Have you read about Kevin Mitnick’s Zero-Day Exploit “marketplace” lately? Or the healthcare.gov hack? You should. Zero-day exploits and advanced persistent threats are getting bigger every day.
So what is a zero-day exploit, exactly? A zero-day exploit takes advantage of vulnerabilities of, e.g., an operating system or an application that was discovered on the very same day (“Zero day”) or very recently. As a matter of fact, fixing a vulnerability takes time, allowing potential attackers to benefit from the timeframe between recognition and solving. So, having AV and IPS in place is still a must-have but an organization will have to add another security layer to ensure that such exploits or advanced persistent threats do not cause severe security breaches.
Besides the “standard procedure” which means that a file is held back until the Advanced Threat Detection results state that the file is a not malicious one, the Barracuda NG Firewall also offers an “advanced procedure” where the file is delivered into the Advanced Threat Detection engine and to the end user at the same time. This procedure automatically moves the requesting user/IP/machine into quarantine until the Advanced Threat Detection engine states the file as “not malicious.” If a file is tagged as malicious, the recipient is kept in quarantine for further administrative actions.
Barracuda Advanced Threat Detection checks files for malicious activities, file behavior, sys-reg entries, evasion and obfuscation techniques, as well as network activities like establishing encrypted connections to botnet command and control centers. And of course, all results can be requested to be sent to the administrator in customizable, on-demand Reports.
Barracuda Advanced Threat Detection is available on Barracuda NG Firewall physical appliances, virtual appliances, and public cloud editions for Microsoft Azure and Amazon Web Services.
You can try out the Barracuda ATD upload too here – http://www.barracudacentral.org/atd
If you'd like to try the Barracuda NG Firewall version 6.0, click here to order a risk-free 30-day evaluation.