Sangfor operates on the premise that “Precaution is Always Better Than a Cure,” but Sangfor also believes that a lesson learned could greatly increase cyber security awareness among employees, including those at an executive level. Protecting the organization from attack is not the responsibility of only the IT security team, but of everyone in the organization. 

“All men make mistakes, but only wise men learn from their mistakes.”

– Winston Churchill, former PM of the UK

Sangfor provides a closed-loop incident response service solution to organizations, separating security incidents into three major phases:

1. Pre-Incident Phase

In the pre-incident phase, Sangfor helps the organization assess external attack surfaces and vulnerabilities before the attack occurs. Organizations immediately know if existing network architecture, network setup, security practices and security controls are sufficient to defend against malware attacks like Advanced Persistent Threat (APT) and most ransomware and mining viruses. Attack surfaces, vulnerabilities, weak areas and risks are identified before the attackers can take advantage or exploit them. Organizations are advised to fix vulnerabilities and create a risk mitigation plan according to recommendations provided by Sangfor, reducing the likelihood of being attacked and keeping associated risks to a minimum.

2. Mid-Incident Phase

Should a malware attack successfully, the Sangfor Incident Response Team will provide immediate support, within the scope agreed to in the SLA, to mitigate the incident and minimize impact. During this phase, Sangfor will assist customers by performing compromised machine containment, forensic investigation, evidence collection and malware eradication.

3. Post-Incident Phase

After the impacted services have recovered and the incident case is closed, organizational business operations will be operating as usual. Sangfor will review the organizations’ protection capabilities against malware attack, and provide external attack surface assessment services and external firewall rule set and configuration review, ensuring that new vulnerabilities, weak points and misconfiguration are identified, preventing similar attacks in the future.

Scope of Incident Response Service

  • External Attack Surface Assessment
  • External Firewall Ruleset and Configuration Review
  • Malware Family and Type Identification
  • Initial Attack Vector Identification
  • Kill Chain / Chain of Infection Determination
  • Indicator of Compromise (IOC) Determination
  • Malware In-depth Analysis
  • Malware Eradication
  • Remediation
  • Internal Network Threat Analysis and Assessment (for selected customers only)

Incident Response Service Deliverable

  • External Attack Surface Assessment Report
  • Security Incident Report
  • Yearly Security Incident Report
  • External Firewall Ruleset and Configuration Review Report
  • Security Strengthening and Reinforcement Proposal
  • Threat Analysis and Remediation Report (for selected customers only)

Why Sangfor Incident Response?

Sangfor Incident Response Advantages:

1. Determination of Potential External Threats

The external vulnerability assessment can simulate how an attacker identifies attack surfaces, gains entry to the network and eventually focuses on exploiting a certain point to threaten to the whole network. In this way, potential network-wide security vulnerabilities are determined.

2. Security Awareness Enhancement

Any potential vulnerability, no matter how small, identified from the external view of an organization has the potential for disaster. Therefore, the external attack surface assessment service enables the responsible personnel to effectively eliminate any tiny security defect, thereby reducing the overall security risk.

3. Security Skill Improvement

The user’s security skills are improved during interaction with the investigators and analysts. In addition, the investigation results and lessons learned help customers in identifying the vulnerabilities and mistakes that may have been overlooked previously, allowing the customer to fixing the issue and prepare a remediation plan, reducing the likelihood a secondary attack.

How is Sangfor Different from Others?

Summary of Solution Benefits

  • Strengthened defenses against future attacks
  • Minimize impact and damages should an attack occur
  • Prepare for future attacks
  • Reduce downtime & ensure business continuity
  • Maintain public trust
  • Competitive and cost-effective services
  • Immediate response
  • Assessment service to reduce the likelihood of attacked
  • Professional security reinforcement and strengthening advice

For inquiries, email us at



No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *