SANGFOR NGAF : NEXT GENERATION FIREWALL
Smarter Security Powered By Artificial Intelligence
The World First Fully Integrated NGFW + WAF
- One Management Panel for All Security Operations
- Security Expertise Enablement Through Visualization
- Do More With Less. Minimum 50% of TCO Reduction
- Reduce Security Hardware Footprint Up to 70%
- All-in-One Integrated Endpoint Security Management
Gartner : Magic Quadrant for Enterprise Network Firewalls
New World. New IT. New Security
The IT industry is constantly evolving. The Internet has given IT trends like cloud computing, BYOD and IoT adaptive advantage over previous insular methods of connection, with business-critical applications and IT services hosted remotely and accessible 24/7 on an endless array of devices in an endless number of locations. These adaptable trends survive because they are the fittest, but is network security evolving at the same pace?
Ethics has never played the greatest role in the process of evolution and the IT industry is no exception. Information is the newest global business currency and sensitive data like financial information and confidential corporate information is understandably the target of coevolving corrosive elements like defacement, ransomware and malware.
The security market has responded with many granular security solutions but less than 40% of enterprises have progressed to Next Generation Firewall protection methods. Those organizations who are protected by Firewall or IPS often neglect to evolve their security protection into the realm of Web Application Firewall or more comprehensive and proactive methods of protection. WAF and deep-learning security components are often seen as an additional investment with few monetary benefits, while the protection offered by NGFW & IPS is becoming too general and reactive with the increasing number of evolving web vulnerabilities.
In 2017, a new variation of ransomware called WannaCry infected more than 99 countries, attacking governments, schools, hospitals, and other industries. It was this incident that made ransomware well-known to the public.
Ransomware is a malicious software that cyber-criminals use to hold your files (or computer) for ransom and requiring you to pay a certain amount of money to get them back by encrypting your files. Since its been discovered, Ransomware has been growing at a tremendous speed with more and more users being infected, both companies and consumers. This is critically aecting the productivity & reputation of many companies, which many of them are paying in the end.
More and more varients are now being spread such as XBash, which are focus on data system destruction and crypto currency mining. Application security is no longer optional. Between increasing attacks and regulatory pressures, organizations must establish effective processes and capabilities for securing their applications and APIs (source: OWASP, 2017). With risk awareness & cost concerns delaying the evolution of true organizational security, many businesses are simply taking what’s offered with no consideration given to (or no idea of) true needs.
SANGFOR Next Generation Application Firewall
Sangfor NGAF is a converged security solution providing protection against IPS, advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like FW, IPS, AV, Anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. Sangfor NGAF uses its own Cloud Sandbox to isolate possible emerging threats that haven’t yet been added to any security database, making it especially effective against 0-day attacks.
Neural-X, Sangfor’s newest security innovation, is at the core of a sophisticated web of Sangfor developed network security elements like threat intelligence, deep learning, WAF, ZSand, Botnet Malware Detection and Engine Zero. As a cloud-based intelligence and analytic platform powered by Artificial Intelligence (AI), Neural-X empowers and expands security detection capabilities for Sangfor’s network, endpoint, and security-as-a-service oerings.
Smart World, Safe World with Sangfor Innovations
Neural-X is at the center of a sophisticated web of Sangfor developed network security elements. As a cloud-based intelligence and analytic platform powered by Artificial Intelligence (AI), Neural-X powers and expands security detection capabilities for Sangfor’s network, endpoint, and security-as-a-service offerings.
Neural-X contains dozens of interconnected components designed to work together seamlessly to keep your system both safe and secure including engine zero, threat intelligence, deep learning, sandboxing and botnet detection.
Engine Zero is an underlining malware detection engine that is built upon a set of powerful artificial intelligence technology, and enhanced by a team of data scientists, security analysts and white hat researchers. This engine is one of many malware inspection engines embedded in Sangfor’s network security solutions, end point solution and Neural-X cloud platform. It is very effcient and utilizes very little resource. Only such eciency can provide malware inspection for known and zero-day attacks on the network gateway with almost no impact on performance. In recent tests (July 2018), our malware detection rate scored the highest in terms of accuracy, surpassing other vendors and open source alternatives.
Neural-X is at the core of Intelligent threat detection and defense. Threat Intelligence is organized, analyzed and refined information that enables organizations to understand, assess and prevent against known and severe risks from external sources.
Sangfor ZSand is a virtual dynamic execution technology (sandboxing) designed to detect unknown malware. Sangfor ZSand detonates suspected malware in a safe and controlled environment and monitors the abnormal behaviors of these files for future recognition and prevention. In recent tests, it has accurately detected ransomware families including GandCrab, Zusy, GlobeImposter and LockCrypt. ZSand shares all data with Neural X threat intelligence making it possible to identify and study malware with no known previous signature, reducing the risk of future zero-day attacks.detection, identification and elimination within Neural-X.
Deep learning is a complex element of machine learning inspired by the function of interconnecting neurons in the human brain. It is part of Artificial Intelligence and can be considered as an evolution to Machine Learning. As the names goes, it can learn by itself by obersving and processing milllions of data so that it can make more accurate & faster predictions.
One of the way Neural-X uses deep learning is to break down cryptic domain names into vectors that are machine readable. In-depth analysis of vector association detects domain names used by malwares of similar families. Over time the deep learning function will begin to operate and learn independently – thus maintaining a proactive approach to malware
Hackers are becoming more sophisticated by abandoning fixed IP addresses and use dynamic domain names instead. These cryptic domain names are used to connect botnets to their controller using secret algorithms. They are notoriously difficult to detect because DNS queries behave similarly to the average user. Neural-X uses advanced flow analysis, visual calculation and deep learning technology to uncover botnets. It is able to uncovered significantly more malicious domain names compared to popular sources such as VirusTotal. So far, it has ncovered over a million malicious domain names and this list is growing daily.
Next Generation Web Application Firewall
The Next Generation WAF engine, which is integrated in Sangfor’s next-gen firewall, was developed to protect against new web-based attacks such as SQL injection, web shells, struts2 injection, and deserialization flaws. Sangfor’s NGWAF engine uses machine- and deep-learning to analyze attack behaviors. It enhances detection rates and decreases false positives from traditional SNORT-based detection engines. By modeling attack behaviors, a threat model is created to easily manage the applications’ system threats.
Sangfor Concept of Security
Network Security has not experienced an equal evolution in all verticals – security experts have differing opinions, expectations and needs across different sectors and different locations. While some define network security as protection against unauthorized access to files and data, others focus on firewall, anti-virus and botnet detection. Traditional security solutions have limited visibility of users, traffic and IT assets with no real-time or post-event detection capabilities. With increasing attacks on the application layer, network security needs to evolve further to keep up with emerging threats.
Sangfor Technologies has a new concept of network security to counter new and more dangerous threats. We go further to provide a complete protection solution for all users against all threats, internal or external, existing or future. Sangfor’s evolutionary adaptation of network security follows 4 fundamental points which form the core of our market strategy:
Sangfor NGAF is a converged security solution, which provides protection against advanced persistent threats (APT), malware (virus, ransomware) and web-based attacks. Sangfor NGAF has integrated complete security features, such as Firewall, Intrusion Prevent System (IPS), Anti-Virus (AV), Anti-Malware engine, APT Protection (Advanced Persist Threats), URL filtering, Cloud Sandbox and Web Application Firewall.
Sangfor NGAF uses its own Cloud Sandbox to help users isolate potential emerging & new threats that haven’ t been included in any security database, which is especially useful against 0-day attacks.
The human element is still one of the weakest elements in any organization security operation team. With thousands of logs, it is almost impossible to go through each one of them. This is why many NGFW will filter all logs and only shows the ones with the highest level of importance. However even with this, it is still possible to make errors.
That is why Sangfor is now going further and has implemented artificial intelligence in all of its security innovations, such as malware detection “Engine Zero”, Next generation WAF and new Botnet detection engines.
All these engines are sharing the same threat intelligence, which is provided by Sangfor cloud-based Neural-X platform. Using machine learning, it can detect the new unknown threat without any existing signature in advance and prevent any harms to your organization.
Real-Time Monitor of Threat Intelligence
- Over 20,000 connected network gateways provide IOC that includes malicious URL, IP, domain names and malware hashes with the number of participating gateways doubling every year.
- Third party threat intelligence feed.
- Sangfor security R&D into both white hat and black hat communities.
Real Case Scenario
If Sangfor NGAF detects an unusual outbound connection on a server connected to the internet, it sends the suspicious DNS address to Neural-X for verification. If threat intelligence has classified this particular DNS as a known C&C server, it’ s likely the server has been compromised. NGAF can be programmed to block these C&C communications so no further damage can be caused and to also send alerts to firewall operators for further investigation and processing.
AI Powered Detection Engine
Engine Zero VS Traditional Detection Technologies
Traditional detection technologies mainly include MD5, virus signatures, rule matching, virtual execution and sandbox. In theory, their detection ability becomes stronger from MD5 to sandbox, with the performance decreasing and cost increasing. Compared to these traditional technologies, Engine Zero has the following advantages:
- Strong generalization ability to detect unknown viruses or new variants. Thanks to the generalization ability of machine learning, Engine Zero can identify unknown viruses or new variants of known viruses without having to see samples. However, traditional solutions need to get samples first, which can cause lag. A detailed explanation of this can be found in Section 2.2.1.
- Fast speed. Near-linear scan speed close to MD5.
- Low memory occupation. In terms of resource cost, Engine Zero only occupies less than 200MB of memory, which is smaller than the known traditional engines.
- High degree of automation. Engine Zero’s model can automatically learn and extract features without human intervention. The model evolves in the cloud, with the detection ability and automation degree improved. However, traditional detection technologies require virus experts to manually extract virus fingerprints and signatures, which is not only costly but also lagged. It may cause the virus to appear for a long time since the traditional anti-virus vendors can update the virus database.
The insufficient traditional detection solutions also have unique value. For example, they can response to the black-and-white list mechanism more quickly. Therefore, the design of Engine Zero will also adopt some traditional technologies to form a malicious file detection solution based on AI and traditional technologies.
Protection of Business Assets
Sangfor NGAF is good at discovering and protecting business assets. Sangfor NGAF can automatically discover your organization’ IT assets, discover the system vulnerabilities in real-time, and continuously protect the IT assets.
Moreover, with its proactive protection, Sangfor NGAF is capable of applying virtual patching, identify weak passwords, and hidden applications in all IT assets.
With its Next Generation WAF engine, which use learning and semantic analysis, will help to protect against the most common attacks such as webshell, struts2 injection, and deserialization flaws. It can also learn to analyze the attacks and the attack behaviors. It’ ll enhance the detection rate and decrease the false positive of the traditional SNORT based detection engine. With the modeling of the attack behaviors, the threat model will be created for customers to easy manage the application system threats.
Traditional WAF Engine
Sangfor Next Generation WAF
|– Unable to detect unknown threats and exploits
– Easy to bypass
– Common false positive SQL injection detectionLow-level performance
|– Comprehensively surpasses sort rules to identify unknown threats and high-risk vulnerabilities
– Automatically learns by modeling normal business trac, reducing false positives by 62.4%
Simplified Security Operation
Even small or mid-sized organization without a specialized IT security team often receive thousands of alerts per week, requiring the IT department to dedicate man-hours to investigation and analysis, and increasing operational costs. The IT nightmare is just beginning, as they are now responsible for limiting downtime, identifying the root cause and taking action to mitigate damages and prevent future attack from the same source. Those organizations still using traditional security solutions without any intelligent or automated reporting tools are at a severe disadvantage. Without 360° visibility and clear analytics and reports, effective security becomes exponentially more difficult.
Sangfor NGAF provides reliable and effortless security with easy deployment and simplified operation and maintenance features, enabling an effective and safe IT environment. The NGAF Configuration Wizard streamlines security policy deployment while integrated intuitive reporting tools provide end-to-end visibility of the overall security of an organization from business systems to endpoints.
Sangfor NGAF simplifies daily security operations by helping to identify real and risky security events among thousands of alerts and providing guidance and suggestions for the best solution.
These expansive visibility components allow the IT department and business owners to execute proactive checks of their system online or offline, thus providing a secure environment for all business systems.
Security is growing increasingly complex with malicious trac intermingling with legitimate trac and authorized users both at risk of attack and (knowingly or unknowingly) a potential risk to the network. Sangfor believes that visibility of the entire network is the foundation of solid network management. Administrators need to clearly see and understand all risks to information assets and track users and behaviours in order to recognize security threats and eliminate them in a timely manner.
Data and statistics on past and current threats is vital, but there is also a need for further analysis of the correlation between users, behaviours and business systems. By evolving security into a 360 view of the network, users can gain a better understanding of where the attack originated, the attack process, repair any damage and proactively defend against further attacks.
Sangfor NGAF Reporting Tools give our customers an extensive overview of their network with just a few clicks. Information like online user identity, server or abnormal trac and attack status and source are just a few of the visibility resources provided.
Effective Analysis & Presentation: Risk Positioning | Analysis of Data | Graphical Display.
Broader Visibility: User | Behaviour | Business | Threats | Risks | Security Events.
Neural-X is at the core of NGAF intelligent threat detection and defence. Neural-X uses deep learning and in-depth analysis of vector association to detect domain names used by malware of similar families. The deep learning function is designed to operate and learn independently – thus maintaining a proactive, innovative and highly visible approach to malware detection, identification and elimination.
Intelligence is the key to visibility and Sangfor NGAF and Neural-X aim to provide a wholistic view of the network with comprehensive visibility from endpoints to business systems.
Sangfor Platform-X is a cloud-based security management platform, equipped to manage all Sangfor security products in the cloud by collecting, analyzing and displaying all security logs. Through integration with Sangfor’s cloud-based security solution, Neural-X, Platform-X enables comprehensive security and detection by alerting administrators to attacks or threats in real-time, thus vastly simplifying security operations.
Visible Centralized Security
Platform-X unifies security device log collection, provides analysis and displays results. In addition, it provides topology-based security incident monitoring, security status evaluation and reporting, correlated incident detection and processing between security devices.
Shared Threat Intelligence
Collaboration of in-depth big data analytics, security analysts and white-hat researchers, has equipped Platform-X to eectively identify advanced attacks and potential threatening behavior, and provide critical indicators for investigation and threat identification.
Unified Device Management
Platform-X provides unified hardware status monitoring, firmware upgrade, policy synchronization, and remote login without password.
|Firewall||Web Application Firewall|
– Policy routing, static routing, RIP v1/2, OSPF, BGP, and GRE.
– Application policy-based forwarding, NAT (1-1 NAT, many-to-one NAT, NAT46, NAT64, and many-to-few NAT), VLAN tagging
– IPv6 & IPv4 supported
– Support multi cast trac, SNMP v3, and Syslog server with UTF-8 format
– Intelligent Dos/ DDos prevention
– ARP spoofing prevention
– HA fail-over time less than 1 second
– Support at least 10000 security policies
– Policies basis with “first come first match”
– Provide management via SSH, HTTPS, CLI, and Web-based GUI
• SSL VPN
• IPsec VPN
– IPSec Protocol: AH, ESP
– D-H Group: MODP768 Group(1), MODP1024 Group(2), MODP1536 Group(5)
– IPSec Authentication Algorithm: MD5, SHA-1. SHA-2
– IPSec Encryption Algorithm: DES, 3DES, AES-192, AES-256. SANGFOR_DES
– Auto VPN, support creating and manage VPN connection from Central Management Console Support SDWAN path selection policy
– Intelligent Routing: Specific application routing, support routing based on remaining bandwidth, and best quality routing based on QOE detection
– Dynamic Routing: RIP, OSPF, BGP
– Tunnel Failover: Supports failure second-level switchover
– Easy to deploy with step by step email instructions
– Visualization of equipment operating status and geographic location distribution
– Visualization of VPN link status and delay
– Configuration batch management-support
– Support for GRE
– Support access to the centralized management platform (Central Manager), for unification management of branch appliances
– Support for SD-WAN networking solution, rapid deployment of VPN through Sangfor Central Manager
– Support for IPv6 services to meet the needs of user networks with IPv6 requirements
|• Web-based attack prevention
– Support SNORT based and semantic detection engine to
– Defend against the 10 top major web-based attacks identified by the Open Web Application Security Project (OWASP)
– Web-based attack rules database
– Support custom WAF rules
• Parameters protection
– Proactive protection of automatic parameter learning
• Application hiding
– Hide the sensitive application information to prevent hackers from mounting targeted attacks with the feedback information from the applications
• Password protection
– Weak password detection and brute-force attack prevention
• Privilege control
– File upload restriction of file type blacklist
– Specify access privilege of sensitive URL such as the admin page for risk prevention
• Buffer overflow detection
– Defend against bu‑er overflow attacks
• Detection of HTTP anomalies
– Analyze anomalies of the fields of the HTTP protocol via single parsing
• Secondary authentication for server access
– Server access verification by IP address restriction and mail authentication
|Data Leakage Prevention|
|• Data leakage detection and prevention
– Control and detection over multiple types of sensitive information (customizable)including user information, email account information, MD5 encrypted passwords, bank card numbers, identity card numbers, social insurance accounts, credit card numbers, and mobile phone numbers
• File downloading control
– Restrict suspicious file downloading
|Threats Prevention||User Access Management|
|• Full SSL inspection
– SSL inspection to all security modules including IPS, WAF, ATP, Access control, etc.
• Cross-module intelligent correction
– Policy association of IPS, WAF and APT prevention modules.
– Cross-module visibility reporting analysis
• Threats prevention
– APT (Advanced Persistent Threat), Remote Access Trojan, Botnet, malware detection
– Cloud-based Sandbox threats analysis
– AI based malware detection engine, covering threats type of Trojan, AdWare, Malware, Spy, Backdoor, Worm, Exploit, Hacktool, Virus, etc.
– Use cloud intelligence to prevent unknown and advanced threat.
– Scan and kill viruses infecting HTTP, FTP, SMTP and POP3 trac as well as viruses infecting compressed data packets
– Support remove virus from detected malicious files
• Email security
– Categorize and filter various forms of malicious emails.
– Support detection deep into email body and attachments.
– Support place warning messages into email title to avoid users from opening malicious emails
|• User identity:
– Mapping by IP, MAC, IP/MAC binding, hostname and USB-Key. User account import from CSV file and LDAP Server.
– SSO integration with AD domain, proxy, POP3 and WEB
• Internet content classification
– Cloud-based URL/APP classification engine
• Access control
– Policy configuration oriented toward users and app
|• Built-in report center
– Full visibility to network, endpoint and business servers with multi-dimensional analysis of risks, vulnerabilities, attacks, threats and behaviours
– Threats analysis for specific attack by Description, Target, Solution
– Support visualization into cyber kill chain
– Business Systems based reporting
• Report subscription
– Support PDF format and automatically send to pre-defined mailbox on daily/weekly/monthly basis
|IPS||• Configuration Wizard
– Guideline for deployment and policy configuration
– Gateway (Route mode) | Bridge mode | Bypass mode | Multiple Bridge mode (2- 4 bridges) | Virtual Wire
• High Availability
– Active-Active | Active-Passive
– Hardware bypass in the event of hardware failure
• Central Management
– Support central management of multiple NGAFs
– Support quick deployment from Central Management Console
|• IPS signature database
– Prevention against vulnerability exploits towards various system, application, middleware, database, explorer, telnet, DNS, etc.
– Employ cloud-based analysis engine
– Allow custom IPS rules
– Database update once a week
• Certificate and partnership
– Common Vulnerabilities and Exposures (CVE) compatibility certificated
– Microsoft Active Protections Program (MAPP) partnership
|Risk Assessment and Security Service|
|• Risk assessment
– Scan and identify security loopholes such as open port, system vulnerabilities, weak passwords, etc.
• Web scanner
– On-demand scanning of targeted website/URL to discover the system vulnerabilities.
• Real-time vulnerability scanner
– Discover vulnerabilities in real-time and protection against 0-days attacks
• SANGFOR threat intelligence service
– Threat intelligence to deliver the latest vulnerabilities, malware and security incidents information with advisory alerts for policy creation
Dapatkan segera harga ter-update dan terbaik untuk produk SANGFOR NGAF Firewall Platform hanya di PT. Platindo Karya Prima.