WatchGuard APT Blocker Offers Protection From Hidden Threats

WatchGuard Technologies has released an Advanced Persistent Threat (APT) option, APT Blocker, for its security appliances to identify suspicious files and submit them to a cloud-based sandbox for inspection.

The company said that the new service offers its channel partners an additional network security service within its unified threat management (UTM) and Next-Gen Firewall (NGFW) appliance ranges. The pre-installed APT Blocker has a 30-day free trial option.

An APT solution

To deliver rapid threat visibility and protection, APT Blocker places a submitted file into the sandbox, which contains a full-system emulation environment, where it can be examined for APTs and zero day malware. The blocker can be integrated with WatchGuard Dimension to provide a single view of advanced threats, along with top trends, applications and threats covered by WatchGuard’s security appliance services.

David Ashton, sales manager at Sec-1, a WatchGuard partner, said, “Many of our SME customers are increasingly concerned with the threat of APTs, but find it difficult to justify the cost of a standalone APT product. Now, with APT Blocker pre-installed on all WatchGuard UTM and NGFW appliances, they can simply choose to turn on APT protection along with other best-of-breed services from AV and AntiSpam to Application Control and DLP [Data Loss Prevention].”

By, WatchGuard claimed that by adding an additional layer to its deep-packet-inspection engine it now offers detection capabilities that extend from known malware threats into the unknown where there is no discernable pattern that can be used to identify them.

“Nearly 88 percent of today’s malware can morph to avoid detection by signature-based AntiVirus solutions*,” said Corey Nachreiner, director of security strategy and research for WatchGuard. “That means today’s AntiVirus solutions remain necessary for catching known threats but alone, they’re no longer sufficient. APT Blocker’s full-system emulation approach to sandboxing provides simple, rapid protection, which doesn’t rely on a traditional, signature-based approach to detect and stop advanced malware; in a solution that scales to inspect millions of objects at any given time.”

WatchGuard’s UTM and NGFW appliances were designed to allow emerging technologies, such as APT management, to be added , allowing customers to deploy any new features in a couple of clicks. APT Blocker was developed with APT specialist firm Lastline, which has been involved with advanced malware research for over a decade.

WatchGuard said it has added APT protection because, although APTs initially targeted governments and large enterprises with malware such as Stuxnet and Duqu., they have evolved to target much smaller organisations and corporations with potentially devastating effects.