Learn More About the Key Use Cases Of Network ATP Technology

Advanced Threat Protection (ATP) is used to protect against sophisticated, highly skilled, well funded and motivated threat actor . The solution uncovers advance threats across Endpoints, Network, Email and Cloud. These solutions are used to detect advanced persistent threats that existing controls are not able to detect or are simply not capable of doing it.
Advance threat protection is not about a single security solution, It is about a combination of security controls, best practices/procedures, security awareness and continuous monitoring. It is more of a program based approach than a single solution. Although we understand Advance threat protection has a broad scope, here in this category we have focused on tools/solutions those employs both signature based and signature-less methods (Advance Sandboxes, Behavioral analytics, Advance correlation/machine learning, Deception technique etc. ) to detect advance threats by analyzing Web, and Network traffics. Here we call them Network Advance Threat Protection solution.

Key Use cases:

  • To detect advance Targeted attacks which may go undetected by your SIEM, IPS/IDS, FW, Endpoint Security tools: Detect Custom built malware/ zero-day attacks against your organization fast by using advance detection and mitigation tools
  • Reduce Man hours required to detect, respond and gain insights into a security breach: Mitigate incidents in minutes by quick detection and automatic remediation. Future proof yor organization defenses by applying endpoint and network forensics to gain insights into attacker tactics, techniques and procedures.
  • Looking to deploy Sand-boxing solution: Sand-boxing tools are one of the critical tools for advance malware analysis and detection. Today it is imperative to deploy sandbox inside your network if you want to gain visibility into your network traffic, email attachment and web objects.
  • Wants to quickly find answers to who, what, how, where, when, after a security breach (Contextual security): Most of the Advance threat protection tool are context aware, i.e, they maintain stateful analysis of happening inside your network and store it for correlation of events across devices, applications, users, ports and protocols. Contextual security also helps in historical analysis and incidents forensics to understand more about the adversary. This helps you better prepare for any future eventuality.
  • Requires capability to have full forensics details to reconstruct the attacks and avoid future risks: This is about capturing data points to help you aid in investigation post breach. capturing raw network data, keeping meta-data, Malware anatomy, analytics engine and all the right tools and processes that you must have should you want to find out what actually has happened, whats went wrong and how to prevent it in future.
  • You want to detect APT’s in SSL traffics and encrypted archive files: SSL is great for keeping our privacy on the internet, but the same tool is used by hackers nowdays to evade all of our security controls in pace to prevent us from getting attacked. Some ATP tool gives you the ability to look into the outbound & inbound encrypted traffic of your organizations, thereby, preventing anything wanted from getting downloaded into your organization network
  • You want to notify  your security controls regarding advance threats uncovered by your sandboxing tools: Integrating your advance threat protection tools with other security tools such as SIEM, Endpoint security, IAM, NGFW, IPS/IDS can really enhance overall security posture of any organization. ATP tools can reduce noise in SIEM results, can help contain the breach by updating the Endpoint security solution with latest signatures etc.

Do let me know if you want us to add or modify any of the listed key use cases.

Check out the Network Advanced Threat Protection market within FireCompass to get more information on these markets.

Views: 238

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */