Resources > Security Terms Glossary > What is Advanced Threat Protection

What is Advanced Threat Protection ?

What is Advanced Threat Protection ?

As cybercriminals learn and adapt and cyberattacks become increasingly sophisticated every day, cybersecurity technology has evolved to keep up and anticipate potential threats and attacks that could pose a risk to companies, governments, and other organizations. But even with security protection technology anticipating the actions of bad actors, new and unknown attacks can still occur, especially if an organization doesn’t have the right advanced security controls in place.

Advanced threat protection (ATP) is defined as an array of security solutions that defend against complex malware and cyberattacks that target sensitive data. ATP technology can help an organization adapt to the ever-changing strategies of cybercriminals and better anticipate and prevent costly security breaches.

What makes a threat “advanced?”

A threat or attack is considered advanced when attackers have unlimited resources or tools to carry out the attack and maintain access to a network, have access to continued funding to adapt the attack as needed, or if the attack is specifically created to target a specific organization, among other instances.

To understand how to defend against advanced threats, it’s important first to understand what they are and how they can impact your organization.

An advanced persistent threat (APT) is defined as an attack in which an unauthorized person or group stealthily gains access to an organization’s network and remains there undetected for an extended amount of time. APT attacks are often carefully coordinated and customized to target a specific company and use malware that can bypass or dodge common security protections. These attacks are a prime example of a malicious attack that requires equally sophisticated security technology to prevent and mitigate.

Once the attacker has gained access to the network, usually by phishing or installing malware, they can view company files, conversations, data, and other sensitive material. By going undetected for an extended period of time, from weeks or months to years in some cases, the attacker can gather significant amounts of company data to use for myriad malicious purposes.

While roughly 2/3 of the world’s small- and medium-sized businesses are now experiencing cyber attacks, 45% still feel that their cybersecurity posture is “ineffective.” 39% still do not have an incident response plan in place

- Ponemon Institute

What are the most common tactics of advanced threat attacks?
  • Phishing, sending links from a seemingly trusted source to gain access to company credentials or information, is the most common method for APT attackers to gain access to an internal network.
  • Installing malware, once access has been granted, helps cyberattackers burrow within the network, monitor activity, and collect company data.
  • Password cracking helps attackers gain administrative access and have free roam of the network.
  • Creating a backdoor ensures attackers have a way back into the network.

The average financial cost of a data breach is $3.86m

- IBM

How can you defend against advanced threats?

While some industries and businesses are larger and more valuable targets for advanced threats, all businesses should be aware of preventive measures they can take as these attacks become more prevalent.

The ATP landscape is evolving as cyberattacks become more sophisticated. Sandboxing protection, which inspects suspicious files, is crucial for ATP, but this technology has historically been stored in legacy hardware within a data center and doesn’t protect an ever-increasing remote workforce.

Furthermore, the suspicious file is typically inspected in TAP mode, which means that the file is pulled into the sandbox for testing while being sent through to the recipient. If the sandbox detects a threat, it sends an alert. Unfortunately, that alert can come too late, after the damage has already been done. Additionally, more than half of malware today is delivered over encrypted SSL channels, but budget and performance limitations prevent many organizations from detecting these vulnerabilities until it’s too late.

A cloud-based security technology solution can add additional layers of ATP by protecting all employees, both onsite and remote. And instead of working in TAP mode, Zscaler Cloud Sandbox operates inline, meaning inspection of all traffic within an organization’s network, including SSL, occurs before any suspicious file is forwarded.

Always-on, zero-day protection, ransomware defense, and magnified, real-time visibility into malware behavior adds extra protection. A comprehensive security solution must be able to stop known threats, provide real-time prevention of zero-day attacks, and use predictive technology to further protect your organization from new and evolving threats.

Learn how Zscaler's advanced threat protection solution can help protect your organization.

54% of advanced threats hide behind SSL 8x more security appliances are required to inspect all traffic

- ATP solution brief