Coming October 25: PeerSpot Awards will be announced! Learn more

Top 8 ATP (Advanced Threat Protection)

Palo Alto Networks WildFireMorphisec Breach Prevention PlatformMicrosoft Defender for Office 365Palo Alto Networks VM-SeriesIRONSCALESCheck Point SandBlast NetworkRSA NetWitness Logs and Packets (RSA SIEM)FireEye Network Security
  1. leader badge
    We have found that Palo Alto Networks WildFire is scalable. We currently have six thousand users for the product.The analysis is very fast.
  2. leader badge
    The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do.
  3. Buyer's Guide
    ATP (Advanced Threat Protection)
    September 2022
    Find out what your peers are saying about Palo Alto Networks, Morphisec, Microsoft and others in ATP (Advanced Threat Protection). Updated: September 2022.
    632,611 professionals have used our research since 2012.
  4. leader badge
    I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender.
  5. leader badge
    The most valuable feature is the CLI.Palo Alto’s Panorama centralized management system simplifies our security posture based on our requirements. Instead of manually pulling logs, then generating them into readable formats, it gives us the console in a readable format to view.
  6. leader badge
    The biggest benefit is that we get fewer phishing and spam emails, so using IRONSCALES has made our environment much safer. Their anti-phishing platform is absolutely fantastic. The automated AI piece is amazing, and their technical support is fantastic.
  7. Very few false positives are detected, which gives the confidence to raise flags when needed, ensuring the IT department is aware of threats and acting fast.
  8. report
    Use our free recommendation engine to learn which ATP (Advanced Threat Protection) solutions are best for your needs.
    632,611 professionals have used our research since 2012.
  9. The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language.
  10. The solution can scale. The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design.

Advice From The Community

Read answers to top ATP (Advanced Threat Protection) questions. 632,611 professionals have gotten help from our community of experts.
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Aug 10 2022

What steps should businesses take to assess and improve their security posture? What tools would you recommend for this purpose?

Norman Freitag - PeerSpot reviewer
Norman FreitagAwareness Awareness and Awareness, the Problem is the Head. True story, issues… more »
11 Answers
Rony_Sklar - PeerSpot reviewer
Rony_Sklar
PeerSpot (formerly IT Central Station)
Hi peers, What is the difference between a compromise assessment and threat hunting?  How do each contribute to Endpoint Protection?
Read More »
Geoffrey Poer - PeerSpot reviewer
Geoffrey PoerA Compromise Assessment (CA) is an active and generally scheduled engagement… more »
5 Answers

ATP (Advanced Threat Protection) Articles

Alex Vakulov - PeerSpot reviewer
Alex Vakulov
Editor at a tech company with 11-50 employees
Small and big organizations often face targeted attacks. APT groups improve the quality of their operations, causing more serious damage. Timely detection and response, training of personnel, advanced training of information security department employees help reduce the risks associated with ...
Read More »

ATP (Advanced Threat Protection) Topics

What does advanced threat protection do?

Advanced threat protection tools monitor, detect, and analyze suspicious network traffic. They often use tactics like hardware emulation and machine learning models. The goal of ATP solutions is to identify threats before they can do damage and to respond quickly if there is a breach.

The solution works in three areas:

  • Stopping attacks in progress.
  • Disrupting an attack in progress.
  • Stopping the lifecycle of an attack.

To achieve these goals, ATP solutions need to offer these basic capabilities:

  • Provide real-time visibility.
  • Provide context.
  • Enhance data awareness.
Why use advanced threat protection tools?

Typical security tools, like antivirus software and firewalls, rely on matching the signatures of known malware and blacklisting known threat sources. But these measures are not completely effective in stopping advanced persistent threats. These days, attackers use a variety of attack vectors and methods that can bypass traditional protection.

The cyber threat landscape has changed drastically in recent years. Most companies were faced with a sudden need to move to the cloud and manage remote workforces. This moved the perimeter to protect to the endpoints, which became the first line of defense for cybersecurity programs. It means endpoints require advanced security solutions to protect them.

ATP solutions provide this level of protection. They combine several next-generation security technologies to identify attacks early in their life cycles, which can actually break the attack chain and prevent further similar threats.

Benefits of Advanced Threat Protection Tools

Advanced threat protection can be delivered in the form of software solutions or services. As attacks continue to be more complex and stealthy, ATP solutions offer a proactive approach to security. They allow the detection, identification, and elimination of advanced threats before an attack can cause damage.

Some of the benefits of advanced threat protection tools include:

  • Quick detection and response: Provides proactive analysis, which enables the detection and stopping of attacks as soon as possible. Most ATP solutions have automated response features, which give security teams time to investigate while the system responds to the alert.
  • Centralized event information: The best ATP solutions will provide a centralized dashboard. This provides security analysts with the visibility they need over suspicious events. It usually also includes data aggregation and analysis, which helps provide context to events and reduce false positives.
  • Prioritization and planning: ATP solutions can provide recommendations about how to respond to specific threats. This gives insights to security teams and helps them decide the most effective response.
  • Proactive protection with behavior analysis: A key part of ATP tools is the machine learning behavioral analysis feature. This enables them to differentiate suspicious from normal system behaviors.

Advanced threat protection solutions are focused on providing real-time response. These solutions cover the entire lifecycle of an attack, expanding the opportunities for detection. A faster response to alerts enables the minimization of any damage caused by the attacker.

ATP services add to these benefits by involving a community of security professionals that can monitor, track, and share information about known and unknown threats. ATP service vendors usually have access to threat intelligence networks, which enhances the capabilities of the ATP tools.

Advanced Threat Detection Strategies

When applying an ATD tool, there are best practices that can ensure you make me most of your software:

  • Set the solution so it creates a baseline of what is benign software behavior for your organization. You can achieve this by creating a solid behavioral database.
  • Create and use a broad repository. The system compares a potential threat against the normal baseline.
  • Include data both from threats and from benign activity.
  • Implement continuous data collection and analysis. Since ATP tools are based on machine learning techniques, the more data you collect, the more effective your solution is.
Features of Advanced Threat Protection Tools

Among the goals of an advanced threat protection tool is to detect potential threats early and with the most effective response. ATP solutions are designed to identify and detect attacks like zero-day exploits and malware from sophisticated threat actors. There are several offerings of ATPs, each with different combinations of functionalities. However, there are key features common to the best vendors:

File analytics: Malware is still prevalent, threatening organizations’ endpoints, like remote and mobile devices. Endpoint security requires analyzing all incoming files and deciding if they contain malicious packages before they can be executed on the endpoint.

Prevention and detection: Since no solution is 100% perfect, some attacks may slip past protection barriers. To prevent this from happening, ATP solutions include rapid threat detection and response.

Rich threat intelligence: Cyber threats are constantly evolving, and accessing the right information could mean opening the door for attackers to exploit. Robust cyber threat intelligence gives analysts information on the latest cyberattack campaigns.

Attack surface management: Modern distributed organizations have expanded their attack surface, providing attackers with a lot of opportunities to carry attacks on endpoints. ATP solutions combine an array of techniques to protect an organization, including sandboxing, file analysis, application control, and more.

Buyer's Guide
ATP (Advanced Threat Protection)
September 2022
Find out what your peers are saying about Palo Alto Networks, Morphisec, Microsoft and others in ATP (Advanced Threat Protection). Updated: September 2022.
632,611 professionals have used our research since 2012.