Advanced Threat Protection Definition
Advanced threat protection (ATP) is a subset of security solutions built to defend sensitive data against complex cyberattacks including malware, phishing campaigns, and more. ATP technology often combines cloud security, email security, endpoint security, and more to augment your organization’s defenses amid the ever-changing threat landscape, enabling you to better anticipate and prevent costly security breaches.
Cybercriminals’ attack methods and tactics are becoming more sophisticated all the time. Plus, and as data continues its move to the cloud, attack surfaces are widening and new attack vectors are rising to prominence. Fortunately, cybersecurity technology has evolved in kind, moving past firewalls and traditional network security to overcome these new avenues and types of cyberthreats.
What are the Benefits of Advanced Threat Protection?
In the modern threat landscape, ATP lets you fight fire with fire. Unlike traditional security products, which tend to be disconnected single-purpose solutions, today’s most effective tools work together to give you:
- Real-time threat visibility: Today’s high threat volume doesn’t allow you to wait for scheduled scans to see if you’re secure. Effective advanced threat protection monitors all your traffic, all the time, unlike legacy antivirus solutions.
- Shared cloud intelligence: Patching your protection is inconvenient at best, impossible at worst. With cloud-delivered threat intelligence, as soon as a given solution stops a new threat anywhere, it can stop it everywhere.
- Centralized context and correlation: Reactive, real-time, predictive security measures powered by advanced AI give your security team the full picture, meaning faster threat detection, prevention, and remediation.
What Makes a Threat “Advanced?”
A threat can earn this label for a few different reasons. For instance, a threat may be advanced if:
- Its perpetrators have unlimited resources or tools to carry out an attack and maintain access to a network
- Attackers have ready access to funding to adapt an attack as needed
- An attack has been crafted to target a specific organization
Let’s put a little more context around advanced threats in their various forms.
Advanced Persistent Threats
An advanced persistent threat (APT—not to be confused with ATP) is an attack in which an attacker stealthily gains access to an organization’s network and establishes a foothold, allowing them to remain there undetected for an extended period. APTs often target a specific company and tend to use advanced malware that can bypass or dodge common security measures. They are sophisticated attacks that need to be met with equally sophisticated defense.
Once an attacker gains access to a target network, usually through credential phishing attacks or malware, they may be able to access anything from company data to private conversations and other sensitive material. If they stay undetected for long enough—weeks, months, or perhaps even years—they can gather huge amounts of data to use for malicious purposes.
What are the Most Common Advanced Attack Methods?
Advanced attacks share a few core techniques that most frequently get bad actors where they want to go. The most prevalent of these are:
- Phishing lures a user into following a link from a seemingly trusted source to gain access to company credentials or information. This is the most common method for APT attackers to gain access to an internal network.
- Installing malware helps cyberattackers burrow deeper into a network once they’ve gained access, enabling them to monitor activity and collect company data. This is most often done through phishing.
- Password cracking allows attackers to gain administrative access and have free rein within a network.
- Creating a backdoor ensures a way back into the network if an attacker needs to leave.
[A Ponemon survey revealed] a significant decline from 71 percent of respondents who believed their organizations were effective at mitigating risks, vulnerabilities and attacks across the enterprise prior to COVID-19 to only 44 percent of respondents during COVID-19.
Data breach costs rose from USD 3.86 [in 2020] million to USD 4.24 million [in 2021], the highest average total cost in the 17-year history of this report.
How Does Advanced Threat Protection Work?
Advanced threat protection solutions are built to detect and respond to advanced threats before they cause data loss or otherwise harm your organization. While offerings from different service providers vary widely in their core functions, ATP solutions often include:
- Network traffic analysis to monitor your network for security and operational anomalies
- Threat intelligence sharing to offer all of a given provider’s customers the same protection
- Sandboxing to detect and isolate suspicious files for analysis and response
Shortcomings of Legacy Sandboxing Solutions
As the space has evolved—with advances in machine learning and automation making ATP faster and more accurate—sandboxing remains a crucial advanced security tool. However, legacy approaches to sandboxing have three key shortcomings in today’s environments:
Legacy sandboxes rely on backhauling—that is, forcing data through a central network—because they’re tied to hardware in a data center, making them too slow to effectively protect a growing remote workforce.
Legacy sandboxes use Terminal Access Point (TAP) mode to inspect suspicious files, performing analysis as the files travel to a destination. The sandbox sends an alert if it detects a threat, but because TAP inspection doesn’t actually block files, it’s often too late.
Legacy sandboxes can’t effectively inspect encrypted traffic without slowing it to a crawl. Most malware is delivered over encrypted channels today, and some organizations would need eight times as many sandbox appliances to get enough processing power.
Zscaler Advanced Threat Protection
Zscaler Cloud Sandbox is a cloud-based, AI- and ML-driven malware prevention engine built to stop emerging threats and protect all your employees, wherever they are. Instead of working in TAP mode, it operates inline, inspecting all your traffic—including encrypted traffic—before forwarding any suspicious file. With always-on zero day protection, ransomware protection, and real-time visibility into malware behavior, it continuously detects and blocks new and evolving threats as they emerge.
Zscaler Cloud Sandbox is a fully integrated capability of Zscaler Internet Access™, part of the Zscaler Zero Trust Exchange™. The platform is delivered as a cloud service, and with no hardware to buy or software to manage, you’ll eliminate complexity and be up and running in minutes.