What is Advanced Threat Protection (ATP)?
A DEFINITION OF ADVANCED THREAT PROTECTION
Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data.
Advanced threat protection solutions can be available as software or as managed services. ATP solutions can differ in approaches and components, but must include some combination of endpoint agents, network devices, email gateways, malware protection systems, and a centralized management console to correlate alerts and manage defenses.
HOW ADVANCED THREAT PROTECTION WORKS
There are three primary goals of advanced threat protection: early detection (detecting potential threats before they have the opportunity to access critical data or breach systems), adequate protection (the ability to defend against detected threats swiftly), and response (the ability to mitigate threats and respond to security incidents). To achieve these goals, advanced threat protection services and solutions must offer several components and functions for comprehensive ATP:
- Real-time visibility – Without continuous monitoring and real-time visibility, threats are often detected too late. When damage is already done, response can be tremendously costly in terms of both resource utilization and reputation damage.
- Context – For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and organize response.
- Data awareness – It’s impossible to determine threats truly capable of causing harm without first having a deep understanding of enterprise data, its sensitivity, value, and other factors that contribute to the formulation of an appropriate response.
When a threat is detected, further analysis may be required. Security services offering ATP typically handle threat analysis, enabling enterprises to conduct business as usual while continuous monitoring, threat analysis, and response occurs behind the scenes. Threats are typically prioritized by potential damage and the classification or sensitivity of the data at risk. Advanced threat protection should address three key areas:
- Halting attacks in progress or mitigating threats before they breach systems
- Disrupting activity in progress or countering actions that have already occurred as a result of a breach
- Interrupting the lifecycle of the attack to ensure that the threat is unable to progress or proceed
