Advanced Threat Detection (ATD) refers broadly to a variety of evolving security techniques employed by malware analysts to detect, identify, and respond to advanced and persistent malware threats. These techniques primarily include sandboxing, but can also involve behavior analysis, virtual machine monitoring, and other methods.
Advanced Threat Detection tools rely on network traffic analysis to pinpoint suspicious files, and differs from that of more traditional antivirus detection, which is primarily fingerprint-based. Once identified, advanced threat detection tools will most likely turn to sandboxing techniques to sequester, identify, and respond to potential advanced or persistent malware threats.
Sandboxing is a security method that involves taking any files that have been flagged as suspicious, and then isolating them within a virtual environment that is distinct from the programs, files, and networks of a victim’s real system. Malware analysts will subsequently use this artificial sandbox environment to monitor the suspect files with virtual machines to assemble a log of its behaviors. Malware analysts can then use these logs to determine if the files are malware or not.
This sandboxing technique provides malware analysts with a safe zone to monitor and identify potentially harmful malware families without any risk of them gaining access to sensitive information or infecting other systems connected to a victim’s system..
Properly used, advanced threat detection represents a powerful tool in the arsenal that cybersecurity experts have in protecting against malware infections. As is the case with many cybersecurity tools, advanced threat protection is best employed in concert with other security layers, as part of a complete security solution.