Malicious Processes from Malware and APTs
350,000 new malware variants are discovered daily, yet malware detection is only 99.5% successful; 1750 new malware variants have the potential of breaching your organization every day. Malware and advance persistent threats (APTs) are extremely successful in breaching organizations by installing tiny stub applications that can wait a long time to trigger before downloading malicious payloads like ransomware, botnets, and cryptominers. These payloads are also stealthy and almost impossible to detect, regularly avoiding anti-virus, anti-malware, EDR and XDR solutions. A proactive strategy is needed to prevent these malicious processes from taking hold on your servers, desktops, and laptops.
Sangfor XDDR takes application control to the next level with Application Containment by integrating and correlating endpoint, container, or workload application behavior with their behavior on the network. Endpoint Secure sends the programs running on the endpoint to the NGAF or IAG where it displays anti-proxy/VPN processes as well as the top 300 running applications. Application Containment policies can be created on the NGAF and IAG based on the applications running to block or monitor specific applications.
Granular Application Control
Sangfor NGAF or Sangfor IAG working with Endpoint Secure provides several ways for Application Containment to identify and block or monitor applications of interest:
- Proxy Avoidance Protection has a library of well-known anti-proxy applications, anonymous browsers, and VPNs to create blocking/monitoring policies enforced by the Endpoint Secure Protect Agent. Learn more about Proxy Avoidance Protection.
- Whitelisting/Blacklisting can be implemented by selecting from the running applications reported to the NGAF by Endpoint Secure.
- Peripheral Control manages access to USB devices such as portable drives, thumb drives, mobile devices, cameras, etc. Allowed devices can be whitelisted.
- Network Control enables Endpoint Secure to send port and connection information to NGAF where it can block malicious connections such as malware command & control communications or lateral propagation of malicious software.
Take Back Control from Rogue Applications
Sangfor NGAF, IAG and Endpoint Secure cooperate directly together enabling Application Containment to provide real-time visualization of allowed and malicious application communications throughout the network, which is vital for preventing lateral propagation of ransomware, malware, and APTs. Sangfor NGAF, IAG and Endpoint Secure coordinate responses so Application Containment can provide real-time blocking and monitoring of unapproved or malicious applications.
Take back control from rogue applications delivered by ransomware, malware and APTs that users brought into your network, with Sangfor Application Containment, and block users from bypassing your internet access control policies to prevent them from bringing them in again.