WatchGuard unveils APT Blocker

Anti-advanced persistent threat solution submits suspicious files to a cloud-based sandbox

Tags: WatchGuard Technologies Incorporation
  • E-Mail
WatchGuard unveils APT Blocker Nachreiner: Nearly 88% of today's malware can morph to avoid detection by signature-based anti-virus solutions
By  Tom Paye Published  April 6, 2014

WatchGuard has unveiled a new security solution to help enterprises mitigate against advanced persistent threats (APTs).

WatchGuard APT Blocker, the vendor said, delivers real-time visibility and indentifies and submits suspicious to a cloud-based sandbox. In the cloud, threats are given full system emulation and analysis, which, WatchGuard claimed, provides protection against both known threats and unknown threats such as APTs.

"Nearly 88% of today's malware can morph to avoid detection by signature-based anti-virus solutions," said Corey Nachreiner, director of security strategy and research for WatchGuard Technologies.

"That means today's anti-virus solutions remain necessary for catching known threats but alone, they're no longer sufficient. APT Blocker's full-system emulation approach to sandboxing provides simple, rapid protection, which doesn't rely on a traditional, signature-based approach to detect and stop advanced malware; in a solution that scales to inspect millions of objects at any given time."

The solution will come pre-installed on all WatchGuard unified threat management (UTM) and next-gen firewall (NGF) appliances on a 30-day trial basis. Indeed, the vendor has extended these products' proprietary, proxy-based architecture to detect suspicious files and send them to the cloud.

For the cloud aspect of the solution, WatchGuard has partnered with LastLine, which provides its full-system emulation inspection capabilities.

Historically, APT targets have been governments and large enterprises that have seen critical infrastructures disrupted by viruses such as Stuxnet and Duqu. However, security vendors claim that advanced threats now target much smaller organisations.

"Since today's APT targets are not anticipating these threats, they are not sufficiently protected. Often relying almost entirely on anti-virus and digital-signature solutions, these networks are almost completely vulnerable," Nachreiner said.  

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code