Mark the page
Contact form
If you are interested in our offer, use the form and ask a question to our specialist.

NDR Sangfor Cyber Command - Detect and respond to threats

NDR Sangfor Cyber Command Platform

Standard security features such as Firewalls and Antiviruses provide a barrier to protect our network from "outside" threats, effectively blocking most of the suspicious traffic. Most, not all...

500,000 new malware variants a day, zero-day attacks, AI-powered cyber attacks - all of this means that these days, in addition to standard "cyber-prevention" measures, we need an NDR system - a tool that detects and protects us from what may have already entered our network.

What is the NDR Sangfor Cyber Command platform?

Cyber Command (Sangfor NDR) is a best-in-class Network Detection and Response (NDR) solution designed to help entities detect and respond to threats that have found their way into the network. Cyber Command harnesses the power of artificial intelligence (AI) and advanced machine learning (ML) technology to monitor and analyze traffic across the network (not just north-south but also east-west) in real time, identifying and alerting security teams to any anomalies in network activity. These anomalies may otherwise look like harmless network traffic that has been manipulated or hidden by smart malware or sophisticated cybercriminal techniques.

Sangfor Cyber Command's NDR platform provides absolute visibility into the network environment, detecting hidden threats, ongoing malicious processes and security vulnerabilities. Sangfor NDR has a built-in SOAR module that enables users to automate actions in response to detected threats, significantly minimizing the impact of security incidents. All of this gives cybersecurity professionals who use the platform invaluable time and opportunities to take swift action.

How does the Sangfor NDR (Sangfor Cyber Command) platform work?

Network Detection & Response (NDR) systems monitor devices on our network, detecting anomalies and potential threats. To ensure maximum network visibility and efficiency of security mechanisms, the Sangfor Cyber Command platform was created from components that we can divide into sensors and collector.

Sangfor Stealth Threat Analysis (STA) is a sensor used in the Cyber Command solution. It is a hardware device that collects raw network traffic copied from switches (through so-called port mirroring or via TAPs) and extracts traffic metadata such as source and destination IP address, protocol, port, packet size, timestamp and other network-level data. It correlates the data into contextual event logs and then forwards them to Cyber Command for more in-depth analysis.

Cyber Command collects data from the STA sensor and applies artificial intelligence and machine learning techniques to correlate and analyze the data. Sangfor NDR then compares the results of the real-time analysis with established baselines of normal network behavior to detect anomalies hiding malicious activities, such as covert command and control (C2) communications, lateral movements disguised as business transactions and irregular user behavior indicative of insider threats.

Sangfor Cyber Command in the network topology

What's more in the NDR's Sangfor Cyber Command?

  • Golden Eye Function
    With the development of AI technology, Sangfor has enhanced its Cyber Command platform with a unique "Golden Eye" function that studies the behavior of compromised network assets and uses this information to strengthen external and internal system protection, uniquely improving threat hunting.
  • Integration across platforms
    The vendor realizes the difficulty and cost of migrating an entire infrastructure to another security system. That's why NDR from Sangfor is compatible with a wide variety of solutions and easy to deploy in data centers or branched locations.
  • Eliminating blind spots
    A huge blind spot in most organizations is the lack of visibility into threats that are spreading locally. Cyber Command offers 100 percent visibility into both East/West and North/South traffic - monitoring, analyzing, detecting threats and decoding data via network applications such as DNS or mail, and using advanced AI analytics to detect suspicious behavior.
  • Stealth Threat Analysis (STA)
    Existing security solutions may be able to block 99% of malware, but every day thousands of new malware variants emerge that can bypass security devices and cause damage. Cyber Command is able to detect the remaining 1% using enhanced responses from Stealth Threat Analysis (STA), a sensor that collects raw network traffic (via mirroring or TAP) from switches, extracts security events and detects unusual behavior.

What are the advantages of the Cyber Command solution?

Faster response

Cyber Command is connected to threat analysis and attacks at all levels of the attack chain - which means faster alerts on exploit attempts, slow brute force attacks, C&C activities, lateral moves, P2P traffic and data theft. Faster response is made possible through the use of incident analysis and tight integration with network and endpoint security solutions.

Integrated protection

Using and capturing the management of multiple security products on a single dashboard can be a challenge, but Sangfor's Cyber Command - combined with Sangfor Endpoint Secure and Next Generation Firewall (NGAF) - provides flexible and effective security in a simplified and comprehensive way - offering recommendations for endpoint and network correlation or patching.

Cost effectiveness

Sangfor Cyber Command offers integrated and complete threat detection and protection that won't break the bank and is far more cost-effective than other software security options - such as SIEM solutions.

Improved detection

Cyber Command uses advanced and intelligent machine learning software to detect all potential threats on a system. It performs a comprehensive impact analysis of known breaches to track "patient zero," evaluating all possible entry points. Cyber Command's unique "Golden Eye" feature examines the behavior of compromised resources, such as inbound and outbound connections and port and protocol usage, and uses this valuable information to strengthen the system's external and internal defenses.

Highest visibility

The Cyber Command Response Center provides a simplified and detailed visual representation of the entire attack chain - allowing you to monitor the entire detection and elimination process from a convenient, detailed dashboard. This provides full transparency and a holistic view of the security infrastructure.

What awards has the NDR Sangfor Cyber Command platform won?

Sangfor Technologies (Sangfor) has again been recognized as a representative vendor in Gartner 's Network Detection and Response¹ (NDR) market guide with its Sangfor Cyber Command product. 

This is the second time in a row that Sangfor has received this award since the Market Guide was first published in 2020. This follows Sangfor's recent inclusion as a key player in the Gartner Competitive Landscape: Network Detection and Response². We believe these accolades are a testament to Sangfor's continued commitment to NDR innovation and meeting the evolving security needs of organizations.

Sources:
1.Gartner Inc., Market Guide for Network Detection and Response, by Jeremy D'Hoinne et al, Published March 29, 2024.
2.Gartner Inc., Gartner Competitive Landscape: Network Detection and Response, by Christian Canales and Thomas Lintemuth, Published March 6, 2024.

Read more about Sangfor
Ask a specialist
Back to all solutions