Sangfor Technologies Named as an Example Vendor for Network Detection and Response

Sangfor Technologies (Hereafter Sangfor) was recently named as an Example Vendor for Network Detection and Response (NDR) in the latest Gartner reports Emerging Tech: Top Use Cases for Network Detection and Response¹ and Emerging Tech: Security — Adoption Growth Insights for Network Detection and Response². This follows on from our recognition as a Representative Vendor for NDR in the Gartner® Market Guide for Network Detection and Response³. Sangfor customers will be more familiar with our NDR product by the name Cyber Command.

As per our understanding, the Gartner Emerging Tech reports are primarily intended for technology providers and their product leaders rather than technology buyers. However, we believe that organizations looking to invest in NDR or have already done so can also gain valuable insights from these reports.

What is Network Detection and Response?

Network Detect and Response (NDR) is a cybersecurity solution that enables organizations to detect and respond to threats that have breached the network.

NDR relies mainly on non-signature-based detection technology specifically designed to identify highly advanced and unknown threats that cannot be detected using known signatures. NDR monitors network traffic and correlates it with behavioral models in real time, including north-south and east-west traffic, and analyzes it using advanced AI analytics. This detects network activity that deviates from machine-learned baselines of normal network behavior. These deviations or anomalies in network behavior often conceal AI-enabled malware and highly sophisticated adversary techniques missed by other security controls.

Unlike traditional threat detection tools, NDR solutions not only detect threats but also respond to them in real time. They integrate with other security products, such as endpoint security solutions (EPP/EDR) and firewalls, to enforce threat containment and eradication. Many NDR solutions provide automated response capabilities allowing them to respond immediately to threats based on predefined response playbooks. Organizations can react swiftly and efficiently to cyber threats, minimizing potential damages.

NDR Use Cases

The Emerging Tech: Top Use Cases for Network Detection and Response identifies three use cases of NDR. These are: Detection, Incident Response (IR), and Response. We define these use cases as follows.

  • Detection: The automatic and/or manual identification of attacks, threats, and risks, such as vulnerabilities and misconfigurations, in the network.
  • Incident Response: The automatic and/or manual activities performed in response to detected attacks and threats, including triaging, tracking down additional data and forensics, assessing scope and overall risk, and developing remediation.
  • Response: The automatic and/or manual activities performed to contain, eradicate, and recover from valid attacks and threats.

To help our audience gain greater insight into the current and future dynamics of each use case, we have selected some key points from the report. We have also evaluated our NDR solution – Sangfor Cyber Command – against these points to help our audience understand how the product fares with current requirements.

Use Case Key Points Selected by Sangfor How Sangfor Cyber Command Fares
Detection

"To be competitive in the NDR market, product leaders must ensure their NDR offering has strong AI-based detection."¹

"AI is a core technology evolution that separates NDR from other network security products. Instead of a detection capability that identifies “known” attacks only, AI enables NDR to find “unknown” attacks via correlation of historic data or recognizing anomalous activity that is (or probably is) malicious."¹

"NDR detection starts from a network perspective and must also include behavioral detection capabilities, including signatureless methods and advanced analytics such as machine learning (ML) and other forms of AI."¹

Cyber Command’s unique AI detection utilizes several advanced techniques and technologies including:

  1. Network Traffic Analysis (NTA): Cyber Command leverages advanced machine learning algorithms and AI purpose-built modeling to correlate and analyze network traffic in real time. By continuously learning from vast amounts of data, Cyber Command accurately identifies anomalies in traffic patterns that are highly indicative of malicious activity, such as lateral movement and data exfiltration. AI-enabled malware are increasingly executing these attacks using advanced techniques that cannot be detected using signatures. 
  2. User and Entity Behavioral Analytics (UEBA): Cyber Command integrates AI behavioral analytics extends network traffic analysis to detect deviations in the normal behavior of users and applications. This approach enhances the detection of stealthy attacks that leverage compromised valid accounts and legitimate programs as well as insider threats.
  3. Neural-X Threat Intelligence: Cyber Command integrates with Sangfor Neural-X, our AI powered cloud-based threat intelligence and analytics platform. Neural-X continuously enriches Cyber Command with real-time threat intelligence of malicious patterns and behaviors from proprietary and 3rd-party sources, ensuring that it remains effective against emerging threats.

"Buyer workloads are increasingly moving to public cloud environments, reducing the need for on-premises detection……To detect in these environments, NDR product leaders should explore alternative, potentially non-network-based sources of data."¹

Cyber Command aggregates and correlates data from multiple sources across the network, including network packets and NetFlow records, as well as external threat intelligence. It also supports threat detection in cloud environments by ingesting endpoint protection data, DNS logs and other data deployed on cloud infrastructure.

By correlating data from a wide coverage of sources, Cyber Command generates high-fidelity alerts that indicate genuine security threats.

Incident Response

"It (=IR) requires pulling alerts, artifacts and other forensics together, and organizing them in a way that tells a compelling story. Organizing these details into industry-recognized frameworks, such as MITRE ATT&CK, is a good starting point that is seeing traction in the NDR market."¹

Cyber Command’s unique Golden Eye feature provides security teams with a highly intuitive graphical representation of the APT attack chain, displaying every stage of cyber-attacks by simply inputting the IP addresses, domains, ports, or URLs. It provides security teams with in-depth visibility of attacks, including tracing the source of the attack and the attack path, and helps them assess the impact and severity of attacks so that they can take the most appropriate and effective action. Users can further drill down to each step for detailed insights and remediation suggestions.

Cyber Command also provides full MITRE ATT&CK mapping, encompassing the entire spectrum of adversary techniques, with each technique precisely mapped by its five detection engines. This mapping enables security teams to gain a comprehensive understanding of the techniques leveraged by threat actors to infiltrate and propagate through the network.

"To take advantage of the rise in interest in NDR among midsize organizations, product adjustments will be needed because midsize organizations have less resources and require more automation. For example, most artificial intelligence (AI) used in NDR today is still focused on detection. This remains important, but redirecting AI development to operational workflows should yield large improvements in automation and overall ease of use. Product leaders should look for opportunities to use AI in operational aspects, including:

1. Prioritization of alerts
2. Recommended next steps
3. Sourcing forensics automatically"²

Cyber Command harnesses the power of ML and purpose-built AI models to streamline the incident response process, enabling security teams to act quickly and effectively.

  1. Prioritization of alerts: Cyber Command intelligently prioritizes alerts based on factors such as threat type, severity, criteria, and the detected interval to ensure that security teams focus on the most critical incidents, significantly reducing alert fatigue.
  2. Recommended next steps: Cyber Command provides users with recommended next steps for each detected security incident. Mapping security incidents to the MITRE ATT&CK framework also provides valuable context and insights. Leveraging this, Cyber Command recommends appropriate next steps for security teams to take based on the best practices against specific threats.
  3. Sourcing forensics automatically: AI plays a crucial role in Cyber Command’s ability to gather and analyze forensic data in the event of a security incident. By analyzing network traffic patterns, user behavior, and other relevant data, Cyber Command automatically researches and validates a wide variety of indicators of compromise (IOCs) and behavior indicators of compromise (BIOCs).
Response

"In past Gartner analysis of NDR offering response capabilities, there was no dominant channel that the market was moving to. Over the past year, end-user inquiry points to NDR integration with endpoint products or EDR as the most common control response point."¹

Cyber Command integrates seamlessly with other Sangfor products and services, including Endpoint Secure (EDR), NGAF (NGFW), and Neural-X. Using its built-in SOAR module, Cyber Command issues effective response actions to the other components. For example, Endpoint Secure can execute instructions from the NDR platform to isolate compromised hosts and scan all endpoints for the same malware.

Cyber Command also integrates with third-party firewall, endpoint protection, and SIEM products from an array of vendors, including Palo Alto, Sophos, Fortinet, Check Point, Cisco, Bitdefender, Symantec, Trend Micro, Splunk, IBM QRadar, and more.

"False positives and the fear of false positives remain the biggest reasons that organizations do not enable response…

…More confidence behind convictions should remove reluctance to use response, which is important to increase the value of NDR products."¹

Cyber Command offers an automated response solution through the built-in SOAR module. This module comprises pre-defined playbooks that address a range of common security threat and attack scenarios. Additionally, security administrators can tailor response playbooks for threats specific to their environment and business operations. This feature guarantees that automated response is executed solely for preconfigured conditions and high-confidence threats, minimizing the risk of responding to false positives.

 

Sangfor Cyber Command 

Sangfor Cyber Command is a best-in-class NDR solution that helps organizations accurately detect and effectively respond to advanced and unknown security threats residing in their network. 

Cyber Command solution has been tested and proven across a range of sectors, including government, healthcare, manufacturing, and others. Its outstanding detection capabilities have helped users uncover hidden threats such as ransomware, cryptomining, APTs, shadow IT activities, and more. Users have consistently praised the effectiveness of Cyber Command and its ability to secure their networks. 

With Sangfor Cyber Command, organizations will transform from passive bystanders to active participants in their cyber defense and stay ahead of increasingly sophisticated threats of both today and tomorrow. You can now experience the power of Cyber Command first-hand by getting your free trial at: https://active.sangfor.com/cyber-command-free-trial-pov

Useful Links 

Sources:

1. Gartner Inc., Emerging Tech: Top Use Cases for Network Detection and Response, Nat Smith et al., April 5, 2023
2. Gartner Inc., Emerging Tech: Security — Adoption Growth Insights for Network Detection and Response, Nat Smith et al., April 4, 2023
3. Gartner Inc., Market Guide for Network Detection and Response, Cybersecurity Research Team, December 14, 2022

Gartner Disclaimer:

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

News

Sangfor Technologies Achieves Gold OPSWAT Endpoint Security Certification for Anti-Malware

Date : 20 Nov 2024
Read Now
Press Release

Sangfor Technologies Expands SASE Infrastructure in Malaysia with Second Point of Presence (POP)

Date : 18 Oct 2024
Read Now
News

Sangfor Technologies Wraps Up 2024 EMEA & LATAM EPIC Innovation Summit with Grand Success in Shenzhen

Date : 26 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure