An Advanced Persistent Threat (APT) attack is a type of network attack that uses advanced malware and zeroday exploits to get access to networks and confidential data over extended periods of time. APT attacks are highly sophisticated and often target specific, highprofile institutions, such as government or financialsector companies. Use of this advanced malware has also expanded to target smaller networks and lowerprofile organizations. Because APT attacks use the latest targeted malware techniques and zeroday exploits (flaws that software vendors have not yet discovered or fixed) to infect and spread within a network, traditional signaturebased scan techniques do not provide adequate protection against these threats. APT malware is designed to reside within a network for an extended period of time. The communication from the malware is hidden, and all evidence of the presence of the malware is removed, which allows it to evade detection. APT Blocker is a subscription service that uses fullsystem emulation analysis to identify the characteristics and behavior of APT malware in files and email attachments that enter your network. APT Blocker does not use signatures like other traditional scanners, such as antivirus programs. Files that enter your network are scanned and an MD5 hash of the file is generated. This MD5 hash is submitted to the APT Blocker cloudbased data center over HTTPS. APT Blocker compares the file to a database of analyzed files and immediately returns the scan results. If the analysis finds a match to a known malware threat, you can take immediate action on the file, such as to block, drop, or quarantine the file. Results of the file analysis are stored in a local cache so that if that same file is processed again, the results are known immediately without the need to send the MD5 hash of the file to the data center again.
Brand
- WatchGuard