What is advanced threat protection and how can it help your business?

Computer security and IT support is fast moving away from the traditional model of firewall, email scanner and anti-virus software. Constantly managing and updating three or more products can be a major cost and annoyance for smaller companies.

Instead, businesses are turning to advanced threat protection as a single solution. One product, it sits on your network, monitoring all file, data and user activity. It is also linked to threat detection centres around the world, which are alerted the minute that unusual attack patterns start to emerge.

How does advanced threat protection protect my systems?

When an advanced threat protection (ATP) solution detects a threat starting to take hold, as with the recent WannaCry outbreak, it alerts the monitoring software to the fingerprint of the threat. This means it can be neutralised at the network level, preventing the attack from spreading and infecting your office PCs. You might lose one PC in the first attack, but the rest of the network and systems should be protected.

Why are ATPs better than current protections?

While it can take a virus scanner hours or even days to be updated to mitigate a new threat, the ATP understands what is happening in real time and helps prevent damage. Similarly, most firewalls are incapable of dealing with the damage caused by a distributed denial of service (DDoS) attack. The ATP can mitigate the source of the DDoS attack and keep the company’s networks or website up and running through the most serious of attacks.

Office 365 ATP, for example, can scan your email inboxes and detect new threats that the firewall or traditional antivirus would miss. It can stop users clicking on malicious links in web pages, and provide reports on what threats it has detected. Another product, Watchguard, can emulate your hardware and run malware within the safety of a sealed environment to see what it is and what it does, helping classify and identify the threat in safety.

Most importantly, whatever the attack, ATP services can tell your IT investigators what happened, how it happened and who it happened to. These reports can help make sure it doesn’t happen again – such as, if a worker brought in an infected device or memory stick or opened a personal email with an infected attachment, they can receive IT training to stop the problem occurring again in the future.

While ATP is now a premium service, the number of zero-day attacks crippling small businesses will make it essential for everybody. Microsoft and Symantec are already moving to an advanced solution range to help protect all users from the next major attack.