Powerful recognition ability  
SANGFOR IAM products have the largest built-in URL base in China, which can recognize more than 500 Internet application behaviors. In addition, its webpage smart recognition technologies can realize automatic recognition, classification and management of unknown webpage. And its SSL-encrypted traffic recognition (patented) technologies can filter SSL-encrypted websites and outbound Webmail behaviors. It can also filter posting behaviors on SSL-encrypted forum/BBS based on key words, so as to avoid management vulnerability as a result of encryption. 
SANGFOR IAM products’ feature based file recognition technologies can precisely recognize users’ sending out files after modifying/deleting their extension names or compressing/encrypting them. SANGFOR IAM products can notify administrators to take necessary governance measures to avoid disclosure of organizations’ internal information. 

 

Flexible authorization strategy  
By organizing users into a tree structure based on administration architecture, and in combination with object-oriented on-line strategy, it can realize flexible division and allocation of on-line authorization. It can provide re-use, multi-use, inheritance and coerced inheritance of on-line strategies. Different functions can be set up to meet such complex authorization demands on on-line behaviors’ flexibility, easy-to-use and authorization consistence. 

 

Granular traffic control  
SANGFOR IAM products can efficiently and smartly improve your bandwidth value: to expand organizations’ exit bandwidth at the lowest costs. 
By using multi-line traffic control technologies and on-line traffic smart route-selection technologies, SANGFOR IAM products can easily address cross-operator performance bottlenecks. And their technology of “rotation schedule + layered three-color token barrel” can make sure the max fairness in allocation of users’ intranet bandwidth resources. In addition, they can use QQS, traffic shaping, bandwidth borrowing and other advanced functions to guarantee requirements of critical business/users. 

 

Detailed records of on-line trails  
Nowadays, Public Security Ministry’s regulations, enterprises’ basic internal control codes, SOX Act and other related laws are all imposing requirements on on-line behavior recording. Based on powerful recognition ability, SANGFOR IAM products make sure recording of the most detailed and complete on-line logs, and they can intuitively display log information by using visual reporting tools. 

 

Security protection ability  
Another important reason for management of on-line behaviors is to improve on-line security, so as to deal with risks on Internet. Dangerous plug-ins, malicious scripts and Trojan websites exist everywhere. What can we do if intranet users are infected with Trojan or virus , or are controlled by hackers, resulting in passive secret disclosure? SANGFOR IAM products can make in-depth analysis of packets, recognize and block intranet-borne virus, Trojan, spyware, hackers’ remote control, port scanning and other dangerous behaviors, help your fully improve intranet security and easily tackle the problems above. 
In addition, SANGFOR IAM products’ built-in industry-famous virus-prevention engine can completely search and kill all kinds of virus and Trojan, protecting intranet security from the beginning. 

 

Intelligent management to improve management efficiency  

Another support point for deployment of IAM devices is: to lower enterprise management and operation costs via scientific management. When administrators pre-set on-line behaviors’ risk features and risk coefficients, SANGFOR IAM products’ smart risk reporting functions can analyze and mine logs and automatically “quitting risks, secret-disclosure risks, inefficient work” and other behaviors. Via pre-define thresholds for employees’ on-line time and traffic, the products can realize automatic pop-up of dialog boxes for reminding. Such technologies as audit-free key and audit-free log key can help units avoid over-auditing.  

 

Deployment mode   Multiple deployment modes support gateways, bridges, multi-bridging, bypass and other methods.   Users recognition   To support local authentication, third-party combined authentication, WEB authentication, IP/MAC binding and etc. ; to support SSO function.   Management function   To support hierarchy management of Web, CLI and administrators as well as management online users, frozen users and etc.; to support hardware authentication, so as to make sure device access authentication security.   Terminal recognition   To detect terminals based on operating systems, system processes, registry and etc. Those terminals incompliant with network security strategies will be not allowed going on line, thus improving intranet security.   Application recognition   Webpage recognition   Built-in massive static URL base. And to support manual addition of webpage addresses and classifications. To filter websites, webpage texts and etc. based on key words; to filter SSL-encrypted websites, network posts and etc.; to support smart webpage classification.   File type recognition   To recognize HTTP, FTP and other transmission files; to recognize outbound files, so as to prevent such outbound behaviors as tampering and deletion of extension names as well as compression of files; to support file white-list filtering; to support recognition of encrypted files.   Application protocol recognition   Built-in application protocol recognition base. To support manual addition; can recognize Free Gates, limitless browser and other encryption proxy software; can recognize WOW and many other network games. Intelligent P2P recognition technologies can recognize common P2P, encrypted P2P and future P2P software; can recognize MSN, Yahoo! Skype and other scores of IM chat tools; support recognition of voice video, share-trading software, online steam media and etc.   On-line authorization   Webpage control   To support filtering of plain-text and cipher-text webpage; to support file filtering; to support post reading but not post publishing.   Email control   To control outbound Email, and to support recording of mail delay trail.   Separating of dangerous behaviors   To support blocking of abnormal traffic behaviors, so as to improve intranet security.   Strategy management   To support coerced inheritance of strategic objects; and to support enabling and disabling of them.   Traffic control   To support multiplexing technologies and smart route-selection; can virtualize one physical line as many virtual lines; to support user-defined traffic-control-free behaviors; to support P2P traffic control; to support traffic control based on application type, website, file type and etc.; to apply TOP N traffic maps.   On-line trail record   Real-time monitoring   To provide many kinds of behavior statistics and real-time ranking, including statistics of virus, attacks dangerous behaviors and etc.   Data center   To support built-in data centers and external data centers, and to realize massive log storage.   Trail record functions   Powerful trail recording functions, including trail recording of IM, webpage behaviors, post-publishing behaviors, Email behaviors, outbound file and etc.   On-line security   To support automatic alarming, ARP-cheating prevention and firewall functions; to support gateway virus-prevention functions and etc.   Rich reports   To support self-defined report functions and report exporting functions; to provide Google-like searching functions, so as to fast query what is needed.