Whether as old-fashioned virus attachments in email, trojans delivered through network attacks, or modern ransomware forced through drive-by download web attacks, malware has long been the bane of IT organizations.
Survive the Epidemic of Advanced Evasive Malware
So what is advanced malware and how does it work?
As the name suggests, malware is software designed to infect a computer to perform a variety of malicious actions. After exploiting technical or human vulnerabilities in your environment, an attacker will deliver malware to compromise your users’ computers for the purpose of stealing or denying access to information and systems. Antivirus (AV) solutions were introduced to combat known malware files by identifying them using distinct patterns we call signatures. While these solutions are still useful for quickly preventing a certain threshold of basic malware, they’re insufficient at detecting the more common evasive and advanced malware samples seen today, as they rely on human or automated systems to find, analyze, and update a database of malware signatures.
What’s more, modern malware is more adaptive than ever and able to change the way it looks to evade signature-based detection. Using methods the criminals call “packing and crypting,” attackers can repeatedly change a malware file on a binary level, making it look different to antivirus software. Even though the malicious executable still does the exact same thing, it looks like a new file, resulting in AV products missing a piece of malware that they previously knew about. With hundreds of millions of new malware variants discovered each year, signature-based antivirus simply cannot keep up.
How can you defend against advanced malware?
The ever-evolving nature of malware necessitates a new approach to prevention. Advanced malware detection solutions that can identify new malware as early as possible, like Threat Detection and Response (TDR) and APT Blocker from WatchGuard, are essential to defending your organizations against these threats. Both solutions are designed to identify unknown and evasive malware by looking at how the malware behaves, instead of relying on a database of known malware signatures. APT Blocker emulates a host computer in a next-generation sandbox to proactively catch new malware variants. Using a lightweight Host Sensor, TDR provides visibility into potentially malicious behaviors occurring on an endpoint and correlates this information with event data from the network to deliver a comprehensive threat score to guide remediation. What happens when a threat is scored as suspicious? Now, thanks to a tight integration with TDR, you can triage threats buy sending suspicious files directly from the Host Sensor to APT Blocker for deep analysis and re-scoring.
How to Prevent Advanced Malware
Organizations of all sizes have been plagued by sophisticated attacks that evade traditional signature-based defenses, resulting in the loss of personal information, millions of dollars, and permanent reputation damage. WatchGuard APT Blocker puts a stop to these fast moving and persistent threats by using a next-generation cloud sandbox that simulates physical hardware, exposing malware designed to evade traditional network security defenses.
Key Features
- ScansProvides advanced protection against ransomware, zero-day threats, and evolving malware
- Deploy in seconds as part of an integrated security solution
- Thoroughly analyzes a wide range of executables and documents, including office file types
- Delivers Instant threat response with automated alerts
- Seamless integration with WatchGuard Dimension for complete visibility
- Average analysis time of less than two minutes
Combat Evolving Threats
As threats continue to evolve and become more complex, there is not one technology that can provide complete threat protection on its own. That’s why at WatchGuard, we take a layered approach to network security, continually staying ahead of the evolving threat landscape with a suite of powerful security services. Signature-based defenses are still critical as a first line of defense, eliminating known threats at the gateway.* However, you still need last-mile protection against unknown attacks that make it past the first layers of security. That’s where APT Blocker comes in, providing your next level in advanced malware detection and prevention.
Prevent, Detect, and Resolve
WatchGuard APT Blocker focuses on behavioral analysis to determine if a file is malicious, identifying and submitting suspicious files to a cloud-based sandbox where the code is emulated, executed, and analyzed to determine its threat potential. If the suspected file is found to be malicious, APT Blocker quickly takes action to ensure your network and digital assets stay secure.
Full System Emulation Simulates Physical Hardware
Modern malware, including advanced persistent threats, ransomware, and zero-day attacks, are designed to recognize and evade traditional defenses. APT Blocker’s full system emulation – which simulates physical hardware including CPU and memory – provides the most comprehensive level of protection against advanced malware.
Easy to Use
WatchGuard APT Blocker not only provides comprehensive protection against advanced malware, it does with a simple and intuitive user interface. From the management console, you can access easy-to-use controls that enable you to allow, drop, block, or quarantine by severity level, as well as set customized notifications for when APT Blocker detects a threat.
Unparalleled Visibility
Gain complete visibility into the advanced threats attempting to attack your network, including the protocols used, threat IDs, sender source, and the specific types of malicious activities that would have happened if APT Blocker did not take action.
How It Works
WatchGuard APT Blocker works in tandem with WatchGuard Gateway AntiVirus for the ultimate solution in detecting and preventing advanced malware. If the file passes the Gateway AntiVirus* scan, a hash of the file is sent to the APT Blocker cloud sandbox to determine if it is a known threat. If the hash of the file is not recognized, APT Blocker prompts the Firebox to send the full file, which is executed in an environment that simulates physical hardware for comprehensive threat analysis. Administrators are then alerted if the file is suspicious with a threat rating.
*APT Blocker requires a WatchGuard Gateway AntiVirus subscription