In the modern threat landscape, ATP lets you fight fire with fire. Unlike traditional security products, which tend to be disconnected single-purpose solutions, today’s most effective tools work together to give you:
A threat can earn this label for a few different reasons. For instance, a threat may be advanced if:
Let’s put a little more context around advanced threats in their various forms.
An advanced persistent threat (APT—not to be confused with ATP) is an attack in which an attacker stealthily gains access to an organization’s network and establishes a foothold, allowing them to remain there undetected for an extended period. APTs often target a specific company and tend to use advanced malware that can bypass or dodge common security measures. They are sophisticated attacks that need to be met with equally sophisticated defense.
Once an attacker gains access to a target network, usually through credential phishing attacks or malware, they may be able to access anything from company data to private conversations and other sensitive material. If they stay undetected for long enough—weeks, months, or perhaps even years—they can gather huge amounts of data to use for malicious purposes.
Advanced attacks share a few core techniques that most frequently get bad actors where they want to go. The most prevalent of these are:
Ponemon Institute, Cybersecurity in the Remote Work Era
IBM, Cost of a Data Breach Report 2021
Advanced threat protection solutions are built to detect and respond to advanced threats before they cause data loss or otherwise harm your organization. While offerings from different service providers vary widely in their core functions, ATP solutions often include:
As the space has evolved—with advances in machine learning and automation making ATP faster and more accurate—sandboxing remains a crucial advanced security tool. However, legacy approaches to sandboxing have three key shortcomings in today’s environments:
Zscaler Cloud Sandbox is a cloud-based, AI- and ML-driven malware prevention engine built to stop emerging threats and protect all your employees, wherever they are. Instead of working in TAP mode, it operates inline, inspecting all your traffic—including encrypted traffic—before forwarding any suspicious file. With always-on zero day protection, ransomware defense, and real-time visibility into malware behavior, it continuously detects and blocks new and evolving threats as they emerge.
Zscaler Cloud Sandbox is a fully integrated capability of Zscaler Internet Access™, part of the Zscaler Zero Trust Exchange™. The platform is delivered as a cloud service, and with no hardware to buy or software to manage, you’ll eliminate complexity and be up and running in minutes.
Combating Advanced Persistent Threats (APTs) with Cloud Sandboxing
Read the white paperZscaler Advanced Threat Protection
Learn more