Threat Intelligence

Threat Intelligence Overview

Neural-X’ Threat Intelligence is compilation of vast amounts of organized, analyzed and refined data that enables organizations to understand the most common and severe known & unknown risks as well as external threats. All of Sangfor’s many security products can be connected to the Neural-X TI platform providing up-to-date reputation services enabling more informed decision making.

Here are some applications:

  • If Sangfor NGAF detects an unusual outbound connection on a server connected to the internet, it sends the suspicious DNS address to Neural-X for verification. If threat intelligence has classified this particular DNS as a known C&C server, it’s likely the server has been compromised. NGAF can be programmed to block these C&C communications so no further damage can be caused and to also send alerts to firewall operators for further investigation and processing.
  • Similarly, if Sangfor IAM detects a web browsing request from a protected user with destination URL connected to a web server that is known to have been hijacked, IAM can block the outbound connection, preventing the user from unknowingly downloading malware.

Real-time Monitor of Threat Intelligence

Threat Intelligence

 

Intelligence Sources

  • Over 20,000 connected network gateways provide IOC that includes malicious URL, IP, domain names and malware hashes with the number of participating gateways doubling every year.
  • Third-party threat intelligence feed.
  • Sangfor security R&D into both white hat and black hat communities.

 

Take Back Control

Sangfor leverages the power of Threat Intelligence to put IT and network security control back in the hands of users and businesses and take it away from malicious programs and users. Sangfor offers incredible benefits including:

  • Domain Names : Stop any compromised botnets from connecting to known command and control servers
  • File Reputation: Near real-time detection of malicious files without AV signature updates.
  • IP Reputation: Detects DDoS, malicious scans and phishing campaigns.
  • URL Classification: Protects users from malicious URLs