Collapse & Return to Top
Barracuda Networks' Advanced Threat Detection (ATD) implements full-system emulation which provides the deepest visibility into malware behavior while simultaneously being the toughest one to evade. Files are checked against a cryptographic hash database that is constantly updated, and in case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered. While traditional solutions mostly detect network threats after they have breached the network and after sending log notifications to the administrator, the Barracuda NextGen Firewall supports two types of emulation policies that can be assigned to specific file types.
The first policy is the traditional "let the user download a file and forward it to the emulation service." As soon as the file is scanned and malicious file activity has been identified, a log event will be created and the administrator can contact the user to remediate the threat. Since the malware has been downloaded to the corporate network, preventing the malware from spreading and damaging valuable corporate assets is now key. In order to minimize this breakout, Barracuda NextGen Firewall provides an automatic User/IP/machine blacklisting feature that will automatically quarantine victims of advanced malware by blocking further network activities. The second policy that can be assigned on a per-file basis forces the user to wait until the file is emulated and not malicious or suspicious. Only safe files will be forwarded to the respective user.