Advanced Persistent Threat (APT) is a specialized attack that uses stealth methods to gain unauthorized access to network data. Because of its sophisticated nature of attack, an ATP breach persists quietly until it gets past the security barriers and can stay undetected in the network for a prolonged time.
The intent of cybercriminals who employ advanced persistent threat as a means of attack is usually to steal or monitor sensitive business and political data rather than inflict immediate damage to the targeted network.
How Does an Advanced Persistent Threat Breach Enterprise Data?
An APT attack is often carried out with a specific mission such as stealing high-value data, monitoring business intelligence information, and siphoning off money without a trace. A successful advanced persistent threat search for possible gateways to enter a network and slowly progress their way to the desired data.
ATPs are built to overcome security walls through approaches that can defeat a network's security walls.
Comodo Advanced Threat Prevention
Comodo Advanced Threat Prevention is built to combat Advanced Persistent Threat. In other words, ATP is designed to counter APT – Comodo's answer to fight fire with fire.
Comodo Advanced Threat Protection (ATP) guards your network against APTs, data breaches, hacking attempts, known and unknown zero-hour malwares. ATP uses a sophisticated combination of Comodo's cloud and local virus scanning techniques to intercept files downloaded from websites or as email attachments. Additionally, the scan executes a real-time behavior analysis, automatic file look-up and multiple blacklist checks to identify known and unknown threats – quickly and accurately.
How Does the ATP Work?
The ATP features work in parts to achieve a holistic goal of securing your network against the looming threat of APT attacks.
- The cloud-based file look-up service carries out a file reputation task by checking a file's signature against a database of latest threat definitions.
- Comodo's touted antivirus capability automatically updates itself to index the latest virus definitions and alerts the admins if it identifies known malicious files in your network.
- The blacklist checking features performs a continuous, real-time audit of all domains, URLs and IP addresses accessed by your network users to see if they are flagged as malicious by blacklisting services.
- Comodo Automated Malware Analysis (CAMAS), a cloud-based behavior analysis feature, rigorously tests the run-time actions of unknown files and improves detection of zero-day threats.
Comodo Advanced Threat Prevention creates whitelist and blacklist of domains based on risk analysis and offers unparalleled flexibility to network admins who can manually add or remove domains from these lists.
With the help of easy ATP interface, admins can create and manage profiles to be applied for web protection and email protection in Firewall Policy rules, or configure them to license endpoint security software and Comodo Antivirus.