What do we mean by “advanced threat protection (ATP) solution”? And why do companies and the Organisations nowadays need advanced solutions for the protection of their networks and devices? We explain it in this article.
1. What we mean by “advanced threat protection solution”
Advanced threat protection solutions (ATP) are platforms of applications that supply an advanced protection against modern attacks on companies, organisations and educational institutions’s networks. To fight cybercriminals on a similar level, it is not enough anymore to resort to obsolete applications. Rather, a much more sophisticated protection is necessary.
The approach takes the name of “Detection & Response”, hence facing the potential danger with a constant monitoring of the devices (end-points) and of the company network, and providing an immediate response. It is also described as a shift from a passive protection mode, where you first get damaged and then try to fix it, to an active one, where the aim is to prevent the attacks.
All the producers of solutions for company security have updated their offer and now include advanced threat protection solutions with platforms that count a central nucleus and two additional modules. Most of them are supplied as a service, hence in the SaaS mode (Software as a Service). This means that the company pays a monthly fixed fee to use the security platform, often made of hardware and software and integrated within its IT architecture. But the service can also be supplied remotely and based on the cloud, once a continuous connection to the company network is in place.
In this case, there might be no need for implementing a security appliance and the connected application platform in the company data center. The IT partners will monitor their clients’ network 24/7 through their SOC (Security Operation Center), following accesses and suspicious traffic of data and documents. But, most of all, they will be continuously updated about the number and nature of the attacks everywhere in the world, thanks to the connection with the different monitoring centers. In this way, they will always be aware of the situation and rapid at implementing counter attack measures.
>> FlashStart protects you from a wide range of threats and prevents access to malicious websites ? Start your free trial now
2. Why do we need advanced protection solutions today?
The current attacks from cybercriminals are very different from the ones of some years ago. They are more complex, more targeted and often burst out after months spent waiting. The most frequent attacks on company networks are carried out through malware. They are small programs that are introduced on the net with different aims. The most common, ransomware, has the aim of blocking access to data, information and documents or stealing them. Unblocking takes place only after the victim company pays for a ransom, requested in bitcoins. Other malware includes trojans, included in a program that the user deems innocuous, and that are able to take control of the end-point. Moreover, there are the backdoors used to penetrate a company network, phishing, and cracking of company access credentials.
In most of the cases the attacker takes control of the company network entering from an end-point, a computer or smartphone of an employee or an IoT device. He does it by acquiring the access credentials for the device, the network, an application like Microsoft 365. To do this, he can use techniques of social engineering, tracing back a username and password thanks to a study of the traces left on the web by the user or through a fake email, and hence using phishing techniques and applications to crack the password.
Currently, cybercriminals have very clear ideas and targets. The main aim of an attack on a company network is extortion. Therefore, they aim to come across confidential documents, projects or, more in general, data that can have a value for the victim or, in a foreign country, for a competitor. And they do it masked as employees, entering the network from an authorized access point. Moreover,differently from what happened years ago, it is normally the case that malware is installed months, in some cases years, before the attack and it remains dormant, waiting to carry out an attack when interesting data start transiting.
The discussion up to now makes it clear that against these attacks the traditional protection solutions are not sufficient, but rather advanced threat protection solutions are needed. In particular, it is fundamental to point the attention on two contexts: access from the end points and a constant monitoring of the traffic on the net. Furthermore, we highlight that no company, of any dimensions or vertical market, can deem to be immune from an attack.
This is the case because more and more often the IT architecture of a supplier of a car producer is, for example, connected to that of the producer himself. This means that the attacker can exploit the supplier’s vulnerabilities to access the producer’s network. And we remind you also this: the GDPR can deem directly responsible for the attack also the supplier, unless he shows he has an advanced protection level.
>> You can activate the FlashStart® Cloud protection on all types of Routers and Firewalls to grant the safety of your desktop and mobile devices and of IoT devices on local networks
3. How do modern protection solutions work
First of all, advanced threat protection solutions (ATP) carry out a constant monitoring of the network traffic. Those who access the network are checked, as well as their activities. This control is supported by artificial intelligence algorithms, especially machine learning and automation. This platform nucleus is described as XDR (extended detection & response). It automatically collects and correlates data at several security levels: emails, remote devices, servers and applications in cloud and on the net.
Machine learning helps advanced threat protection solutions to understand the habits of the users, so as to immediately notice any strange behaviors. For example: why is it that an employee who up to now had always logged in from Milan is all of a sudden connecting from Saigon? Automation algorithms, on the other hand, carry out some automatic activities to grant immediate protection. These include sending an alert, for example, but also blocking the IP from where unexpected traffic originated and other, more sophisticated activities.
Moreover, ATP platforms check thoroughly the ports of a company network, usually through an appliance installed in the company data center. Finally, another component of an ATP platform is the sandbox. This is a virtual place, hidden and protected, where all suspicious files have to transit. As soon as a file is identified, it becomes “hostage” and is checked inside-out. In case an employee receives an attachment in an email, the file is analyzed in real time and it won’t be possible to open it until the platform has verified it.
Another hot topic is access management. It is fundamental, for example, to activate the multifactor authentication, hence access through a double authentication, for example via smartphone. More than that, managing with precision the access privileges: what an user can do within the company network, which documents he can access, and whether it is really necessary for him to have full freedom of action. All this is possible if you use the dedicated tools of an ATP platform.
4.What type of solution you should choose
So, what type of advanced threat protection solutions should you choose? Considering our discussion up to now, cybercrime does not result in any incarceration. All companies, of all dimensions and in all markets, all Organisations, Schools and Institutions, are potentially at risk. And actually, it is especially the smallest and weakest that act as Trojan horses to access wider structures. And if they don’t look for a safe place, they risk not only direct damages but also indirect ones, on clients’ companies, partners and suppliers, and sanctions in line with their turnover, as indicated by the GDPR.
Therefore, there is no doubt that a platform for ATP must be chosen among those made available by the market leaders. If you consider that the most widespread solutions are quite similar and that the same technology is available as a service both for the “bigger” and for the “smaller” players, we strongly advise you to choose an IT partner specialized in security.
It will be the partner who will choose the solution for the client, it will be him who will define the price of the service based on the functions it needs to activate, the number of users connected to the network, the type of documents to protect. And it will still be the partner who will supply all the support during the installation and set-up phases. The most organized, finally, will supply a complete service through their own SOC, relieving the company from all worries.
>> Try now the FlashStart advanced protection, based on AI and safe thanks to a global, ultrarapid Anycast network.
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.