Barracuda Advanced Threat Protection (ATP)
Next-Generation Protection against Advanced Malware, Ransomware, Targeted Attacks, and Zero-Day Threats.
The threat landscape is constantly evolving. Your organization faces zero-hour malware exploits, targeted attacks, and advanced persistent threats that routinely bypass traditional signature based IPS and antivirus engines. You are not alone. These constant threats impact companies across all industries, from small to large organizations with increasing frequency. Barracuda's Advanced Threat Protection enables businesses like yours to go beyond securing and protecting their assets from intrusion and data loss.
Defend Your Network against Advanced Cyber Threats
Barracuda Advanced Threat Protection uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection. The files are forwarded to a cloud-based sandbox environment, where they are executed and thoroughly analyzed to identify suspicious and malicious behavior. This guarantees that even sophisticated pieces of malware, like ransomware such as Locky or Teslacrypt, are no harm to your digital assets.
Instant Threat Visibility with Granular Control
The administrator has full policy control over how PDF documents, Microsoft Office files, EXEs/MSIs/DLLs, Android APKs, compressed files and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined, thereby preventing the malware from spreading within the network or creating encrypted and unwanted communications to the outside.
Detailed File Analysis Report
Customizable, on-demand Analysis Reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, evasion and obfuscation techniques. This also enables network activities such as establishing encrypted connections to Botnet Command and Control Centers for increased security posture to evade scaled Botnet attacks.
Avoid Encrypted Communication Attacks
Files that are delivered to your network by means of SSL encrypted traffic streams can generate a severe threat to your organization by bypassing traditional network security mechanisms. Barracuda Advanced Threat Protection is fully interoperable with the integrated SSL Inspection. This ensures identification and protection from advanced threats when they arrive via encrypted SSL connections.
Benefit of comprehensive Botnet and Spyware Protection
In combination with the Advanced Threat Protection cloud database, all Barracuda Next Gen Firewall F-Series provide protection against botnet infections. The F-Series detects potentially infected clients based on DNS requests. Once an infected client is detected, it can be isolated automatically, and an alert can be created or reported with the (available for free) Barracuda Report Creator.
Flexible, Scalable Deployment Options
Barracuda ensures flexible and simple deployment with your existing network infrastructure—no additional hardware is required since resource-intensive sandboxing is offloaded to the cloud. The Barracuda Advanced Threat Protection subscription is available for all hardware and virtual appliances of the Barracuda NextGen Firewall F-Series as well as for all major public cloud offerings like Microsoft Azure,Amazon Web Services, and Google Cloud.
Why is Antivirus and IPS Not Enough Anymore?
The speed of doing business is steadily increasing. Unfortunately, this also applies to the business of malware and ransomware attacking your organization. Popular branches of cryptographic ransomware like Locky or CryptoLocker get reissued every five to 10 minutes, requiring a new signature. By nature, this is a showstopper for pattern-based defense layers like antivirus and IPS/ IDS. Today, threats spread at a high velocity, and it is not possible to detect a threat, isolate the signature, add the signature to the databases, and make it publicly and continually available within five minutes. By the time the database update is available, the threat has already compromised systems in a network and successfully covered up its traces.
While these signature-based legacy systems are still important as a first line of defense for prefiltering the network traffic, organizations still need an additional security layer to protect against today’s targeted malware.
The Barracuda Difference
Barracuda Advanced Threat Protection (ATP) is a cloud-based sandboxing service that is available in all Barracuda NextGen Firewall Series models, as well as available for all sizes and deployment types. Unlike many other first-generation, advanced persistent threat security vendors, Barracuda's ATP implements full-system emulation and next-generation sandboxing techniques that provide granular visibility into malware behavior.
First, all files are checked against a constantly updated and worldwide synchronized hash database of already emulated files. If the file is not known, it is uploaded and emulated in a virtual sandbox where all malicious behavior is revealed. While traditional breach detection solutions detect network threats only after they have entered the network and after sending log notifications to the administrator, ATP on Barracuda's NextGen Firewalls stops not yet known advanced persistent threats and ransomware before it enters the network.
Additionally, Advanced Threat Protection is also available on the Barracuda Email Security Gateway, Barracuda Essentials for Office 365, and Barracuda Essentials for Email Security – processing more than 20 million requests per day. This results in one of the world’s most comprehensive databases of known bad IP addresses, “spyware domains," and command and control servers used by botnets.
Provides the Flexibility an Organization Needs
Administrators have to deal with more than just one file type and/or protocol. Barracuda Advanced Threat Protection gives NextGen Firewall administrators the flexibility they need to ensure the highest quality of service possible.
Create ATP policies per file type, whether it's an Office file, Android APKs, Executables, etc. Even the protocol where the file entered your network can be taken into consideration. Therefore, a policy may force PDF files received via spam mail to be rigorously handled than PDF files coming from a well-known, good website.
Define (per file type/protocol) how the files are delivered. ATP offers a fast mode, where the file is simultaneously delivered to the emulation service and the requesting system, thereby minimizing delivery delay. As soon as the file is scanned and malicious file activity has been identified, a log event is created and the administrator can contact the user to remediate the threat. Since the malware has been downloaded to the corporate network already, preventing the malware from spreading and causing further damage is key. Barracuda NextGen Firewalls can be configured to automatically quarantine user/IP/machine combinations for these cases, blocking further network activities. If the file is recognized as benign, the quarantine status is set back and the system is granted all connectivity again.
ATP's second mode of delivery inherits more security, but also includes a slight delay in delivery. This delay depends on if the file is already known to the ATP database. Depending on the file type such a delay in delivery may range from only a couple of seconds up to a minute.
At A Glance:
- Dynamic, on-demand analysis of malware programs (sandboxing)
- Prevent malicious files—even unknown ones—from entering the organization and avoid network breaches
- Identify zero-day malware exploits, ransomware, targeted attacks, advanced persistent threats and other advanced malware, which routinely bypasses traditional signature based IPS and anti-virus engines
- Detailed forensics for both malware binaries and web threats (exploits)
- High resolution malware analysis (monitoring execution from the inside)
- Granular control over PDFs, EXEs/MSIs/DLLs, Android APKs, Microsoft Office files, Open Office files, macOS executables, and compressed files and archives
- Blocking of active content in Office and PDF documents
- Full interoperability with the integrated SSL Inspection - files can be extracted and checked in order to detect advanced malware in the encrypted stream
- Cloud-based emulation – resource intensive file emulation is offloaded to the Barracuda Advanced Threat Protection cloud
- Fast response times provided by synchronized cryptographic hash database for emulation shared across the Advanced Threat Protection cloud
- Multiple and simultaneous OS environments for emulated files (Windows, macOS, etc.)
- Temporary blocking of web and mail traffic during analysis
- Optional “deliver first then scan” policy with automatic quarantine function
- Stops spyware and botnet infected machines phoning home via DNS sinkhole technology
- Automatic quarantining and reporting on potentially infected machines in the network
- Scheduled reporting on potentially infected machines via Report Creator (includes automated distribution of the reports)
- Available for hardware and virtual appliances, as well as for Microsoft Azure, Amazon AWS, and Google Cloud Platform.
The Barracuda Advantage
- Flexible and simple deployment: Easy to deploy, easy to use, and affordable Advanced Persistent Threat Protection.
- No new equipment needed.
- Full system emulation: Not only detects targeted and persistent attacks, but also malware that was designed to evade detection by traditional sandboxes used by firstgeneration advanced persistent threat security vendors.
- Automatic user and IP blacklisting: Based on identified malware activities, infected users can be automatically blocked from the corporate network.
- On-demand and scheduled reporting for infected machines.
- Customizable, on-demand analysis reports: Available for any emulated file providing full information on malicious activities such as registry entries, network activity (e.g., botnet command and control center traffic), or obfuscation tactics.
- Unrivaled detection speed: Provides nearly instant threat visibility and protection.
- Information on identified malware: It’s centrally stored and shared in order to optimize emulation.
- The Barracuda Advanced Threat Protection is available as an affordable add-on subscription on top and requiring an existing Malware Protection or Web Security subscription.
- Barracuda ATP and malware protection are available as an affordable bundle subscription
- Barracuda ATP for all NextGen Firewalls F-Series hardware models and X-Series.
- Barracuda ATP is available for all virtual appliances VF25 or higher.
- Barracuda ATP is available for Microsoft Azure, Amazon AWS, Google Cloud Platform and vCloud Air public cloud offerings.
Unfortunately, malicious files can also sneak their way into the network through thumbdrives or not-so-strict BYOD policies. Barracuda NextGen Firewalls act as the linchpin for an organization's network traffic, and (by using ATP) are aware of domains/IP addresses known to spread malware, ransomware that cause botnet infections. So by detecting network traffic from inside the network to botnet and spyware control servers, data theft is stopped before the actual connections are created. Additionally, administrators are notified accordingly to take care of the compromised system.
On-demand query for infected machines
Auditing and reporting is a key task in modern IT departments. To make this effort as smooth as possible, Barracuda NextGen Firewall deployments can make use of the Barracuda Report Creator. This reporting tool is windows executable, and is free for download at https://dlportal. barracudanetworks.com. Create on-demand and/ or scheduled reports on a selection of or on the complete NextGen Firewall deployment, or just on compromised users, systems, IP addresses. It is up to you. The reports are sent in PDF format to a customizable set of email addresses.
Example for a report
Every now and then administrators come across files where they are unsure of its status. For such files, the configuration tool for Barracuda NextGen Firewall, the NextGen Admin, allows to manually upload files to the ATP cloud and, thereby, benefiting of the same deep inspection. Alternatively, files can also be uploaded for inspection manually via the web interface provided by Barracuda Central.
Example for an analysis report