SANGFOR

XDR (Omni-Command/SaaS XDR)

Extended Detection and Response
 SANGFOR XDR (Omni-Command/SaaS XDR)

The Challenge: The Mismatch Between Traditional

Security Solutions and Modern Cyber Threats
Today’s cyber threat landscape is marked by adversaries deploying AI-powered malware, sophisticated phishing
campaigns, and stealthy lateral movements to exploit organizational vulnerabilities. While traditional security tools still
play an important role, they often lack the integration and context needed to counter these advanced tactics. Security
teams face several pressing challenges:

Fragmented Tools and Data Silos

Inadequate Threat Detection
Analysts must navigate between multiple
Attackers now use advanced techniques,
security tools and manually connect the dots
such as leveraging legitimate system tools
between alerts to understand the situation.
and files to conduct malicious activities. These
This process is complex, time-consuming, and
methods often evade detection or trigger only
increases the risk of missed detections and
low-severity alerts, leading to missed threats.
delayed responses.
PRESSING
CHALLENGES
Alert Overload and Fatigue Skill Gaps in SecOps Teams
As organizations deploy more security tools, Managing numerous security tools and
the volume of alerts grows, leaving security conducting manual alert correlation and
teams overwhelmed. A significant portion of analysis requires significant expertise. Many
these alerts are false positives, consuming organizations struggle to hire and retain the
valuable time, causing alert fatigue, and skilled analysts needed to perform these tasks
reducing motivation. effectively.

The Solution: Sangfor XDR—Security Through Integration

Sangfor XDR (Extended Detection and Response) rises to this challenge by unifying detection and response through the
consolidation of data and alerts from diverse sources. These include endpoint security tools, network devices (such as
firewalls and NDR), threat intelligence, and third-party solutions. By analyzing and correlating this data with advanced
AI-driven analytics, Sangfor XDR provides critical context, enabling the detection of complex, multi-stage attacks that
individual point solutions might overlook or flag as false positives.

The platform connects events across the technology landscape to offer a holistic view of threats. This helps security
analysts assess the entire attack chain—from the initial entry point to the overall impact. This enhanced visibility enables
teams to verify threats effectively and make informed response decisions.

01
Through this seamless integration of security tools, Sangfor XDR also enables automated, coordinated responses. It can
instruct firewalls to block malicious domains or IP addresses, command endpoint tools to isolate compromised devices
and initiate scans, and more. This ensures a swift and comprehensive defense against identified threats.

How Sangfor XDR Works?

Sangfor XDR provides a unified approach to threat detection, investigation, and response through these key steps:

Endpoint Alert Alert Automated response Proactive hunting

Correlation Prioritization and playbooks and investigation

3rd Party Network Triage and Generative AI assistant

Security Tools Analysis Parsing analysis – Security GPT

Ingest Detect Response

Collect and ingest data telemetry Parse and correlate data to Actionable guidance to enhance
automatically detect hidden threats Security Operations

Comprehensive Data Collection

Aggregates data from endpoints, network devices, and third-party tools.

Ensures no blind spots across the security landscape.

AI-driven Incident Correlation & Analysis

Correlates related alerts into unified incidents with actionable insights.

Utilizes three powerful layers of detection engines to accurately uncover hidden threats and attacks.

Simplified Threat Investigation & Response

Enriches incident alerts with full context for threat hunting and investigation.

Features SOAR capabilities with customizable playbooks for automated response actions.

Powered by Security GPT, enabling natural language dialogue for enhanced investigations and visualization
of attack patterns.

02
 SANGFOR XDR (Omni-Command/SaaS XDR)

Beyond XDR: Revolutionize Your Security Operations

Sangfor XDR redefines security operations by serving as a unified SecOps platform. It integrates critical security functions
into a single solution, including workflow automation, threat intelligence, SOAR, SIEM-like data fusion, reporting, and
ticketing. This integration eliminates the traditional challenges of managing separate toolsets, providing out-of-the-box
security coverage across the entire technology stack.

Security Workflow Threat

Automation Intelligence SOAR Data Fusion Report Ticketing
Operations

Sangfor XDR also supports flexible integration with third-party tools, allowing organizations to maximize existing
investments while gradually transitioning to Sangfor’s native solutions for optimized performance and simplified
multi-vendor management. Available in both on-premises and SaaS-based models, Sangfor XDR adapts to your
organization’s unique deployment needs. Whether you’re looking for the control of an on-premises setup or the
scalability of a cloud solution, Sangfor XDR provides a flexible, future-ready approach to cybersecurity.

Experience Intelligent & Autonomous Operations with

Security GPT
A standout feature of this platform is the integration of Security GPT, a GenAI tool powered by a Large Language Model
(LLM). Security GPT enhances Sangfor XDR’s threat detection and response capabilities with cutting-edge AI-driven
functionality. Its operations module, Operation GPT, analyzes all alerts with the precision of a human analyst, accurately
identifying security incidents and filtering out false positives. This not only saves significant time for security teams but
also ensures that no threats remain hidden in uninvestigated alerts.

03
Security GPT not only detects incidents but investigates them, presenting findings in clear, plain language. It provides
detailed insights, including the type of threat, the chain of events, the affected assets, and more. This contextualized
information enables security teams to quickly grasp the “why” behind each incident and accelerate remediation. Even
less experienced analysts can confidently handle complex incidents with the support of these detailed insights.

Through self-learning, Security GPT can autonomously execute response actions, such as isolating endpoints, blocking
malicious domains, and removing malicious files. This further reduces the need for manual intervention, cutting response
times and minimizing impact. Moreover, Security GPT supports dialogue-based operations, enabling analysts to ask
questions and visualize data patterns interactively. This functionality makes threat analysis more intuitive and actionable.

Together, Sangfor XDR and Security GPT streamline security operations, empowering security teams to act faster and
more effectively in a constantly evolving threat landscape.

04
 SANGFOR XDR (Omni-Command/SaaS XDR)

Essential Components of Sangfor XDR

Endpoint Secure
A modern Endpoint Protection Platform (EPP) used for collecting endpoint data and
enforcing response actions. Rated a “Top Product” by AV-TEST, consistently achieving
maximum scores for Protection, Performance, and Usability.

STA/Cyber Command
Network sensor and Network Detection and Response (NDR) platform used for aggregating
network traffic and performing initial analysis before sending results to the XDR platform.

Optional Components of Sangfor XDR

Sangfor Security GPT
A powerful generative AI that significantly enhances threat detection accuracy (Detection
GPT) and autonomously handles alert analysis, incident investigation, and incident
response (Operation GPT).

Network Secure
A Next-Generation Firewall (NGFW) used for collecting network data and enforcing
response actions. Recognized as a “Visionary” in the Gartner Magic Quadrant and rated
“Recommended” by CyberRatings.org for its comprehensive security capabilities.

Internet Access Gateway (IAG)

A Secure Web Gateway (SWG) used for synchronizing user authentication information,
helping security operations teams pinpoint at-risk users and hosts.

Third-Party Security Tools – EDR/EPP and Firewall

Used for data ingestion and executing response actions. Other customized integrations can
be supported upon evaluation by the Sangfor team.

05
Key Features & Capabilities of Sangfor XDR

Threat Detection in Real Time

Detection technologies: Purpose-built AI threat detection models, machine learning, indicators of attack (IOA) engine,
behavioral baseline, network anomaly detection, custom IOCs & IOAs

End-to-end visibility across endpoints, networks, and third-party security tools, enabling proactive defense against
hidden threats like shadow IT, vulnerabilities and eliminating blind spots

Detection mapped to the MITRE ATT&CK framework of tactics, techniques, and procedures (TTPs)

Noise Reduction with Correlation Analysis

Uses machine learning to build a reliable baseline of normal business operations

Correlates related attack data across multiple data sources to detect anomalies

Endpoint + Network (E+N) correlation analysis, stitching all related events into a unified incident

Intelligently groups alerts from different times, stages, methods of the same attack

Proactive Threat Hunting

Security GPT: Enables conversational threat investigations and delivers insights in graphical formats for quick
interpretation

Reconstructs the entire attack chain to understand the root cause and scope of impact

See the entire chain of incidents with full contextual insights in an elegant visualization

AI-Driven Incident Response

Built-in Security Orchestration, Automation, and Response (SOAR) module with predefined and customizable playbook
policies, enabling coordinated responses across both Sangfor’s native security tools and third-party tools

Security GPT: Automates threat containment after a few days of self-learning from users’ historical actions, such as
isolating compromised endpoints, blocking malicious domains, or revoking compromised credentials

Speed up incident response with Sangfor’s in-house threat intelligence, providing direct context on adversaries

06
 SANGFOR XDR (Omni-Command/SaaS XDR)

SecOps Task-Driven Platform

Integrates essential SecOps functionalities, including SIEM-like data fusion, SOAR, reporting, and ticketing, into a
single platform

AI-driven platform transforming the SOC with XStream technology for automated data parsing, workflow automation to
streamline operations, early threat detection, and rapid incident response

Supports integration with GenAI - Security GPT: a 24/7 virtual security analyst

Key Business Benefits of Sangfor XDR

99% Threat Detection Accuracy

Detect and neutralize 99% of threats within 5 minutes. This swift and accurate action is crucial for
protecting your organization against advanced cyber threats and preventing associated losses and
disruptions.

90% Reduction in Alert Volume

Reduce false positives by 90% through precise, AI-driven alert correlation and analysis. This lets your
security team focus on the most critical incidents, alleviating alert fatigue and enabling faster
response.

90% Faster Incident Investigation

Slash investigation time by 90% with our platform’s integration of Security GPT. Security analysts of
varying skill levels can navigate complex incidents through natural language dialogue, cutting
investigation time from hours to minutes.

70% Increase in Security Robustness

Boosts overall system security by 70% by breaking down silos in security tools and reducing the
complexity to manage and juggle multiple security tools.

50% Reduction in Operational Costs

Cut security operation costs by at least 50%, minimizing infrastructure investment and maintenance
costs while consolidating multiple security functions into a unified platform.

07
The Competitive Edge: Why Sangfor XDR

1) Leading-Edge Technology
Sangfor XDR leverages the best of Sangfor’s security technologies, including the groundbreaking Security
GPT. Sangfor is one of the few vendors integrating generative AI, setting us apart from vendors using
traditional AI models. Trained on over 110 billion security data points and continuous learning from new
threats, Security GPT empowers Sangfor XDR to achieve detection rates unmatched by most security
vendors. Security GPT further revolutionizes security operations with dialogue-based interactions, alleviating
the security skills gap and enhancing operational efficiency.

2) Simplified Security Operations

Sangfor provides a complete security portfolio, including next-generation firewall, endpoint security, network
detection and response, and secure web gateway. With Sangfor XDR, these components integrate
seamlessly, enabling unified management, streamlined operations, and improved functionality.

3) Cost-Effective
Sangfor XDR offers scalable, cost-effective options with flexible modules, allowing businesses to customize
the solution based on actual needs. This approach reduced unnecessary expenses often associated with
bundled solutions from other vendors.

4) Flexible Deployment
Sangfor XDR provides a flexible deployment model designed to meet diverse organizational requirements.
For on-premises deployments, data remains within your native country, ensuring compliance with data
sovereignty regulations. For SaaS-based deployments, Sangfor XDR offers scalable flexibility, allowing your
security infrastructure to grow effortlessly alongside your business. This adaptable approach ensures you
have the right deployment strategy to support your cybersecurity and compliance goals.

5) Local Support
Sangfor boasts a strong presence in Southeast Asia with local branch offices across the region and the
Middle East. We are expanding in Europe and Latin America. This extensive presence ensures fast and
reliable support services, even in local languages, providing smooth service delivery and rapid issue
resolution.

08
SANGFOR XDR (Omni-Command/SaaS XDR)

INTERNATIONAL OFFICES
SANGFOR SINGAPORE SANGFOR PHILIPPINES SANGFOR PAKISTAN
10 Ubi Crescent, #04-26 Ubi Unit 14B 14th Floor, Rufino Pacific Tower, Office No.210, 2nd Floor, "The Forum",
Techpark (Lobby B), Singapore 408564 6784 Ayala Avenue, Makati City, Metro Manila, Plot No. G-20, Block 9, Khayaban-e-Jami, Clifton,
Tel: (+65) 6276-9133 Philippines Karachi, Pakistan
Tel: (+63) 916-267-7322 South Region: +92 321 2373991
SANGFOR HONG KONG (CHINA) North Region: +92 304 5170714
Unit 1612-16, 16/F, The Metropolis Tower, SANGFOR VIETNAM Central Region: +92 314 519 8386
10 Metropolis Drive, Hung Hom, Kowloon, Hong Kong Unit 11.01 MB Sunny Tower, 259 Tran Hung
Tel: (+852) 3845-5410 Dao Street, Co Giang Ward, District 1, SANGFOR TÜRKIYE
Ho Chi Minh City, Vietnam A Blok. Kat 51. D 643, Atatürk Mh, Ertuğrul Gazi Sk,
SANGFOR INDONESIA Tel: (+84) 903-631-488 Metropol İstanbul Sitesi. 34758 Ataşehir/İstanbul
Atrium Mulia 3rd Floor, Jl. H.R. Rasuna Said Kav. Tel: (+90) 216-5156969
B 10-11 Kuningan, Setia Budi, Kecamatan SANGFOR SOUTH KOREA
Setiabudi, Kota Jakarta Selatan, Daerah Khusus Floor 15, Room 1503, Yuwon bldg. 116, SANGFOR LATAM
Ibukota Jakarta 12910, Indonesia Seosomun-ro, Jung-gu, Seoul, Torre Onyx Segundo Piso, Av. Río San Joaquin 406,
Tel: (+62) 21-2168-4132 Republic of Korea Amp Granada, Miguel Hidalgo, C.P. 11529,
Tel: (+82) 2-6261-0999 Ciudad de México, CDMX
SANGFOR MALAYSIA
No. 45-10 The Boulevard Offices, SANGFOR UAE SANGFOR SAUDI ARABIA
Mid Valley City, Lingkaran Syed Putra, Office #718, Publishing Pavilion, Office No. 3103A, Tower 2, 2nd Floor,
59200 Kuala Lumpur, Malaysia Production City, Dubai, UAE Al Akaria Al Sittin, Salahuddin Street,
Tel: (+60) 3-2702-3645 Tel: (+971) 52855-2520 Al Malaz, Riyadh

SANGFOR THAILAND SANGFOR ITALY GLOBAL SERVICE CENTER

141 Major Tower Thonglor (Thonglor10) Sede Principale: Via Marsala 36B, Tel: +60 12711 7129
Floor 11 Sukhumvit Road, Kholngtan Nuea 21013, Gallarate (VA) [email protected]
Wattana BKK, Thailand 10110 Sede a Roma: Via del Serafico,
Tel: (+66) 02-002-0118 89-91, 00142 Roma RM
Tel: (+39) 0331-6487-73

AVAILABLE SOLUTIONS
IAG - Internet Access Gateway Cyber Guardian - Managed Threat Detection & Response Service
Secure User Internet Access Behaviour Faster Response Through Human/AI Collaboration

Network Secure - Next Generation Firewall HCI - Hyper-Converged Infrastructure

Smarter AI-Powered Perimeter Defence Fully Converge Your Data Center

Endpoint Secure - Endpoint Security MCS - Managed Cloud Services

The Future of Endpoint Security Your Exclusive Digital Infrastructure

Cyber Command - Network Detection and Response VDI - aDesk Virtual Desktop Infrastructure
Smart Efficient Detection and Response Seamless Experience, Secure and Efficient

Omni-Command - Extended Detection and Response Access Secure - Secure Access Service Edge
Revolutionize Your Cyber Defense with Intelligent XDR Secure, Agile, and Everywhere

TIARA - Threat Identification, Analysis and Risk Assessment EDS - Enterprise Distributed Storage
Smart Threat Analysis and Assessment The Only Secured Data Storage You Need

IR - Incident Response
Sangfor Incident Response – One Call Away

Contact Us
https://www.facebook.com/Sangfor [email protected]
https://www.linkedin.com/company/sangfor-technologies [email protected]
https://www.youtube.com/user/SangforTechnologies www.sangfor.com
www.sangfor.com

Copyright © 2024 Sangfor Technologies. All Rights Reserved. Sangfor_BR_P_XDR-Brochure_20241205