Customer Background

Our customer is a state-owned financial services organization in APAC responsible for managing long-term welfare and protection programs for a large public-sector workforce. With highly sensitive personal and financial data processed daily across multiple offices, the organization must maintain strict governance, meet audit and compliance requirements, and ensure uninterrupted service delivery.

A 25-person IT team manages a complex digital ecosystem of applications, endpoints, and network gateways, with only 2 staff members handling IT security as a secondary responsibility. As cyber threats grew in scale and sophistication, the organization needed a more reliable and proactive way to detect, validate, and respond to incidents, especially beyond office hours.

Cybersecurity Challenges

Before adopting Sangfor Athena MDR, the organization struggled with several People, Process, and Technology gaps that hindered their ability to maintain a strong security posture.

Pain Points Details
1. Limited Security Expertise and Capacity
• Only two IT staff handled security in addition to infrastructure responsibilities.
• Only one staff member held a formal cybersecurity certification.
• Minimal internal capability for proactive threat hunting and deep incident analysis.
• According to the customer, building a 24/7 SOC coverage in-house would require ~10 dedicated security staff.
2. High Alert Volume and Manual Investigation Effort
• Daily alert volume exceeded 3,000+ events, but the team could review only ~10%.
• Alert handling relied heavily on manual log inspection via the firewall, slowing triage and follow-up.
• Based on the current practice, the customer shared that complex investigations could take 1–2 weeks, delaying validation and containment decisions.
3. Lack of 24/7 Operational Coverage
• Security monitoring was limited to business hours; alerts outside office hours often went unattended until the next business day.
• Detection-to-response delays could extend to ~12 hours or longer during weekends and holidays.
• The organization lacked a consistent after-hours escalation and response workflow.
4. Fragmented Tools and Limited Visibility
• The environment used multiple disconnected solutions (e.g., Sangfor, Kaspersky, Fortinet), creating fragmented visibility.
• No unified platform to correlate endpoint and network telemetry across tools.
• Collecting and consolidating logs across systems often took nearly a full day before analysis could begin.

Sangfor Security Solutions

To address their operational gaps and strengthen security resilience, the organization adopted Sangfor Athena MDR, a fully managed 24/7 threat detection, investigation, and response service, in a cost-effective package that also includes Athena EPP and Athena NDR. Together with their existing Athena NGFW, these solutions form a unified security operations solution with native telemetry, enabling seamless visibility and faster investigations across endpoint and network activity.

Solution Summary:

  • MDR Platform with native Athena EPP, NDR, and NGFW telemetry, ensuring both endpoint and network coverage
  • Security GPT GenAI-assisted analysis for faster and more accurate incident validation
  • A secure, ISO/IEC 27001–certified Security Operations Center (SOC)
  • A global team of 450+ security experts

Athena MDR now protects the organization's entire environment, providing continuous monitoring and rapid response across both endpoint and network vectors.

Why They Choose Sangfor Athena MDR

The customer was already using Sangfor Athena NGFW and had previously tested Sangfor Athena EPP, which gave them strong confidence in Sangfor’s detection accuracy and the responsiveness of its support engineers. This positive experience established a solid foundation of trust and influenced their decision to adopt Athena MDR as the next step in strengthening their security operations.

They chose Sangfor Athena MDR primarily because the service offers a 30-minute SLA for detecting, analyzing, and responding to critical-severity alerts, far faster than what the organization could achieve internally. The assurance of remote containment support, even outside normal working hours, was also a key factor, as it ensured threats could be addressed before escalating into major incidents.

In addition, the customer valued the unified ecosystem across Sangfor’s firewall, endpoint, and MDR platforms. This tightly integrated stack significantly reduces operational complexity and minimizes the gaps often created by disjointed third-party tools and manual triage processes. Their prior hands-on testing experience, combined with consistent and reliable support from Sangfor engineers, further reinforced their confidence that Sangfor was the right partner to enhance their threat detection and response capabilities with the Athena MDR service.

Solutions Benefits & Outcomes

To understand the tangible impact of the transition, here is how the organization’s security operations evolved before and after integrating Sangfor Athena MDR.

Pain Points Before Athena MDR After Athena MDR Benefits
1. Limited Security Expertise & Capacity Small team; not scalable in-house (~10 staff needed for 24/7). Equivalent 24/7 SOC delivered as a managed service backed by 450+ experts. Up to 55% staffing cost avoidance vs. in-house SOC. Augmented Expertise & Cost Avoidance
2. High Alert Volume & Manual Investigation Effort 3,000+ alerts/day; only ~10% reviewed; investigations took 1–2 weeks. Alerts requiring review down by 60.2%; true positives/findings down 75%. ~435 hours/month saved (~3 FTEs). Investigation and response cycles shortened by ~80%, improving efficiency by 4x–6x. Major Reduction in Noise & Workload
3. Lack of 24/7 Operational Coverage No after-hours coverage; delayed response until the next working day. 24/7 SOC monitoring and triage. Alerts are attended within ≤2 hours based on severity, delivering up to 83% faster MTTN compared to before. Stronger Resilience & Business Continuity
4. Fragmented Tools & Limited Visibility Disconnected tools; manual log consolidation took ~1 day. Unified telemetry across Athena EPP + NGFW + NDR, reducing manual log collection and preparation from nearly a day to minutes (98.96% time reduction). Unified Visibility & Faster Investigations

Detailed Breakdown of Benefits & Outcomes

1. Augmented Expertise & Cost Avoidance

Before Athena MDR, the organization operated with a small security function that was not scalable in-house. Building comparable 24/7 monitoring, analysis, and response capability internally was estimated to require ~10 dedicated security staff, excluding investments in SOC tools (e.g., endpoint analytics and SIEM platforms), professional training, and ongoing overhead.

Athena MDR now delivers the equivalent of a fully staffed 24/7 SOC as a single, managed service—bringing together security experts, technology, native telemetry, and proven response processes. It is backed by a global SOC of 450+ security experts, giving the organization immediate access to specialized capability without adding internal headcount. The organization achieved these capabilities within one month, accelerating time to value and operational readiness.

The MDR platform is also hosted locally in the same country as the customer, supporting data residency and sovereignty requirements. As a result, the organization significantly improved its security maturity while maintaining financial sustainability, achieving up to 55% staffing cost avoidance compared to building an in-house SOC (excluding additional tooling licenses, overhead, and facilities costs).

2. Major Reduction in Noise & Workload

Previously, the organization faced 3,000+ alerts per day, yet could review only ~10% due to manual triage, limited tools, and constrained bandwidth. Complex investigations often took 1–2 weeks, leaving potential threats exposed and delaying containment decisions.

After adopting Athena MDR, the Sangfor MDR team manages alert triage, validation, and incident notification, allowing the internal team to refocus on operational priorities and strategic improvements. Instead of being overwhelmed by raw alerts, the organization now receives only verified, actionable incidents, shifting daily work from log-chasing to focused decision-making.

In practice, alerts requiring internal review dropped by 60.2%, reflecting a substantial reduction in noise and false positives. Confirmed findings/true positives also decreased by 75% when comparing the first month of service to the last three months of service at the time of data collection (Aug–Oct 2025), indicating stronger prevention against existing threats and improved security resilience over time. Assuming 15 minutes per alert, Athena MDR saved approximately 435 staff hours per month, equivalent to about 3 FTEs (excluding backup and staff redundancy) of manual triage workload. In parallel, investigation and response cycles shortened by ~80%, improving efficiency by 4x–6x.

3. Stronger Resilience & Business Continuity

Before Athena MDR, the IT team could review alerts only during working hours. This often created significant response delays—up to 12 hours between detection and action, and even longer if alerts appeared during weekends and holidays—introducing blind spots that increased the risk of escalation.

With Athena MDR, the organization benefits from 24/7 SOC monitoring and triage, ensuring consistent coverage beyond office hours. Alerts are attended within ≤2 hours, depending on severity, delivering up to 83% faster mean-time-to-notify (MTTN) compared to the previous approach. (MTTN represents the average time between verification of a valid alert and customer notification.) In addition, Sangfor’s dedicated MDR Customer Success Manager (CSM) ensures verified alerts are communicated immediately via instant messaging, avoiding the delays that can occur with email-based notifications when IT teams are overloaded with operational tasks.

Since implementing Athena MDR, critical incidents are detected and escalated even during non-working hours, helping ensure threats are addressed before they disrupt operations. This continuous protection has strengthened the organization’s resilience—and since adopting MDR, it has experienced no significant security incidents or business interruptions.

4. Unified Visibility & Faster Investigations

Previously, investigations depended on disconnected tools and manual log consolidation, which could take ~1 full day before meaningful analysis could begin. The lack of unified telemetry made correlation difficult and slowed root-cause analysis.

With Athena MDR, the organization gains unified telemetry across Athena EPP + NGFW + NDR, enabling native correlation of endpoint and network signals. The Athena MDR platform consolidates telemetry from endpoints, firewalls, and network activity and is monitored 24/7 by SOC security experts who leverage Security GPT to accelerate investigation and validation. By unifying these signals, the MDR team can quickly identify true positives, assess the attack path, and guide the customer through appropriate containment steps.

As a result, manual log collection and preparation has been reduced from nearly a full day to minutes, a 98.96% reduction in time spent on pre-analysis work. This frees up nearly eight hours per investigation for higher-value activities such as patching, security audits, and system improvements, while also enabling faster root-cause analysis, clearer attack-path reconstruction, and more accurate impact assessment through consistent correlation and AI-assisted insights.

5. Positive Customer Experience

The customer highlighted two standout aspects of their experience with the Athena MDR service:

  1. Structured and Fast Notifications

Incidents are delivered with clear, concise summaries, making it easy for non-specialist stakeholders to understand what happened and what actions are required.

  1. Responsive Support and Reliable Assistance

The MDR team’s quick validation and ability to guide remote response have increased the organization’s confidence that threats are handled promptly, even outside working hours.

Conclusion

This case study demonstrates how a government-linked organization significantly enhanced its cybersecurity resilience with Sangfor Athena MDR, achieving:

  • Faster detection and response, improving from weeks to minutes
  • Greater operational efficiency, reducing the burden on its small IT security team
  • Improved visibility, thanks to unified endpoint and network telemetry
  • Stronger business continuity, with consistent 24/7 protection
  • Lower annual operating costs compared to building an internal SOC

With Sangfor’s dedicated MDR experts, the organization can now maintain a confident, proactive security posture without expanding headcount or complexity.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Education

Unika Atma Jaya: From Siloed Tools to Unified Defense with Sangfor Athena XDR

Date : 15 Dec 2025
Read Now

Malaysian Utility Company Achieves Cyber Resilience and Compliance with Sangfor Athena MDR

Date : 08 Dec 2025
Read Now
Healthcare Providers

Major Hospital Avoids a Serious Data Breach with Sangfor Athena MDR

Date : 27 Nov 2025
Read Now

See Other Product

Platform-X
Sangfor Access Secure - A SASE Solution
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2025
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail