Sangfor Incident Response

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Sangfor Technologies
Websitehttp://www.sangfor.com
Company size (employees)5,000 to 9,999
Type of solutionService

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

1. Determination of Potential External Threats
The external vulnerability assessment can simulate how an attacker identifies attack surfaces, gains entry to the network, and eventually focuses on exploiting a certain point to threaten the whole network. In this way, potential network-wide security vulnerabilities are determined.

2. Security Awareness Enhancement
Any potential vulnerability, no matter how small, identified from the external view of an organization has the potential for disaster. Therefore, the external attack surface assessment service enables the responsible personnel to effectively eliminate any tiny security defect, thereby reducing the overall security risk.

3. Security Skill Improvement
The user's security skills are improved during interaction with the investigators and analysts. In addition, the investigation results and lessons learned help customers in identifying the vulnerabilities and mistakes that may have been overlooked previously, allowing the customer to fixing the issue and prepare a remediation plan, reducing the likelihood of a secondary attack.

Brief Overview

Sangfor provides a closed-loop incident response service solution to organizations, separating security incidents into three major phases:

1. Pre-Incident Phase
In the pre-incident phase, Sangfor helps the organization assess external attack surfaces and vulnerabilities before the attack occurs. Organizations immediately know if existing network architecture, network setup, security practices, and security controls are sufficient to defend against malware attacks like Advanced Persistent Threat (APT) and most ransomware and mining viruses. Attack surfaces, vulnerabilities, weak areas, and risks are identified before the attackers can take advantage or exploit them. Organizations are advised to fix vulnerabilities and create a risk mitigation plan according to recommendations provided by Sangfor, reducing the likelihood of being attacked and keeping associated risks to a minimum.

2. Mid-Incident Phase
Should a malware attack successfully, the Sangfor Incident Response Team will provide immediate support, within the scope agreed to in the SLA, to mitigate the incident and minimize the impact. During this phase, Sangfor will assist customers by performing compromised machine containment, forensic investigation, evidence collection, and malware eradication.

3. Post-Incident Phase
After the impacted services have recovered and the incident case is closed, organizational business operations will be operating as usual. Sangfor will review the organizations’ protection capabilities against malware attack, and provide external attack surface assessment services and external firewall rule set and configuration review, ensuring that new vulnerabilities, weak points, and misconfiguration are identified, preventing similar attacks in the future.