Learn more about advanced threat protection solutions and services in Data Protection 101, our series on the fundamentals of data security.
A DEFINITION OF ADVANCED THREAT PROTECTION
Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but most include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.
HOW ADVANCED THREAT PROTECTION WORKS
There are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:
- Real-time visibility – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.
- Context – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.
- Data awareness – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.
When a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:
- Halting attacks in progress or mitigating threats before they breach systems
- Disrupting activity in progress or countering actions that have already occurred as a result of a breach
- Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed
BENEFITS OF ADVANCED THREAT PROTECTION SOFTWARE AND SERVICES
The primary benefit offered by advanced threat protection software is the ability to prevent, detect, and respond to new and sophisticated attacks that are designed to circumvent traditional security solutions such as antivirus, firewalls, and IPS/IDS. Attacks continue to become increasingly targeted, stealthy, and persistent, and ATP solutions take a proactive approach to security by identifying and eliminating advanced threats before data is compromised.
Read More : Health Insurance Plans 2020
Advanced threat protection services build on this benefit by providing access to a global community of security professionals dedicated to monitoring, tracking, and sharing information about emerging and identified threats. ATP service providers typically have access to global threat information sharing networks, augmenting their own threat intelligence and analysis with information from third parties. When a new, advanced threat is detected, ATP service providers can update their defenses to ensure protection keeps up. This global community effort plays a substantial role in maintaining the security of enterprises around the world.
Enterprises that implement advanced threat protection are better able to detect threats early and more quickly formulate a response to minimize damage and recover should an attack occur. A good security provider will focus on the lifecycle of an attack and manage threats in real-time. ATP providers notify the enterprise of attacks that have occurred, the severity of the attack, and the response that was initiated to stop the threat in its tracks or minimize data loss. Whether managed in-house or provided as a service, advanced threat protection solutions secure critical data and systems, no matter where the attack originates or how major the attack or potential attack is perceived.
Stop Advanced Threats that Evade Traditional Detection Techniques
Modern attacks are rapidly growing in volume and sophistication. New malware strains are designed to evade traditional detection techniques and are often propagated through targeted, zero-hour attacks. And these new malware variants are appearing faster and in greater number than ever before—new ransomware variants alone are predicted to appear at a rate of more than 200 per quarter for the foreseeable future.
Barracuda Advanced Threat Protection is an integrated cloud-based service that analyzes traffic across all of the major threat vectors.
Barracuda Advanced Threat Protection uses advanced machine learning techniques to stay ahead of ever-evolving malware, including new variants that are capable of exploiting one or more threat vectors.
Benefits of a Layered Defense
Stopping advanced threats from reaching your users and data requires a layered defense. In a 2016 independent test conducted by MRG Effitas and AV-Comparatives, the Barracuda CloudGen Firewall, with Barracuda Advanced Threat Protection technology enabled, was the only solution tested to achieve 100-percent effectiveness, along with a zero-percent rate of false positives.
Barracuda’s multi-layer defense pre-filters possible threats by using increasingly sophisticated analysis, to optimize efficiency and ensure rapid response to any type of attack without compromising network performance or security policies.
Announcing Windows Defender Advanced Threat Protection
We designed Windows 10 from the very beginning to be our most secure platform ever. With features like Credential Guard, Device Guard, Windows Hello, and Enterprise Data Protection, Windows 10 offers unique defenses from attacks. Windows Defender, our free anti-malware service, provides protection to almost 300 million devices – every day. And Windows continues to raise the defenses in the system every month as any security issues are investigated and proactively updated through Windows Update.
This ongoing commitment to security has led to strong demand from enterprise customers. From the Department of Defense, which is adopting Windows 10 across all branches of service, starting this year with 4 million devices – to NASCAR to Virgin Atlantic to schools all over the world – we’re excited to see customers with the most demanding requirements move to Windows 10 faster than ever before.
Today, we announce the next step in our efforts to protect our enterprise customers, with a new service, Windows Defender Advanced Threat Protection.
Cyber Attacks Are Increasing in Sophistication
We’re seeing increasingly brazen cyberattacks. Cybercriminals are well organized with an alarming emergence of state-sponsored attacks, cyber-espionage and cyber terror. Even with the best defense, sophisticated attackers are using social engineering and zero-day vulnerabilities to break-in to corporate networks. Thousands of such attacks were reported in 2015 alone. We’ve found it currently takes an enterprise more than 200 days to detect a security breach and 80 days to contain it. During this time, attackers can wreak havoc on a corporate network, stealing data, breaching privacy, and destroying the trust of customers. These attacks are incredibly expensive, costing organizations an average of $12 million per incident with broader impact to a company’s reputation.
As the attackers’ approaches have evolved and become more sophisticated, so too must our approach to provide security to our enterprise customers. And, our customers agree, as 90% of surveyed IT Directors said they need a full-fledged advanced threat protection solution that identifies attacks quicker with comprehensive intelligence, and provides actionable remediation.
Windows Defender Advanced Threat Protection will Help Detect, Investigate and Respond to Attacks
To help protect our enterprise customers, we are developing Windows Defender Advanced Threat Protection, a new service that will help enterprises to detect, investigate, and respond to advanced attacks on their networks. Building on the existing security defenses Windows 10 offers today, Windows Defender Advanced Threat Protection provides a new post-breach layer of protection to the Windows 10 security stack. With a combination of client technology built into Windows 10 and a robust cloud service, it will help detect threats that have made it past other defenses, provide enterprises with information to investigate the breach across endpoints, and offer response recommendations.
Windows Defender Advanced Threat Protection:
1) Detects Advanced Attacks provides key information on who, what, and why the attack happened. Sophisticated threat intelligence enables attack detection, informed by the world’s largest array of sensors and expert advanced threat protection, including a team of experts at Microsoft and expert security partners.
Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.
This data is then augmented by expertise from world-class security experts and advanced threat protection Hunters from across the globe, who are uniquely equipped to detect attacks.
2) Response Recommendations. The service’s security operations data provides an easy way to investigate alerts, explore the entire network for signs of attacks, examine attacker actions on specific devices, and get detailed file footprints from across the organization to recommend responses.
With time travel-like capabilities, Windows Defender Advanced Threat Protection examines the state of machines and their activities over the last six months to maximize historical investigation capabilities and provides information on a simple attack timeline. Simplified investigation tools replace the need to explore raw logs by exposing process, file, URL and network connection events for a specific machine or across the enterprise.
And, a cloud-based detonation service enables files and URLs to be submitted to isolated virtual machines for deep examination. In the future, Windows Advanced Threat Protection will also offer remediation tools for affected endpoints.
3) Complements Microsoft Advanced Threat Detection Solutions. Because Windows Defender Advanced Threat Protection is being built into Windows 10, it will be kept continuously up-to-date, lowering costs, with no deployment effort needed. Powered by a cloud backend, no on premise server infrastructure or ongoing maintenance is required. It complements email protection services from Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.
Already Protecting 500,000 Endpoints
Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments. Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services.
Here is a sampling of feedback we’re hearing from some of our early adopter customers:
“Cyber security is my biggest concern and securing all endpoints in my organization is my current priority. Windows Defender Advanced Threat Protection is unique in that it can see exactly what’s going on across every endpoint, which other solutions are failing to address.” Greg Petersen, Senior Director, IT Security, Avanade
“You need to have several layers of defenses, and Windows Defender Advanced Threat Protection adds to our defense strategy. The worldwide sampling that only Microsoft can offer helps find questionable behavior on our computers and alerts us in a timely manner, making our computers and network safer.” Fran De Hann, Senior Security Advisor, Pella Windows
“Deploying Windows Defender Advanced Threat Protection gave us incredible awareness about several critical security vulnerabilities in our network, which we’ve already taken immediate action to address, along with updating our security policies.” Henrik Pedersen, IT Manager, TDC Hosting, Denmark
We encourage our customers to upgrade to Windows 10 for our most advanced security protection, with the opportunity to take advantage of Windows Defender Advanced Threat Protection when it becomes available more broadly this year. We are excited to offer this service to protect our customers.