Sky Advanced Threat Prevention

Advanced malware protection from the cloud.

Sky Advanced Threat Prevention, a cloud-based service that is integrated with Juniper SRX Series firewalls, delivers a dynamic anti-malware solution that adapts to an ever-changing threat landscape.

    Product Media Viewer
    Sky Advanced Threat Prevention

    Overview

    As malware attacks evolve and grow more insidious, conventional anti-malware products have difficulty defending against them. Sky Advanced Threat Prevention keeps the network free of sophisticated zero-day attacks and other unknown threats by delivering superior cloud-based protection, scanning ingress and egress traffic for malware and indicators of compromise.

    Sky Advanced Threat Prevention employs a pipeline of technologies in the cloud to identify varying levels of risks, providing a higher degree of accuracy in threat prevention. It integrates with Juniper SRX Series Services Gateways to deliver deep inspection, inline malware blocking, and actionable reporting.

    Sky Advanced Threat Prevention’s identification technology uses a variety of techniques to quickly identify a threat and prevent an impending attack. These methods include:

    • Rapid cache lookups to identify known files.

    • Dynamic analysis that involves unique deception techniques applied in a sandbox to trick malware into activating and self-identifying.

    Additionally, machine-learning algorithms enable Sky Advanced Threat Prevention to adapt to and identify new malware in an ever-changing threat landscape.

    Read more

    Features

    • Extracts compromised files and sends them to the cloud for deep inspection and analysis. A pipeline of technologies analyzes the content, with approaches ranging from rapid identification of known threats to deep-level file analysis that looks for particularly evasive malware.
    • Instantly identifies and communicates detected malware to SRX Series firewalls to block attacks.
    • Isolates sophisticated malware and sends it to a sandbox for deeper analysis and to observe its behavior during file execution in a controlled environment, using dynamic analysis and detonation.
    • Provides a Web-based service portal for performing management tasks such as product licensing, configuration, and detailed reporting.
    • Offers a rich set of reporting and analytics tools, giving network administrators improved visibility into threats that enter their networks and hosts that might be compromised.
    • Works with Spotlight Secure Threat Intelligence service to cascade compromised host information to SRX Series firewalls for immediate action, as specified by the network administrator.
    • Provides a list of known Command and Control (C&C) servers to the SRX Series firewalls, allowing network staff to prevent compromised internal systems from communicating with these devices.
    • Receives alerts from SRX Series firewalls when internal hosts attempt to communicate with infected servers, giving organizations a wealth of data on various indicators of compromise within their network.
    • Includes an analytics capability that lets administrators and security staff analyze and correlate data, identifying compromised systems and feeding the information to SRX Series firewalls to quarantine compromised systems.