How Does ATP Work?
ATP detects malware by using an analysis pipeline when files are sent to the ATP service:
- Cache lookup determines if the file in question is a known bad file.
- Anti-virus scanning runs the file through several anti-virus scanners.
- Static analysis checks the file for suspicious signs such as unusual instructions or structure.
- Dynamic analysis executes the file in a real environment to determine what it does in a secure test bed. Dynamic analysis is the most thorough analysis method used when other methods have flagged a file as suspicious.
The analysis pipelines assign values to each step of the process and combine these values to provide a progressively more accurate verdict. Learn more
Problems Addressed by Advanced Threat Prevention
Malware is malicious software that disrupts network operations and gathers sensitive information on behalf of an unauthorized third party. Targeted malware employs sophisticated methodology and embeds in the target’s infrastructure to carry out undetected malicious activities. Malware attacks have occurred on targets such as: major hotel chains, metropolitan infrastructures, and financial institutions. ATP prevents this specialized, highly targeted malware from causing theft, espionage, and disruption or destruction of network infrastructure and processes.
ATP as anti-malware solution addresses vulnerabilities in today’s networks.
- Point of Sale (POS) malware traverses various systems and searches for any weakness across the lifetime of a transaction. Evidence of widespread malware targeting POS retailers can remain undetected leading to more online fraud.
- Malware targeting the banking sector involves a technique known as DNS cache poisoning that changes DNS settings to direct someone asking for a legitimate banking website to a fake site. DNS cache poisoning is a powerful attack.
- Ransomware is a rapidly growing threat used in extortion schemes. The malware locks systems by encrypting files and demanding ransom to obtain the decryption key and restoring the systems and administrative functions.
Juniper Networks Implementation
Juniper Networks’ solution for preventing advanced and emerging threats is Juniper Advanced Threat Prevention, a cloud-based anti-malware solution coupled with the SRX Series firewall. It provides anti-malware prevention for existing and new SRX Series customers. Juniper ATP includes malware detection and analysis, host analyzer, and command and control feeds. Each component in the solution has a role in detecting, analyzing, and blocking malware and only the SRX Series device has a footprint in the network. All other components act as cloud-based services.