The Advanced Threat Prevention Appliance
The Advanced Threat Prevention Appliance provides comprehensive on-premises protection against a sophisticated, ever-changing threat landscape.
With traditional signature-based security tools, zero-day attacks often go undetected. The Juniper JATP Appliance uses advanced machine learning and behavioral analysis technologies to identify existing and unknown advanced threats in near real time. It does this through continuous, multistage detection and analysis of Web, email, and lateral spread traffic moving through the network.
The JATP Appliance ingests threat data from multiple security devices, applies analytics to identify advanced malicious traits, and aggregates the events into a single comprehensive timeline view of all the threats on the network. Your security team can quickly see how the attack unfolded and easily prioritize critical alerts.
Integrated SRX Series firewalls inspect traffic, submit suspicious files to the threat behavior engine, and update the JATP Appliance with threat status, accelerating time to detection and initiating inline blocking.
With its open API architecture, the JATP Appliance integrates with third-party security devices for seamless, automatic threat mitigation. You can quarantine emails on Google and Office 365 using REST APIs. Malicious IP addresses are pushed to firewalls to block the communication between command-and-control (C&C) servers and infected endpoints. Infected hosts are isolated through integration with network access control devices.
The Advanced Threat Prevention Appliance is available in physical and virtual form factors. You can deploy physical appliances in an all-in-one or distributed mode, and virtual appliances in distributed mode only.
Multivector Traffic Inspection
- Inspects traffic across multiple vectors including Web, email, and lateral spread.
Effective Detection Techniques
- Employs advanced threat detection techniques, including exploit detection, payload analysis, C&C detection, YARA, and SNORT rules.
Extensive Data Correlation
- Correlates events across kill chain stages to monitor threat progress and risk; visualizes malware activity and groups malware traits to help incident response teams better understand malware behavior.
Host Behavior Timeline
- Provides timeline host view to obtain complete context about malware events that have occurred on the host.
Multiple File Type Analytics
- Analyzes multiple file types, including executables, DLL, Mach-O, Dmg, PDF, Office, Flash, ISO, ELF, RTF, APK, Silverlight, Archive, and JAR.
- Integrates with Carbon Black Protect and Response (endpoint solution) to allow the upload of binaries executed on endpoints.
Contextual Threat Prioritization
- Prioritizes threats based on risk calculated from threat severity, threat progress, asset value, and other contextual data.
Automated Threat Mitigation on Email, Web, and Lateral Traffic
- Quarantines malicious Office 365 and Google emails automatically; integrates with Bluecoat, Checkpoint, Cisco, Fortinet, and Palo Alto Networks solutions to automatically block malicious IP addresses and URLs.