Advanced Threat Protection

Next level protection against advanced malware, targeted attacks and zero-day exploits

Download PDF

When existing antivirus protection and/or intrusion prevention systems being used are no longer capable of solely dealing with modern, persistent threats, it is essential to add Advanced Threat Protection to a company’s security environment.

The Barracuda Difference

Unlike many other first-generation, advanced, persistent threat security vendors, Barracuda Networks’ Advanced Threat Protection (ATP) implements full-system emulation which provides the deepest visibility into malware behavior while simultaneously being the toughest one to evade. Files are checked against a cryptographic, constantly updated hash database, and in case the file is not known, it is emulated in a virtual sandbox where malicious behavior can be discovered. While traditional solutions mostly detect network threats after they have breached the network and after sending log notifications to the administrator, Barracuda CloudGen Firewall supports two types of emulation policies that can be assigned to specific file types.

The first policy is the traditional “let the user download a file and forward it to the emulation service.” As soon as the fi le is scanned and malicious file activity has been identified, a log event will be created and the administrator can contact the user to remediate the threat. Since the malware has been downloaded to the corporate network, preventing the malware from spreading and damaging valuable corporate assets is now key. In order to minimize this breakout, Barracuda CloudGen Firewall provides an automatic User/IP/machine blacklisting feature that will automatically quarantine victims of advanced malware by blocking further network activities. The second policy that can be assigned on a per-file basis forces the user to wait until the file is emulated and not malicious or suspicious. Only benign files will be forwarded to the respective user.

The Barracuda Advantage

  • Flexible, Simple Deployment: Easy to deploy, easy to use, and aff ordable Advanced Persistent Threat Protection. No new equipment is needed.
  • Full System Emulation: Not only detects targeted and persistent attacks, but also malware that was designed to evade detection by traditional sandboxes used by fi rstgeneration advanced persistent threat security vendors.
  • Automatic User and IP Blacklisting: Based on identifi ed malware activities infected users can be automatically blocked from the corporate network.
  • Unrivaled Detection Speed: Provides instant threat visibility and protection.
  • Customizable, On-demand Analysis Reports: Available for any emulated fi le providing full information on malicious activities such as registry entries, network activity (e.g., botnet command and control center traffi c), or obfuscation tactics.
  • Information on Identifi ed Malware: It’s centrally stored and shared in order to optimize emulation.
  • Botnet and Spyware Protection: In combination with the ATP cloud database, all Barracuda CloudGen Firewalls provide protection against botnet infections. Once an infected client is detected, it can be isolated automatically, and an alert can be created instantly.

Key Features

  • Prevent malicious files—even unknown ones—from entering the organization and avoid network breaches.
  • Identify zero-day malware exploits, targeted attacks, advanced persistent threats and other advanced malware which routinely bypass traditional signature based IPS and antivirus engines.
  • Granular Control over PDFs, EXEs/MSIs/DLLs, Android APKs, Microsoft Office files, and compressed files and archives
  • Botnet and Spyware Protection
  • Full interoperability with the integrated SSL Inspection files can be extracted and checked in order to detect advanced malware in the encrypted stream.
  • Cloud based emulation – resource intensive file emulation is offloaded to the Barracuda Cloud.
  • Learning local cryptographic hash database for emulation optimization
  • Multiple and simultaneous OS environments for emulated files
  • Automatic email notifications in case malware activity has been identified can help minimizing the time for reaction of the administrator in order to mitigate the network breach.
  • Available for hardware and virtual appliances as well as for Microsoft Azure, Amazon AWS and Google Cloud.

Analysis and Prevention of Threats (Malware, Infected Objects)

  • Dynamic, on-demand analysis of malware programs (sandboxing)
  • Dynamic analysis of documents with embedded exploits (PDF, Office, etc.)
  • Detailed forensics for both, malware binaries and web threats (exploits)
  • High resolution malware analysis (monitoring execution from the inside)
  • Support for multiple operating systems (Windows, Android, etc.)
  • Flexible malware analysis in the cloud

Availability

  • The Barracuda Advanced Threat Protection is available as a separate subscription.
  • All Hardware Appliances
  • All Virtual Appliances
  • Microsoft Azure, Amazon AWS and Google Cloud