Advanced Threat Prevention (ATP) is a suite of analysis tools designed to defend against advanced threats that use known and unknown attack vectors. ATP augments more common security solutions aimed at repelling known intrusion strategies.
Advanced threats are those that seek to surreptitiously gain access to a network and remain, undetected, in that network for months or even years, exfiltrating large amounts of data, conducting espionage, and/or causing significant damage.
Cyber attackers are continuously developing ever-more sophisticated strategies to gain access to networks. These attacks are typically well-funded, often specifically targeted, and involve complex malware that is designed to avoid common security defenses. Countering advanced threats requires advanced analytic tools that can provide rapid visibility, analysis, context, and response into the contents and actions of malicious network traffic.
By incorporating a leading ATP solution into your security stack, you harness four critical advantages:
- Threat Visibility Everywhere: In leveraging multiple threat detection techniques at once, ATP delivers deep visibility into all network traffic.
- Advanced Malware Detection: ATP helps secure the data center against threats that have been engineered to evade standard security tools.
- Lower False Positives: ATP can greatly improve the accuracy of your alerts, which means your security teams can focus on a smaller set of actual intrusions.
One of the most performant ATP solutions available today is the VMware Advanced Threat Prevention offering for the NSX Distributed Firewall. Leveraging a combination of network traffic analysis, intrusion detection and prevention and advanced malware analysis with comprehensive network detection and response capabilities, the solution is purpose-built to protect data center traffic with the industry’s highest fidelity insights into advanced threats.
Fundamentally, Advanced Threat Prevention solutions perform sophisticated detection and analysis on suspicious network traffic, often employing hardware emulation and supervised and unsupervised machine learning models. ATP solutions attempt to identify threats early – before they can do damage – and respond quickly in the event of a breach. The goal is to protect the network with the highest possible fidelity insights into the most challenging threats.