Combating Advanced Malware More Effectively with WatchGuard APT Blocker

In the current information-security landscape, new breeds of malware have emerged that are more advanced and resistant to conventional defenses such as signature-based AntiVirus solutions. Attackers have also evolved...

In the current information-security landscape, new breeds of malware have emerged that are more advanced and resistant to conventional defenses such as signature-based AntiVirus solutions. Attackers have also evolved over time and are better than ever at evading detection.

But, today the defense against modern malware got much stronger. WatchGuard announced the launch of its new Advanced Persistent Threat (APT) solution, APT Blocker, which provides real-time, advanced-threat visibility for Unified Threat Management (UTM) and Next-Gen Firewall appliances.

Real-time visibility, next-generation sandboxing

APT Blocker identifies and submits suspicious files to a cloud-based, next-generation sandbox powered by partner Lastline, where the actual code is virtually executed and analyzed, using one of the industry’s most sophisticated platforms for detecting APTs and zero-day malware. Why is this important? Because nearly 88 percent of today’s malware can morph to avoid detection by signature-based antivirus solutions.*

APT Blocker also integrates with WatchGuard’s visibility tool, WatchGuard Dimension, providing an instant, single-pane view of advanced threats, along with other top trends, applications and threats covered by WatchGuard security technologies.

The end result with APT Blocker: protection in minutes, not hours.

APT - 5

WatchGuard Dimension with APT Blocker

Today’s advanced threats 

APTs can be difficult to detect because they are unknown threats. Advanced attackers either create custom malware, that has never been seen before, or use different techniques to morph existing malware so that it avoids traditional detection. And, while many companies rely on AntiVirus solutions alone to catch malware, they can often only detect known threats using signature-based solutions. This leaves companies without APT protection almost completely vulnerable.

APT Characteristics

Modern malware uses advanced techniques such as encrypted communication channels, kernel-level rootkits, and sophisticated evasion capabilities to get past a network’s defenses.

Persistence is another feature of modern malware. It is stealthy and carefully hides its communications, and it “lives” in a victim’s network for as long as possible, often cleaning up after itself (deleting logs, using strong encryption, and only reporting back to its controller in small, obfuscated bursts of communication).

Many attacks are now blended combinations of different techniques. Groups of highly skilled, motivated attackers represent significant threats because they have very specific targets and goals in mind.

Historically, APT targets were exclusively governments and large enterprises whose critical infrastructures were stymied by the likes of Stuxnet and Duqu. But, today, advanced threats have evolved to target much smaller organizations and corporations to similarly devastating effect.

aptexample

Examples of an APT

APT Blocker is now available and comes pre-installed with a free 30-day trial with the launch of version 11.9 of WatchGuard’s Fireware security platform, which includes other best-of-breed services such as: AntiVirus, AntiSpam, Application Control and DLP.

For more information check out our new APT infographic or download the APT whitepaper.

In this article

Join the Conversation