Advanced Threat Protection

On the menu Advanced Protection > Advanced Threat Protection you can enable and configure the Advanced Threat Protection feature to rapidly detect infected or compromised clients inside your network, and raise an alert or drop the respective traffic. An alert will be automatically deleted after 72 hours. If you want to delete all alerts immediately, click the Reset button.

Advanced Threat Protection aims at typical challenges in current corporate networks: on the one hand management of a mobile workforce with an increasing number of different mobile devices (BYOD), and on the other hand malware evolution and distribution methods getting faster and faster. The Advanced Threat Protection analyzes network traffic, e.g., DNS requests, HTTP requests, or IP packets in general, coming from and going to all networks. It also incorporates Intrusion Prevention and Antivirus data if the respective features are activated. The database used to identify threats is updated constantly by a CnC/Botnet data feed from Sophos Labs through pattern updates. Based on this data, infected hosts and their communication with command-and-control (CnC) servers can quickly be identified and dealt with.