
  1.84 MB
08 Dec 2020