Brief Overview

While Cross-layered Detection & Response (XDR) products have become very popular by improving threat detection, they have not done well-defending systems from malware and APT threats. Their biggest limitation is, being centered around endpoint protection, they do not truly coordinate with network devices; no sharing of anomalous behavior or coordinating responses.

Sangfor XDDR is a framework that goes beyond traditional XDR by implementing a real integrated security solution, providing a holistic response to malware infections and APT breaches across the entire organization’s network, with ease of management, operation, and maintenance.

XDDR directly integrates Sangfor and certain third-party products together, allowing them to directly communicate with each other, extending and overlapping their spheres of influence. This allows an unprecedented correlation of anomalous behavior between endpoints and that seen on the network and in the cloud.

XDDR puts emphasis on the coordinated response, ready to contain and mitigate that one breach WHEN it happens.

• Scheduled or on-demand endpoint Secure vulnerability scanning initiated by NGAF
• Vulnerability Scan results sent back to NGAF for closed-loop patch recommendations, including global threat correlation.
• Enterprise asset tracking and rogue asset detection
• Endpoint Secure Protect Agent Ransomware honeypot capability
• Real-time Threat Intelligence (TI) from cloud-based Neural-X recognizes new malware signatures discovered by Sangfor TI sources
• Network-Wide Threat Disposal allows the administrator to respond quickly to a large malware outbreak
• NGAF integration can prevent malware from communicating with Command & Control servers and propagation across enterprise domains
• Cyber Command for enhanced threat detection/response