Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Sky ATP Overview

    Sky ATP is a cloud-based solution that integrates with Policy Enforcer. Cloud environments are flexible and scalable, and a shared environment ensures that everyone benefits from new threat intelligence in near real-time. Your sensitive data is secured even though it is in a cloud shared environment. Security administrators can update their defenses when new attack techniques are discovered and distribute the threat intelligence with very little delay.

    Sky ATP offers the following features:

    • Communicates with firewalls and switches to simplify threat prevention policy deployment and enhance the anti-threat capabilities across the network.
    • Delivers protection against “zero-day” threats using a combination of tools to provide robust coverage against sophisticated, evasive threats.
    • Checks inbound and outbound traffic with policy enhancements that allow users to stop malware, quarantine infected systems, prevent data exfiltration, and disrupt lateral movement.
    • Provides deep inspection, actionable reporting, and inline malware blocking.
    • Provides feeds for GeoIP, C&C, whitelist and blacklist, infection hosts, custom configured feeds and file submission.

    Figure 1 lists the Sky ATP components.

    Figure 1: Sky ATP Components

    Sky ATP Components

    Table 1 briefly describes each Sky ATP component’s operation.

    Table 1: Sky ATP Components



    Command and control (C&C) cloud feeds

    C&C feeds are essentially a list of servers that are known command and control for botnets. The list also includes servers that are known sources for malware downloads. See Command and Control Servers Overview.

    GeoIP cloud feeds

    GeoIP feeds is an up-to-date mapping of IP addresses to geographical regions. This gives you the ability to filter traffic to and from specific geographies in the world.

    Infected host cloud feeds

    Infected hosts indicate local devices that are potentially compromised because they appear to be part of a C&C network or other exhibit other symptoms. See Infected Hosts Overview.

    Custom Feeds

    Lists you customize by adding IP addresses, domains, and URLs to your own lists. See Custom Feed Sources Overview.

    Whitelists and blacklists

    A whitelist is simply a list of known IP addresses that you trust and a blacklist is a list that you do not trust. See Creating Whitelists and Blacklists.

    Malware inspection pipeline

    Performs malware analysis and threat detection.

    Internal compromise detection

    Inspects files, metadata, and other information.

    Modified: 2017-09-12