Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
What New Firmware Versions Release Makes XDDR More Powerful
www.sangfor.com
Jason Ma, CISSP| Presales Consultant, Security
Sangfor Technologies Thailand
www.sangfor.com
Contents
Q&AUpdate Release
XDDR Overview
PART1
PART2
PART3
www.sangfor.com
Contents
PART 1 XDDR Overview
www.sangfor.com
What Is XDR?
Nobody really knows!!
Extended (X) Detection (D) Response (R)
Originally made up by Palo Alto
Gartner has not defined it
What is XDR?
www.sangfor.com
XDR: Limited Network & Endpoint Response
Endpoint tells Firewall “I am infected”
(heartbeat/signal)
• Limited coarse response
• Firewall does not care what malware
caused infection
• Firewall does not care about endpoint
remediation
• Response may be indirectly coordinated
by external management console or TI
Firewall blocks Endpoint communication with other segments to prevent lateral
spread
www.sangfor.com
XDDR – All About Synergy
Remote
Security Infrastructure
Access Control/DLP
Authentication /Authorization
Coo
rdin
ated
Re
spon
se
Acc
ess
Con
trol/D
LP
SWG/CASB
Sangfor Access
Page 6
Sangfor IAG
Cloud/SaaS
Public/Private HCISangfor NGAF
Sangfor IAG
Threat Data
Threat Data
Thre
at D
ata
Sangfor ES
SangforCyber Command
www.sangfor.com
Corporate Network Infrastructure
Phishing Malware Brute forceAttack
www.sangfor.com
NetworkDetectionResponse
Secure Corporate Network Infrastructure
Phishing Malware Brute forceAttack
4.STA
1.NGAF
4.Cyber Command
2.Endpoint Secure
3.IAG
www.sangfor.com
Contents
PART 2 Update Release
www.sangfor.com
NGAF Firewall Platform
The Worlds First AI Enabled NGAF Fully Integrated NGFW + NGWAF + Security Visibility
Risk Assessment
Intrusion PreventionSystem
NG WebApplication Firewall (WAF)
Real-time Vulnerability Analysis
Email Security APT protection
APP/URL FilteringAnti-DoS
Threat Intelligence(Neural-X)
Malware Detection(Engine Zero, Anti-Virus)
www.sangfor.com
Future is now…
www.sangfor.com
Sangfor NGAF recognized AAA from CyberRatings.org
Key Points:
• Top rating in security effectiveness(99.7%)ü More effective than Checkpoint and PAN
• Top rating in TCO per Mbpsü More cost-effective than all but Fortinet (0.15 USD
for 2% better protection)
• Outstanding among the big namesü Best overall security at the best price!
Product Exploits Protected Evasions Protected
Sangfor 99.70% 100.00%
Juniper Networks 99.50% 100.00%
Forcepoint 99.10% 100.00%
Check Point 99.00% 100.00%
Fortinet 97.60% 100.00%
Palo Alto Networks 97.60% 100.00%
Versa Networks 96.70% 100.00%
WatchGuard 96.40% 100.00%Barracuda Networks 90.70% 99.60%
Cisco 88.90% 79.20%
SonicWALL N/A N/A
www.sangfor.com
8.0.36: WebUI Refresh
Modern design UI, Fast respond speed and Optimize the configuration logic
www.sangfor.com
8.0.36: WebUI Refresh | Example NAT
www.sangfor.com
8.0.36: WebUI Refresh | Other Examples
Menu Search
Quick Links
Quick Tabs(Customizable)
www.sangfor.com
8.0.36: Added Features
q Support Restful APIü Provide RESTful API to integrate with any 3rd party environment for networking setting update,
ACL setting etc.
q Command Line Enabledü Now you can do the quick settings & trouble shooting through CLI
q Account Protectionü A dedicated feature to help detect potential abuse of account in your network
www.sangfor.com
8.0.36: VMware Support
Protect business systems in VMware ESXi environment
An important supplement to Sangfor cloud
security(HCI + VMware)
Easy to build workshop lab or deployment for XDDR
Minimum resource requirements: 2 core, 4G
RAM
NGAF Virtual Firewall PlatformSmarter Security Powered by Artificial Intelligence
Open to Free Test
www.sangfor.com
Endpoint Secure: Adaptive Malware Response
Value Proposition: Asset-centric, targeted defense, continuous detection, and collaborative response
to respond to breaches quickly.
Endpoint Assets
Lightweight, Intelligent, Responsive
Baseline Verification
Real-time DetectHoneypot
Con
tinuo
us R
ealti
me
Ass
essm
ent C
losed-Loop C
ollaboration
Vulnerability Scanning
Prediction Prevention Detection Response
Ransomware Detection
Intrusion Detection
Compliance Review
One-click Kill
One-click Isolation
Attack Trace
Linked Response
www.sangfor.com
Future is now 2…
www.sangfor.com
Future is now 2…
www.sangfor.com
Future is now 2…
www.sangfor.com
XDDR SYNERGY: Network & Endpoint
Firewall sees Endpoint initiate a connection
to a C&C server
Firewall tells Endpoint to run virus and
vulnerability scans
www.sangfor.com
XDDR SYNERGY: Network & Endpoint
• Control & audit network access to
internal and external assets and resources
• Identify & block infected or compromised
endpoints
• Identify & mitigate malware/APT
• Identify & block rogue endpoints
www.sangfor.com
Internet Access Gateway (SWG)
Internet Access Control
L7 Application ControlURL FilteringAI-Based Anti-MalwareRealtime Unknown URL CheckSaaS ControlSSL InspectionProxy
Reporting
Realtime Internet VisualizationLogs stored more than 90 daysContent Audit – Email/Cloud Storage/Pantip and more
Bandwidth Management
Adaptive Bandwidth ManagementPer Users/Group/Application/Schedule
Quota ControlTime-based/ Volume-based
Authentication
Local DB/External DB(Radius, AD/LDAP)Social Network Integration(FB,LINE,Gsuite)
SMS-OTPSelf Registration
REST API
www.sangfor.com
13.0.15: Assets identification
• Show asset data in Dashboard, can click a button to go to the page about endpoints.
www.sangfor.com
13.0.15: Assets identification
• Add terminal type customization and multiple filtering methods in the terminal list
www.sangfor.com
13.0.15: Endpoint Control Policy
• Endpoints can be controlled with more granular policies based on endpoint types.
www.sangfor.com
13.0.15: Asset Data Reporting
• Supports correlation with CC to report asset information and online user information, and it can report to the CCOM device based on the source IP address
www.sangfor.com
XDDR SYNERGY: Endpoint & Access Control
OS:Win10
Process: Running
File: Does Not Exist
Service Pack: Installed
Music
Sports Game
Movie
SCANNING…
www.sangfor.com
Cyber Command
Data Center Area
Office A
Office B
DMZ
Management Area
CloudFull Traffic Analysis
Threat Detection
Real-time vulnerability analysis 1. STA
4. Endpoint Secure, NGAF & IAM
Threat intelligence
Cloud AI
3. Neural-X
Big Data
Machine Learning
Flow BA Engine
UEBA
2. Cyber Command
Sangfor C yber C om m and
06
The latent threat golden eye evaluates the threat in fluence in m ultiple dim ensions, detecting "I" am attacking "w hom " and "w ho " is
attacking "m e " from the perspective of attack relevance , and presenting it visually to provide an easy w ay to handle the threats.
C lear Threat Influence (Latent Threat G olden Eye)
Through real-tim e m onitoring and overall evaluation of the external regions of the netw ork, external threat type , external business risk,
latest events and the global threat clim ate , Sangfor C yber C om m and e ectively controls both the internal and external security status,
enabling all-around security analysis and intelligent decision m aking.
G lobal V isualization A ids D ecision-m aking (Business O utreach Risk Screen)
Business O utreach Risk M onitoring
•Instru
ction(a)
•create policy(a)
• instru
ction(b)…….
• Cyber Command is an intelligent threat detection and response platform that significantly improves customer security detection and response capabilities.
www.sangfor.com
Cyber Command
Cyber CommandIntelligent Threat Detection and
Response PlatformSophisticated detection by
closely monitoring every step of the cybersecurity
attack chain
Faster and more efficient response delivered using incident
investigation and tight integration with network and
endpoint security solutions
Simplify threat hunting to perform comprehensive impact analysis of known
breaches and to track “patient zero”
Integration with Sangfor TIARA & MDR
services
www.sangfor.com
CC 3.0.50: Support Correlated with 3rd Party
• Block access from risky IP addresses for more security.
www.sangfor.com
CC 3.0.50: Support Correlated with 3rd Party
• Set automatic response policy.
www.sangfor.com
STA 3.0.25: Support Virtual STA for VMware
Support install in VMware EXSI or VMware vSphere
Easy to build workshop lab or deployment for XDDR
Sangfor Virtual STA PlatformSmarter Network Traffic Analysis
Open to Free Test
www.sangfor.com
Use Case
Customer Portrait:
• Big enterprise with a lot of security products, like NGFW, WAF, SIEM
• Still got attacks for many times, including ransomware• Hard to see the hidden threats or internal security
situation
SANGFOR Solution Values:
• Make up the shortage of security capabilities of traditional ways
• Full visibility of security situation• Build integrated security correlation &
response system
Server ZoneEDR
EDR
Cyber Command STACore Switch
EDR
Client Zone
Sangfor NGAF
Load Balance
Internet
www.sangfor.com
Incentive Program for Partners
Sangfor Cyber Command Incentive Program in H2, 2021
www.sangfor.com
Sangfor XDDR – Ransomware/APT Protection
• Automated Incident and Response
• Insider Threat Detection
• Network Flow Analysis
• Integrate ES, NGAF and HCI
Endpoint Secure• Next Generation Firewall
• Web Application Firewall
• Vulnerability and Assessment
• Integrate Endpoint Secure and CCOM
• EDR and EPP in Single Agent
• Vulnerability and Assessment
• Ransomware Honeypot
• Integrate NGAF and CCOM
• Application • Information • Infrastructure
Infected C&C Communication ExploitLateral Propagation
Malware
NGAF
• Global and Local
• Threat Intelligence
• AI Engine
• Automated Sandbox Cluster
Neural-X
• Service Continuity
• Data Redundancy
• Backup and Recovery
• Intelligent Troubleshooting
• Reduce TCO
HCI
CCOM