Running a business is becoming more dynamic, yet more complex. Unfortunately, this also applies to the business of malware and ransomware. Popular branches of malware (like Duqu and Miniduke) are being used to target websites, and are rarely detected by traditional anti-virus services. The origin of these infections is typically through simple actions like file uploads in web applications. Today’s threats spread at a high velocity, making it difficult to detect a threat, isolate the signature, add the signature to databases, and make it publicly and continually available in a very short time. By the time the database update is available, the threat has already compromised a network’s systems and has successfully covered up its tracks.

While these signature-based legacy systems are still important as a first line of defense for prefiltering network traffic, organizations still need an additional security layer to protect against targeted malware.

Today’s web applications need comprehensive, reliable protection against advanced persistent threats and file injections. The Barracuda Advanced Threat Protection (BATP) is a cloud-based service used by the Barracuda Web Application Firewall to provide in-depth defense against ransomware, malware, and advanced cyber attacks. It consists of multiple layers of detection, including signature and static behavioral analysis to provide accurate detection of a variety of polymorphic attacks.

Barracuda Advanced Threat Protection is available on Barracuda’s entire portfolio of security products and processes more than 20 million requests per day. This results in one of the world’s most comprehensive databases of known bad IP addresses, “spyware domains,” and command and control servers used by botnets.

Administrators need to deal with more than just one file type and/or protocol. Barracuda Advanced Threat Protection gives security administrators the flexibility they need to ensure the highest quality of service possible.

Files uploaded as multipart/form-data in POST requests is inspected by the Barracuda Advanced Threat Protection. The “Deliver and Scan” approach is used to scan the files to avoid delivery delays during the scanning process. This approach also enables incoming traffic to be inspected and processed through to the web server at faster speeds, while a copy of the file is scanned by the Barracuda Advanced Threat Protection cloud service.

The following MIME types are inspected for malware:
application/pdf
application/msword
application/vnd.ms-powerpoint
application/vnd.ms-excel
application/x-msaccess
application/vnd.openxmlformats-officedocument.presentationml.presentation
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.ms-cab-compressed
application/vnd.microsoft.portable-executable
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/rtf

Upon inspection of the file, the web firewall logs are updated with information on the inspection. For example, the attack name “BATP Scan” can be used to filter the logs specific to this. The Barracuda Web Application Firewall notification service can also be used to alert the administrator of the violation so that reactive measures can be taken and malicious files can be removed.

KEY FEATURES	THE BARRACUDA ADVANTAGE
Identify zero-day malware exploits, ransomware, targeted attacks, advanced persistent threats, and other advanced malware that routinely bypasses traditional signature-based IPS and anti-virus engines.	Easy to deploy, easy-to-use, and affordable Advanced Threat Protection (ATP).
Blocking of active content in Microsoft Office and PDF documents.	No new equipment needed.
Full interoperability with the integrated SSL Inspection: Files can be extracted and checked to detect advanced malware in the encrypted stream.	Information on identified malware is centrally stored and shared to optimize emulation.
Available for hardware and virtual appliances, as well as for Microsoft Azure and Amazon AWS.	Barracuda ATP and malware protection are available as an affordable bundle subscription.