Advanced threat protection, or ATP, is a category of cyber security solutions designed to protect organisations against sophisticated and complex cyber threats. These threats – typically malware-based and often perpetrated by state-backed hacking groups – are specifically created to subvert traditional, signature-based cyber security products like anti-virus and firewalls. They have become increasingly targeted, stealthy and persistent in recent years and in many cases can remain undetected within a target’s technology environment for weeks or even months.
There are many ATP solutions on the market – some available as software which needs to be integrated into your existing cyber security stack and others as a managed service. Given the real-time nature of ATP, and the fact that potential incidents need to be investigated and prioritised by experts, an increasing number of midsize organisations are opting for a fully managed service.
In order to be successful, ATP solutions and services must deliver on three fronts:
ATP solutions need to be able to identify suspicious and malicious behaviour in real-time using various sensors, threat intelligence feeds and tools. This information should then be recorded and analysed for both internal and external attacks, with analysis supported by a range of technologies including machine learning, behavioural analysis and multiple threat intelligence sources.
Threat identification and isolation
Possibly the most fundamental requirement for any ATP solution is the ability to identify and isolate new and potential threats. Once a threat is identified, the ATP solution should act in three ways. Firstly, to either mitigate the threat before it breaches systems, or halt/disrupt the attack if it is already in progress. Secondly, to respond to and neutralise actions that have already happened as part of the breach. And thirdly, to interrupt the lifecycle of the attack and prevent it from proceeding further.
For true security effectiveness, threat alerts must contain context to allow security teams to effectively prioritize threats and determine the appropriate response.
One thing that is common to most ATP solutions is the amount of “noise” they generate. Alerts, investigations and responding to security incidents all need to be coordinated and take time. This means having dedicated cyber security personnel to manage them or using a specialist service provider to handle the continuous monitoring, analysis and response which is needed to benefit from an ATP solution.
Organisations that use ATP solutions are at lower risk of becoming the victim of a successful cyber attack than those that don’t, assuming that the solution is managed correctly. This is because they are more likely to detect threats early, to respond to attacks in progress and to recover from a breach. A specialist cyber security service provider will manage threats in real-time, and will notify the relevant parties of potential and actual attacks, their severity and the mitigation actions that were taken without causing unnecessary disruption to day-to-day business activities. Whether deployed and managed in-house or as a fully managed service, ATP solutions have moved from optional extra to the mainstream and for many are a key component of their technical cyber security measures.
You can take a look at Managed Threat Detection and Response from norm. here
Written by Pete Bowers
Pete Bowers is COO at norm. where he is responsible for the overall operational and financial functions of the business. He also oversees customer innovation and success, and plays a pivotal role in the ongoing development of cyber security and data protection services which deliver transparency and tangible value to norm.’s growing client base.