Going beyond ‘next generation’ firewalls, with Sangfor’s proven cybersecurity
The lack of certified and suitably-trained cybersecurity personnel is causing medium to large enterprises the type of significant problems which bedevil smaller organizations.
With ransomware and other malware attacks making the news even in the mainstream press, this year’s malicious activity “of choice” seems to be illicit cryptocurrency mining. But of course, that activity simply joins its malware brethren as yet another threat from which to be on guard.
With fewer qualified staff available on the jobs market, business owners and CTOs know the importance of choosing the right hardware & software in order to (at least partially) automate cybersecurity.
And of course, the latest technology is a must; hackers don’t stand still, so neither should cyber defense.
The shifting sands on which cybersecurity provisions have to be built are further being undermined by the move of business functions into the cloud.
Things would perhaps be simpler if enterprises moved the entirety of their business functions onto XaaS (anything as a service) platforms.
However, the reality is that most organizations continue to run a mixture of cloud-based and in-house application and service deployments. This “split personality” in business activities’ technological base means that some of the next-generation firewalls on the market are not providing sufficient coverage.
Sangfor’s hybrid next-gen firewall device is perfect for such organizations.
Its cybersecurity solutions move IT security departments’ stance fully in line with new business models — straddling the hybrid of cloud and internal bare-metal provisions.
But while older hardware from the Chinese company’s competitors is still based on traditional malware detection and prevention methods (see below), Sangfor’s technologies are taking the fight to the hackers and malware creators by deploying machine learning and deep learning capabilities against even the most original of zero day exploits.
Most next generation firewalls, UTMs and cyber security measures in general, deploy a mix of the following techniques for malware detection:
Traditional anti-virus relies on signatures or MD5 hashes, against which files and suspect code can be compared. Even the least technical domestic user of antivirus over the last 20 years will, however, be aware of the cumbersome size of AV signature files — downloads of 1/2 a gigabyte of updates every other day become tiresome, albeit necessary.
Script engines or YARA-based code also fall short in providing sufficient protection, especially on unknown, zero-day threats. Even self-altering scripts powered by, for instance, TensorFlow libraries have been proven to miss significant percentages of threats.
Sandboxes, or safe environments in which malware payloads can be deployed, have proven highly effective against zero-day exploits — but only over the medium to long term.
Well-written malware (if there is such a thing!) will be created with an awareness of its host operating environment, and keep an eye out for virtual sandboxing, and programmers will integrate dwell times, or low profile movement capabilities. This means sandbox examination sometimes needs to take weeks to fully examine suspect packages.
While Sangfor’s solutions do use these tried-and-tested security methods, the company’s differentiation is the leveraging of deep learning methods, which look into separate layers of files as they pass through the firewall code. Engine Zero, released in June 2017, has been proven to be the most efficient algorithm set against like-for-like comparisons with competing products.
Engine Zero is, in fact, as fast as basic MD5 hashing, yet is at least as efficient, if not more so, in catching malware as sandboxing techniques. It utilizes very little hardware resource, allowing Sangfor’s NGFW (next-generation firewall) to process malware at line rate.
The increased power and sophistication of hardware Sangfor’s intelligence gathering capabilities means that its security solutions can abstract business applications. SQL queries can, for instance, be run on virtualized database instances at firewall level, thus capturing injection attacks that might have seemed innocent to even the most advanced intrusion detection systems.
The Next Generation WAF engine, which is integrated in Sangfor’s next-gen firewall, was developed to protect against new web-based attacks such as SQL injection, web shells, struts2 injection, and deserialization flaws. Sangfor’s NGWAF engine uses machine- and deep-learning to analyze attack behaviors. It enhances detection rates and decreases false positives from traditional SNORT-based detection engines. By modeling attack behaviors, a threat model is created to easily manage the applications’ system threats.
The company also operates an artificial intelligence-enabled cloud platform for cyber intelligence and analytics, titled Neural-X. The network, to which any of Sangfor’s customers may opt-in, expands the security detection capabilities of Sangfor’s solutions, further increasing endpoint, network, and cloud-based security as a service.
By combining the sum of distributed Sangfor intelligence in the Neural-X network, the deep learning capability of Engine Zero, ZSand — its virtualized dynamic execution platform – and advanced botnet detection, the company’s customers are able to protect every aspect of their organizations’ topology.
As the enterprises’ business strategy shifts, and application and service deployments change, Sangfor’s hybrid bare-metal and cloud firewalling system adapts. Its proven market-leading malware detection and amelioration rates ensure that its customers receive the highest possible levels of safety from hacking, malicious activity, and bad actors of all types.
To learn more about how its revolutionary methods can be deployed right across the gamut of industry and organization size, get in touch with a local representative today.