Sangfor Next Generation

Application Firewall

Product and Marketing, Sangfor

You Can’t Protect Against the Unknown

Unknown & Exposed Devices

Network and Application Threats

Unknown & Non-Classified Traffic

1
Attacks Bypass Traditional Protection

• WannaCry Ransomware infected • In a recent Barkly survey of companies who suffered

200,000 machines in four days ransomware attacks in the past 12 months:
across 150 countries. o 100% of customers were running anti-virus
o 95% of attacks bypassed traditional firewall
o 77% of attacks bypassed email security

2
 Shortage of Cybersecurity Professionals is the #1 Concern for CSOs

2016 2015 2014

46% of respondents 25% of respondents 23% of respondents

45% of
claimed their claimed their claimed their
respondents
organization had a organization had a organization had a
claimed their 2017 problematic shortage problematic problematic
organization had
of cybersecurity skills shortage of shortage of
a problematic
cybersecurity skills cybersecurity skills
shortage of
cybersecurity skills
2018
*ESG’s Annual survey of 620
organizations for State of IT

51% of respondents
claimed their
organization had a
problematic
shortage of
cybersecurity skills
3
Shortage of People & Shortage of Time

Vulnerability
Assessment
Process Alerts

Trouble Tickets
Log File Reviews
Security
Events Threat
Correlation
Maintenance
Management

Research IOC on TI
4
 Ideal Protection

Intelligent
Efficacy* Understand business
Able to stop all assets and risks.
threats, known, Protection for
unknown and zero- networks,
day. applications and
users.

Simplify
Simplify IT security
operation.
Easy to use and
understand.
Quick to discover
issues.
Fast response.
*“ef·fi·ca·cy” ˈefəkəsē/
noun
1.the ability to produce a desired or intended result. 5
 Sangfor NGAF

Prevention against Unknown Threats: Protect Business Assets Simplified Security Operation
Converged security Asset Discovery Superior Visibility
AI-Based Malware Inspection Vulnerability Assessment Unmatched Reporting
Security Context WAF Guidance, wizard, alert

6
Stop Unknown Threats

7
Converged Security

Comprehensive and Reliable Protection From L2 to L7

The Worlds First AI Enabled NGAF

Fully Integrated NGFW + NGWAF + Security visibility
8
Sangfor Engine Zero: Stop Malware Cold

Sangfor Engine Zero:

Deep Learning Neural Networks
Deep Learning is Everywhere
• Protection from both known and unknown
malware
• No reliance on signatures
• Detects malware in approximately 30
milliseconds
• Extremely small footprint (under 60MB)
• Works out of the box. No additional training
required

9
Sangfor Engine Zero

Coverage
Both known and zero-day attacks.

Efficacy
In recent tests our malware detection rate scored the
highest in terms of accuracy among other vendors.

Fast
Extremely efficient, utilizing very few resources while
efficiently providing malware inspection on the
network gateway with very little performance impact.

10
 Neural-X

White Hat Researchers

Data Scientists Security Analysts

11
12
Unknown Threat Detection: Sangfor Cloud Sandbox

1. Suspected file is sent to ZSand for analysis

2. Suspected file confirmed by Zsand

3. NGAF blocks subsequent malware

4. Malware added to Neural-X DB for all Sangfor Customers

13
Protect Business Assets

14
Discover, Scan & Protect

Real-Time Scan
• Asset Discovery
• Vulnerability Assessment

Proactive Protection
• Application Hiding
• Virtual Patching
• Identify Weak passwords

15
Proven Success Protecting Web Applications
Scanning Prevents port/server scanning
Web Application
Process Prevents app vulnerability scanning Servers
Weak password protection
Anti-brute force attack
Core URL protection
Website structure anti-scanning
Web Crawler defense

Attack Enhanced Web Defense

Process • SQL injection defense
• OS command injection
defense
• XSS attack & CSRF attack
IPS Application Based
• Server vulnerability defense
• Terminal vulnerability defense

Theft DOS attack

Process Application layer DOS attack
CC attack
Authority control
Users
Exe file upload filtering
Upload viruses & Trojan filtering
Prevention of web shell dataflow Hackers 16
 Sangfor Next Generation WAF Engine
NGWAF Engine
Traditional Engine Traffic

Whitelist forced filtering

Protocol Analysis Automatic on-demand

decoding
Rules Abnormal protocol
identification
Signature
Detection
Based Static Traditional Engine

Logging Engine

• Unable to detect unknown threats and Machine Semantic

exploits Learning Analysis

• Easy to bypass • Comprehensively surpasses sort rules to identify

• Common false positive SQL injection unknown threats and high-risk vulnerabilities
detection • Automatically learns by modeling normal
• Low-level performance business traffic, reducing false positives by 62.4%
17
Simplify Security Operation

18
 Full Network Security Visibility

With Total Visibility, Protection is more Efficient & Simplified

Visibility of Assets
• Identify core business system assets (examples:
application software, users, devices, and content)
Visibility of Threats and Risks
• Identify vulnerabilities and risks to business assests.
Visiblity of User Behavior
• Distinguish between common and uncommon user
behavior, identify potential risks and respond to
threats in real-time.
• Easy distinguish between legitimate users and
malicious users accessing services

19
Reporting for Different Purpose

Simplified Daily Operation Step by Step Incident Response Valuable Report to MGMT Team

20
In-Depth Threat Analysis
1. View current security status
2. Comprehensive analysis of network trends
3. Analysis of application servers prone to critical or high-risk vulnerabilities & attacks
4. Solutions for existing issues

Timely analysis of
severity ranking of
potential risks

Clear & concise

information about
attack source, target,
impact & solutions

22
 Summary

Prevention against Unknown Threats: Protect Business Assets Simplified Security Operation
Converged security Asset Discovery Superior Visibility
AI-Based Malware Inspection Vulnerability Assessment Unmatched Reporting
Security Context WAF Guidance, wizard, alert

23
THANK YOU !

Product and Marketing