SANGFOR Next Generation Application FirewallBest Practice for Network Security

What should I do to build the perfect network security environment?

Learn how to do it with Sangfor based on real business scenarios !

SANGFOR NGAF: Your Security Guard to the Future- Full Visibility of the Network Security- Real-Time Detection & Fast Response- Simple Operation & Maintenance- High-Performance Hardware for Application Layer Security

1

The current trend to build a network security architecture is mainly based on border defenses, which requires to deploy a Firewall, IPS and other network security appliances at the border of the enterprise’s network.

However, we have to think about the ultimate purpose of network security construction. Why do we need it? For most of the organizations, it would be to ensure the confidentiality of the internal information, integrity (correctness of data) and availability of the business. Therefore, the construction of network security must be built around business assets so that it can be more target-oriented, effective and suitable for your needs.

With years of experience in network security, combined with security concepts from ISO27000, Gartner, NSS Labs, etc., Sangfor has put forward this best practice of network security to help our customers have a better understanding on how to build the most effective protection for their organizations, which is based on real life scenarios.

Sangfor Technologies sales@sangfor.comwww.sangfor.com

Specific steps are described as below:

Identification of Business Assets

Before building a network security architecture, it is necessary to understand the overall business situation and identify business assets to be protected. Using manual configuration together with automatic scanning to identify business assets, Sangfor NGAF is capable of making the protection of servers and terminals visible, as well as discovering new business assets in real time so that the overall management can be made very convenient for our customers.

Control of Access

After identifying the business assets, it is crucial to manage the access to those assets. With the development of the Internet and business systems, the traditional ACL (based on IP port) has been unable to meet the requirements of detailed access control. Sangfor provides traditional ACL, user authentication, application access control and detailed access control over L3-L7 control realized by advanced URL filtering.

2

Vulnerability Analysis of Business

As business develops, the variety and complexity of business systems have increased as a result. In order to better protect business assets, it is critical to be able to identify vulnerabilities of business systems in advance. Sangfor provides both active and passive vulnerability scanning to find vulnerabilities and open ports existing in the system, as well as vulnerability analysis to provide guidance for the construction of business security.

3

Defense against Attacks

In order to defend against the ever-changing threat landscape and ensure the business availability, integrity and confidentiality, Sangfor NGAF can provide layered security and full defense of business system assets, vulnerabilities and endpoints. Sangfor NGAF’s integrated cloud security solution with IPS, WAF, APT, Anti-malware and Email Security can provide a total protection for the business system of our customers.

4

Real-time Monitoring and Analyzing of Business Security

After the deployment of cyber defense system, users usually still feel hard to estimate the overall security status. Business networks still face the risk of getting intrusion when the issues of Shadow IT and Social Engineering become more obvious.

That is why we need to monitor and analyze business system as well as endpoint security status in real-time. Sangfor provides real-time intrusion status for business system and endpoints, as well as integrated intelligent log analysis platform, which rely on Intel® X86 powerful data analysis ability, combined with abnormal access behaviors, attack events, vulnerabilities and monitor logs.

Together with comprehensive analysis and evaluation of business assets security status, Sangfor NGAF can find the security problem in time and generates an understandable professional report to present the weaknesses of business security deployment and gives a recommended solution to guide users.

5

After the above security deployment has been accomplished, users can realize convenient assets & risks management, provide full Network protection from L3 to L7 for business system, improve ability of rapid detection & response of security issues.

With Sangfor NGAF, you are capable of getting a simplified overview of current business system security status, analyze your system weaknesses and provide guidance to continually implement the best network security practices for your organization.

Sangfor Technologies sales@sangfor.comwww.sangfor.com

Certified & Recommended By