Advanced Threat Protection (ATP)
Antivirus software on endpoints relies on signature updates to detect new malware. However, due to advanced evasion techniques (e.g., polymorphism, packing, encryption), this method is often ineffective and too slow to respond to zero-day threats.
This is part of the follwing Editon's
| Security Edition | Essential | Standard | Plus | Premium |
|---|---|---|---|---|
| Advanced Threat Protection (ATP) | ✗ | ✗ | ✗ | ✓ |
ATP Capabilities
Advanced Threat Protection (ATP) offers real-time detection using:
- AI and machine learning
- MITRE ATT&CK framework
- Dynamic sandboxing
- Multiple AV engines
- Reputation and signature-based detection
- Static analysis
Benefits
- Real-time protection against zero-day threats
- Reduced dependency on signature updates
- Isolation of suspicious files before reaching endpoints
- Integrated AI and sandboxing for improved threat detection
Configuration
ATP is configured via sandboxing profiles and linked to security policies. When enabled, suspicious files from matching traffic are analyzed by Versa ATP. If malware is detected, predefined actions (alert, block, remediate) are enforced.
In Concerto, ATP profiles define how threats are detected and handled.
For more information, see the official documentation: Advanced Threat Protection (ATP)