Barracuda Advanced Threat Protection (ATP) was recently reviewed by SC Labs. The service received 5 stars for features, documentation, performance, support, and ease of use. You can read the Barracuda ATP review here, and the group summary here.
Barracuda ATP is a multi-layered service that we add to our security platforms. These layers combine behavioral, heuristic, and sandboxing technologies to protect against zero-hour and targeted attacks. Email attachments are automatically scanned in real time, and suspicious attachments are executed in a secure sandbox environment. This allows us to observe behavior and determine the threat level of the file. In addition to blocking malicious attachments, Barracuda ATP integrates new findings into Barracuda’s real-time threat intelligence system, extending protection to all customers.
Here's how these layers break down:
- Multi-Opinioned Anti-Virus Engine: Open-source virus definitions, Real-Time Protection from threat activity reports, and proprietary virus definitions gathered and maintained through Barracuda Central.
- Static Analysis: Machine learning via highly diverse global threat data from 50 million+ endpoints, plus the use of Vector Machine algorithm for fast and accurate verdicts on the data.
- Dynamic Analysis: Separate and secure cloud environment and full-system emulated sandbox allow analysis and detonation of threats designed to evade detection. This analysis is designed to analyze attachments and files for advanced malware, zero-hour exploits, and targeted attacks not detected by layers 1 or 2.
This is how Barracuda ATP is able to protect customers from known and unknown threats. This multi-layered approach is critical to keeping customers safe from ransomware and other dangerous threats. For example, in March 2016, eight variants of Locky appeared across the Internet. Locky was a new ransomware, but well-prepared to go up against enterprise-level defenses. Locky was also very aggressive and widely spread, reaching millions of potential victims in a very short period of time. Of these eight variants, Barracuda's Static Analysis Layer (above) identified and blocked seven in less than one second. The remaining variant was blocked by layer 3, Dynamic Analysis, within minutes.
One of the reasons that Barracuda ATP is so effective is that it is implemented as a microservice. This makes it fast and efficient and offers unprecedented scalability and flexibility. Because it's implemented in the cloud, all of the computing takes place before the threat reaches the customer's infrastructure. When new attacks occur against networks, web gateways, web applications, or email systems, that information is absorbed in real time and shared across Barracuda’s products and user base.Barracuda Advanced Threat Protection is a collection of very specialized tools, tightly coupled to perform a number of tasks, important among them, managing ransomware. Click To Tweet
SC Magazine product reviews are conducted by SC Lab staff and external experts. Barracuda ATP was evaluated as part of a group test around a common theme and group of standards. You can read the full review here.