In this blog post in our series on UTM 9.2, I’ll explain how the new Advanced Threat Protection (ATP) feature in Sophos UTM protects your organization from targeted attacks with the flick of a switch. We’ll also look at why a multi-layered approach to Advanced Persistent Threats (APT) protection is probably the most effective defense—and why some vendors would rather you didn’t know that.
The lesson of APTs
Some vendors want you to go out and buy a separate new appliance with its amazing threat protection and sandboxing features if you want to avoid becoming the victim of an APT. Also, some vendors more or less tell you that every other technology you thought was protecting you up until now is no good. Not very sound advice, in my opinion.
In our experience, very few small or mid-sized companies have the budget and IT resources to pay for and manage a dedicated ATP appliance, particularly as it doesn’t offer the all-around security they need. So does owning a small-sized business without an ATP appliance automatically mean you will have a security compromise? Definitely not!
The lesson of APTs is that cybercriminals use multi-faceted techniques to find a way into an organization and access the data they want, and we need to take the same approach, defending against their attacks in a multi-layered way. We’d like to think that the crooks are learning from us, but there’s probably something we can learn from them too.
Advanced Threat Protection in UTM Accelerated (9.2)
Advanced Threat Protection in Sophos UTM Accelerated (9.2) is not just a single technology. At its core is a set of diverse traffic analysis mechanisms. These are fed with data from our global network of labs to effectively prevent devices from connecting with command-and-control/botnet host servers outside your network.
In addition, Sophos UTM 9.2 can leverage the data from your intrusion prevention system (IPS)—which you will, of course, have enabled (watch out for our next blog post to find out why)—and your web protection—and consolidate it.
So, your ATP analysis provides you with a single pane of glass—one dashboard, one reporting view. No matter which system reports an incident, you can see information about the source and destination of the traffic, and a description of the threat that links to the SophosLabs Threat Center for full analysis of what has been found and what you need to do to get rid of it.
In addition to that, we’ve introduced cloud-based selective sandboxing to analyze suspicious content. If SophosLabs finds the file to be malicious, they update the threat data—leading to constantly improved protection for the whole Sophos UTM community.
APTs and ATP: Find out what it all means
Everyone’s talking about APTs these days. Not everybody agrees about what they are, and security vendors are sometimes willingly part of the confusion.
If any vendor ever tells you that you don’t need your email protection and antivirus, you should probably show them the door. You still need to ensure you have your “standard” protection in place and kept up to date. That means the technology to protect you from viruses, email spam, web and other malware, phishing attacks, etc. Those are still the most common tools used in the initial stages of a targeted attack.
If you want to find out more about how APTs work and what you can do to protect yourself against them, watch the video below and download our free whitepaper (you will need to register).
Sophos UTM Accelerated (9.2) available now!
Advanced Threat Protection will be included in the Network Protection subscription of your UTM at no extra cost. To activate selective sandboxing, you need the Web Protection module. And if you already have our FullGuard license, then you will just need to upgrade.