Sangfor Endpoint Secure
Identify the nature of the threat and handle it quickly and flexibly
Sangfor Endpoint Secure, the future of endpoint protection, manages the endpoint asset security life cycle, from prevention, detection, defense, all the way through response. The Endpoint Secure Protect agent provides the most accurate identification and mitigation of rogue or malicious processes and applications, such as ransomware and other Advanced Persistent Threats (APTs). The Protect agent’s host firewall capability prevents the east-west spread of malicious activity by blocking suspicious or unauthorized network communications.
In recent years, "low technology requirement, low risk and high return" has made the ransomware industry develop rapidly, and various new ransomware emerging quickly. Once the host is infected by ransomware, some important files are encrypted and ransom is required to restore the host. This will not only affects the normal operation of the organization, but also brings a large amount of economic losses to organizations and individuals. For example, the outbreak of WannaCry caused more than $8 billion losses for 300,000 users in more than 150 countries. The rapid spread of Globelmposter in China has affected the normal operation of medical, court, education and other industries.
Traditional methods and effects of killing virus based on virus feature database are facing challenges. On the one hand, the detection and killing of new viruses has the features of passiveness and hindsight; On the other hand, due to the limited number of local virus signature database, the increased number cannot keep up with the speed of mutation of known virus samples. Therefore, antivirus basically relies on cloud detection and killing, which will lead to its detection ability drops sharply in an isolated network environment.
The measures for isolating and disposing of documents are relatively simple, threat stays for a long time, and have a great impact on business.
Compatibility and universality do not meet standards, hosts of different systems need different protection solutions, which leads to heavy workload in management and maintenance.
Core to Endpoint Secure is Sangfor’s artificially intelligent malware/APT detection engine, Engine Zero. Engine Zero achieves high detection and low false positive rates by accurately identifying the “DNA” of unknown malware/ransomware based on continuously learning artificial intelligence using multiple techniques such as evolving neural networks and heuristics. This gives the user insight into the nature of pending threats while more effectively identifying and blocking 0-day and other unknown threats. Engine Zero, in combination with Neural-X, a powerful cloud based threat intelligence platform, enhances deep learning by training thousands of nodes within multiple multi-dimensional algorithmic detection models. Endpoint Secure combines with the power of Sangfor's already stellar network security product offerings, to greatly enhance the defensive abilities of the organization. The Endpoint Secure Protect agent host firewall capability prevents the east-west spread of malicious activity by blocking suspicious or unauthorized network communications. Endpoint Secure integrates with Sangfor NGAF to stop both exfiltration to Command & Control servers and access to phishing sites at the perimeter by signaling the NGAF which hosts are currently exhibiting unusual or malicious behavior. Additional micro-segmentation functionality to limit access across network boundaries is available via integration with Sangfor Internet Access Management (IAM). Endpoint Secure can manage and monitor 10’s of thousands of endpoint assets via on-premise console or integration with Platform-X, Sangfor’s revolutionary cloud-based integrated management system.
Endpoint Secure was designed to make responding to security incidents and stopping breaches simple, effective and timely. With high accuracy of identifying unknown threats, Endpoint Secure can quickly respond using One-Click based on the threat content of the detected event. Different from more traditional solutions for isolating malicious files at the endpoint, Endpoint Secure provides multiple mechanisms to mitigate threats based on files, machines and groups. Isolation response includes: endpoint host isolation, service group isolation, file trust, file isolation, file deletion, and file recovery. However, endpoint isolation may not be adequate alone so Endpoint Secure can coordinate with other Sangfor security products for a more robust response. For example, integration with the Sangfor NGAF will provide three-dimensional protection capability (host, network, perimeter), helping users to quickly block threats, prevent exfiltration to C&C servers, and shorten the discovery and remediation time of threats in the user environment. Additional microsegmentation functionality to limit access across network boundaries is available via integration with Sangfor Internet Access Management (IAM). Endpoint Secure leverages the innovative Sangfor Platform-X cloud-based analytics and security management system which provides real-time awareness of global threats and how those threats affect the local situation based on data received from Sangfor’s global threat intelligence network. Endpoint Secure utilizes Platform-X’s drill-down capability providing a better view of threat data while simplifying security operations management of tens of thousands of Endpoint Secure Protect agents.
Only when the organizational unit has mastered the status of its own assets and the security status of its own business can it respond to risks with ease. Sangfor Endpoint Secure use a unified management console, fully compatible with host and server based agents, multiple operating system, many types of asset strategy integration (managing 10’s of thousands of distributed agents, supplemented by cloud-based threat intelligence, This ensures that the endpoint has more comprehensive protection capabilities, while making large-scale asset management simple and easy to understand.
By deploying the EDR client on the endpoint in the internal service system, it can locate the endpoint that has been infected in time, respond to known and unknown endpoint threats, and avoid the outbreak of endpoint security events within the organization. For example, the ransomware spreads across the network.
By deploying the endpoint security EDR client on the service system server that needs to perform the level protection assessment, it can start the strategy for endpoint security protection, and fully meet the compliance requirements of security level protection 2.0 for host anti-virus (pitch), vulnerability management (centralized control) and other security control points, and help users build the protection of second level or third level.
By deploying the EDR client on different endpoint operating systems, the network delivers security strategies for different endpoint through the intergrated EDR control end, so that the organization can manage the assets for Windows PC, Windows Server, and Linux Server, and manage endpoint security baseline, endpoint security risk through intergrated endpoint management platform.