Advanced Threat Detection in the Barracuda NG Firewall

Print Friendly, PDF & Email

Have you read about Kevin Mitnick’s Zero-Day Exploit “marketplace” lately? Or the healthcare.gov hack? You should. Zero-day exploits and advanced persistent threats are getting bigger every day.

So what is a zero-day exploit, exactly? A zero-day exploit takes advantage of vulnerabilities of, e.g., an operating system or an application that was discovered on the very same day (“Zero day”) or very recently. As a matter of fact, fixing a vulnerability takes time, allowing potential attackers to benefit from the timeframe between recognition and solving. So, having AV and IPS in place is still a must-have but an organization will have to add another security layer to ensure that such exploits or advanced persistent threats do not cause severe security breaches.

The Barracuda NG Firewall version 6.0 introduces our new Barracuda Advanced Threat Detection, which aims to identify and prevent zero-day attacks and advanced persistent threats.

Barracuda Advanced Threat Detection is part of our layered security approach, as it sits on top of the virus protection and intrusion prevention layers inherent in the Barracuda NG Firewall. As soon as a user requests a file download on a website, the file is routed through the AV and the IPS engine and– if both, AV and IPS, tag the file with “OK” – then it goes into the cloud-based Advanced Threat Detection virtual sandbox where the file is executed and undergoes in-depth verification, taking advantage of full emulation of various OS’ (e.g., MacOS X, Windows, etc.).

Besides the “standard procedure” which means that a file is held back until the Advanced Threat Detection results state that the file is a not malicious one, the Barracuda NG Firewall also offers an “advanced procedure” where the file is delivered into the Advanced Threat Detection engine and to the end user at the same time. This procedure automatically moves the requesting user/IP/machine into quarantine until the Advanced Threat Detection engine states the file as “not malicious.” If a file is tagged as malicious, the recipient is kept in quarantine for further administrative actions.

Barracuda Advanced Threat Detection checks files for malicious activities, file behavior, sys-reg entries, evasion and obfuscation techniques, as well as network activities like establishing encrypted connections to botnet command and control centers. And of course, all results can be requested to be sent to the administrator in customizable, on-demand Reports.

Barracuda Advanced Threat Detection is available on Barracuda NG Firewall physical appliances, virtual appliances, and public cloud editions for Microsoft Azure and Amazon Web Services.

You can try out the Barracuda ATD upload too here – http://www.barracudacentral.org/atd

If you'd like to try the Barracuda NG Firewall version 6.0, click here to order a risk-free 30-day evaluation.

Scroll to top
Tweet
Share
Share