According to the IDC report “PRC Quarterly Security Appliance Tracker 2018Q4", Sangfor is once again ranked second in the Chinese unified threat management market with Sangfor NGAF.
Development of NGAF with Insights of Security Market
The precise grasp of security trends and deep insight into user needs ensure the continuous growth of Sangfor NGAF at a high rate, ranking the second in the market.
In 2011, Sangfor has discovered that traditional security devices have been difficult to cope with the new threat situation. Based on the actual needs of local users, Sangfor was the first to introduce next-generation firewalls in China. Converged security provides users with more comprehensive and effective business security protection, leading the transformation and development of next-generation firewall technology in the country.
Converging WAF, IPS, anti-virus and other security functions, the next-generation firewalls have gradually gained recognition from users due to its efficiency, visualization, and easy management.
Evolution to Intelligence and Synergy with Continuous Innovation
Nowadays, next-generation firewalls have become a must-have for many enterprise users. However, in recent years, the continuous development of industries such as cloud computing, big data, and the Internet of Things leads to the growth of the exposure of security and global threats. In response, it is often necessary to face unknown types of malicious threats due to the development of black industries and diversified attack methods. Although the next-generation firewalls have been widely used, some users who deployed next-generation firewalls were still affected when the threats such as WannaCry broke out on a global scale. Obviously, this did not meet user expectations, and also highlighted the problems with next-generation firewalls in the market:
▪ Limited protection based on rule defense: only known threats added by the rule base can be prevented. When the rules are not added in time or new threats are not present, all defenses are made useless.
▪ Lack of a coordinated response mechanism: the next-generation firewall is only a single operation. Once the threat breaks through the border to spread the infection on the intranet, the next-generation firewall is completely powerless.
Based on insights into the growing threat landscape of new threats, Sangfor believes that next-generation firewalls must enter a smarter and more synergistic generation:
1. Intelligent evolution to effectively deal with unknown threats
Facing the emerging new types of attack threats, Sangfor NGAF is implemented with multiple security engines combined with artificial intelligence, and implement the continuous evolution of security capabilities based on intelligent behavior analysis and deep learning:
▪ Engine Zero: Using algorithms to automatically extract virus behavior characteristics, Engine Zero relies on the generalization ability of machine learning. Based on known variant characteristics, it can infer new variants and accurately detect threats such as unknown virus/variant ransomware through artificial intelligence deep analysis. In practical applications, the detection rate of mainstream ransom virus variants is as high as 97.2%, and the detection rate of some ransom virus families such as Bad Rabbit is 100%.
▪ The Botnet Detection Engine: It can accurately identify the missing host and comprehensively prevent the threat from the host through detection of C&C connection control, such as through DGA detection, DNS hidden tunnel detection, hard-coded domain name detection, threat intelligence and reputation service, as well as host behavior detection such as mining, extortion, DDoS, etc.
▪ The Next Generation WAF Engine: The Next Generation WAF engine, integrated with Sangfor's NGAF, was developed to protect against advanced web-based attacks like SQL injection, web shells, struts2 injection and deserialization flaws. It uses machine and deep-learning to analyze attack behaviors, enhancing detection rates and decreasing false positives common with traditional SNORT-based detection engines. By modelling attack behavior, a threat model is created to easily manage applications' system threats.
2. Collaboration of Network and Cloud Intelligence to achieve a safe and effective closed loop
Sangfor next-generation security protection system is built on the collaboration of cloud, border, terminal and comprehensive risk management capabilities through innovative architecture. Users can use the next-generation firewall as the main appliance, and continuously enhance the security capabilities of the firewall through the cloud. The deep detection capability of the next-generation firewall collaborating with the threat response capability of the terminal, can minimize the risk, effectively resist threats such as ransomware and malicious viruses, and reduce the risk of threat spreading in the network.
Sangfor Neural-X is the security capability center of the next-generation firewall. Through global threat intelligence data, based on big data analysis, multiple artificial intelligence engines and security expert teams, the algorithm model is continuously trained in cloud sandbox, popular threat intelligence and threat behavior. Sangfor Neural-X can continuously enhance the security capabilities of next-generation firewalls and improve the response speed of next-generation firewalls. The response for popular threats is completed within 10 minutes from sample acquisition to capacity release.
At present, Sangfor NGAF has more than 40,000+ users, and has been widely recognized by users in various industries including government, medical, education, finance, and enterprises, etc. Being “future-oriented and with effective protection”, Sangfor NGAF will continue to insist on the value proposition of “integrating security simply and effectively” and increase security capabilities to defend against security threats for users.