Anti-spyware Tutorials Internet Internet & Network Security Windows

Advanced Threat Protection Security Solutions Review

With continued advanced threats becoming widespread in the malware world, Signature-based threat identification is no longer sufficiently effective in the ever-increasing threat environment and does not provide the security needed. Signature-based authentication relies on updates provided by product companies on their platforms. Unfortunately, many threats today are targeted or specifically designed to infiltrate a particular organization. Often these threats are used only once, and then they are repackaged and manipulated to prevent detection.

In spite of threats detection and intrusion prevention techniques, Advanced Threat Protection systems or ATPs briefly block and eliminate suspicious items prior to logging in, ensuring that the traffic being reviewed is safe for Endpoint. Also, ATP systems can even prevent threats they haven’t seen before, including Zero-Day attacks. Since ATP systems are highly effective in preventing malware, a greater number of these systems are being implemented to achieve a high share of Ingress and Egress traffic. This growing implementation identifies three areas that can be improved by extending the performance of ATP systems: SSL Assistance, High Availability Solutions or HA, and Traffic Steering.

In today’s technology and security era, the use of SSL is expanding. Cryptographic protocols have become more complex with longer keys, while malicious payloads are encrypted with SSL . These trends not only indicate the need for SSL review, but also place burdens on ATP systems that are getting heavier day by day. As a result, a solution is needed to make the SSL processing process offloaded and ATP systems slightly free and able to focus specifically on identifying malicious objects.

Like other computing devices, ATP systems can also crash and sometimes block traffic. Critical sites should enable High Availability in the event of a sensor failure. Along the way, scalability facilitates growth and flexibility. Ideally, a solution should split the load intelligently across multiple ATP systems to keep the site accessible in the event of a sensor or overload failure. Additionally, this configuration allows administrators to add or remove sensors without compromising site availability. This flexibility ensures the ability to be scalable without disturbance.

Ideally, a network can intelligently detect and direct traffic either through ATP systems or the systems around them. This same traffic redirection should prevent SSL decryption on sensitive sites such as online banking websites.

Comprehensive ATP solution

A comprehensive ATP solution that displays both inbound and outbound traffic.

The figure above shows a comprehensive solution that utilizes all the capabilities of an ATP system while providing flexible scalability. A network operations team can engineer a solution that offers SSL Visibility , high availability, and traffic guidance using Application Delivery Controller technology or, shortly, ADC .

This figure shows an ADC pair that, like the sandwich bread, encompasses both sides of the pool of ATP machines. ADC near the border (left) performs the following activities:

  1. Decrypt incoming SSL traffic for transfer to ATP Pool
  2. SSL traffic encryption for outbound ATP Pool traffic
  3. Apply Load Balancing to the ATP Pool to provide high availability
  4. Activate a Pool Bypass when all members are Down.
  5. Direct traffic correctly around the ATP Pool without decoding it, thereby reducing the load on ATP devices

ADC within the ATP Pool (right) also performs similar activities:

  1. Decrypt outgoing SSL traffic for transfer to ATP Pool
  2. Encrypt incoming SSL traffic that was rejected by the ATP Pool
  3. Apply load adjustment to the ATP Pool to provide high availability
  4. Activate a Hairpin when all members are Down by Pool from Down
  5. Direct traffic correctly around the ATP Pool without decoding it, thereby reducing the load on ATP devices

This architecture allows ATPs to operate at full capacity without disrupting traffic. Key management is centralized on the external ADC site, freeing the ATP Pool from any SSL functionality while enjoying full visibility into traffic. Traffic guidance allows inattentive traffic (such as VDI) to bypass the ATP Pool, thus increasing the effective pool capacity. Hairpin allows traffic to continue to flow even if Slowdown or all ATP sensors crash. This architecture protects traffic to the best while removing all bottlenecks.

The ATP tool is at the heart of comprehensive security solutions. As the first company on the Cybersecurity 500 Index released in 2015, the FireEye tool provides users with Advanced Threat Protection to detect and contain malware even if the vulnerabilities have not been detected before. The company’s ATPs stop Zero-Day attacks before Signature-based systems are even aware of an attack. Sites also rely on FireEye to prevent threats in real-time.

To improve FireEye’s tools, the F5 BIG-IP ADCs help websites stay accessible by enabling HA and SSL Offload by proxy, smart traffic guidance and common load balancing.

The combination of FireEye and F5 services gives companies the best kind of Threat Protection and gives them the critical accessibility of the applications they need.

The breathtaking security challenges of today require Advanced Threat Protection and its capabilities to ensure applications are accessible. FireEye and F5 have worked together to develop solutions that utilize the most effective technology, intelligence and expertise to detect and contain malicious activity. The two companies’ solutions allow organizations with SSL Visibility to detect hidden threats, apply Advanced Threat Protection with greater scalability, and improve operational efficiency with the benefit of enhanced architecture.

Sabir Hussain
About Sabir Hussain This website is maintained by Sabir Hussain. Sabir is as an Independent consultant, professional blogger site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers. Connect on: Google + or Feel free to network via Twitter.@LeveSpace