Protects all major threat vectors
Stop Advanced Threats that Evade Traditional Detection Techniques
Modern attacks are rapidly growing in volume and sophistication. New malware strains are designed to evade traditional detection techniques and are often propagated through targeted zero-day attacks. These new malware variants are appearing faster and in greater numbers than ever before — new ransomware variants alone are predicted to appear at a rate of more than 200 per quarter for the foreseeable future. Barracuda Advanced Threat Protection (ATP) is an integrated cloud-based service that analyzes traffic across the major threat vectors.
Get Layered Defense for Better Protection
Fast response
By pre-filtering threats, as they move through the layers, Barracuda ATP can respond very quickly to any type of attack with minimal delays and without requiring any compromises to security policies.
Shared threat data
Barracuda ATP threat detection layers automatically share analysis results with each other, improving detection and response to new threats, as more data is processed.
Block attacks sooner
Ensure that repeated instances of threats can be caught quickly at the lower layers while leaving the more resource-intensive layers, like sandboxing, free to operate on emerging threat variants.
Advanced threat signatures
Over a quarter million Barracuda endpoints and other sources of threat data come together to create a threat intelligence signature database that is shared across all security products in real time. Signatures are created for all artifacts and compared to hundreds of millions of signatures already stored. Any unknown artifact is uploaded to the Advanced Threat Protection Cloud for further investigation.
URL dynamic analysis
Real-time analysis examines a URL’s content to identify any suspicious behavior. This includes checking for PII in query parameters, potential malicious payloads, such as executables and archives, and popular website frameworks that are frequently targeted for compromise. Additionally, URLs are checked against a vast, constantly updated database of known malicious sources.
AI-enabled behavioral heuristics
The AI-enabled behavioral and heuristic analysis layer of Barracuda Advanced Threat Protection works by executing parts of an unknown artifact in a controlled environment. The resulting behavior is analyzed for common malware activities, such as replication, file overwrites, and attempts to obfuscate the suspicious code. Other suspicious activities include excessively long timers, programming loops that run for days, and code that tries to access the registry or memory functions.
Static analysis
Static code analysis examines parts of an executable without actually executing it. Malicious code writers attempt to obfuscate their malicious code to subvert the malicious code detectors, including anti-virus software. The static analysis layer analyzes and de-obfuscates any questionable code constructs. This layer is a fast, highly effective method of pre-filtering malware before sending questionable files to the sandboxing layer.
Dynamic analysis
The dynamic analysis layer targets zero-day malware and other advanced threats, which are highly elusive and can remain undetected for months. A combination of analysis and de-obfuscation of suspicious code makes this layer fast and highly effective at pre-filtering malware for cloud-based sandboxing.
Cloud-based sandboxing
A comprehensive cloud-based sandbox detonates any artifact that is not conclusively analyzed by other layers. Advanced detonation techniques simulate an entire host with methods that go beyond common cyber threat detection. Behavioral analysis, heuristics, profiling, and machine learning take care of previously concealed memory artifacts and hidden code layers. While intelligent code transformation helps defeat evasion and delivers near real-time classification. According to the verdict of the sandboxing, the file is then blocked or marked benign and forwarded. Cloud-based sandboxing is specifically designed to meet demands for third-party data privacy and, thus, meet the requirements for GDPR compliance.
Global Threat Intelligence Network
Barracuda Advanced Threat Protection leverages a global threat intelligence network that ingests vast amounts of diverse threat information from millions of collection points around the world. These include: deployed Barracuda endpoints; honeypots, or decoys intended to attract the attention of threat actors and criminals; autonomous crawlers, bots that travel the internet actively seeking out new threats; third-party malware submissions; and analysis by Barracuda Labs.
All this information comes together to create the most up-to-date view possible of the threat environment. Threat intelligence is shared in real time with all Barracuda deployments that have Advanced Threat Protection enabled, giving you the best protection in the industry against advanced threats.
