Share This:

Word from our Sponsor

Automated Threat Response (ATR) for firewalls

In the last 12 months, Barracuda Managed XDR’s Automated Threat Response (ATR) for firewalls prevented thousands of potentially serious attacks against customers.

It does so by correlating advanced threat intelligence and other tools, such as AI and machine learning to automatically detect, analyze and respond to cybersecurity threats targeting customers firewall infrastructure — in real-time, 24/7/365 with no human input needed.

Fast and evasive threats

It can take just minutes for attackers to break in and try to establish a foothold in the network, but it can take hours or even days for security teams to detect and respond to an incident, especially if the attackers are using IP links or malware that defenders haven’t encountered before or that isn’t flagged as suspicious.

Security professionals can’t work round the clock every day, and they may not always have the tools or skills to understand what they’re seeing. At the same time, attackers are investing ever more energy and resources into evading security and hiding among normal, legitimate activity and network traffic.

ATR can help organizations to address such challenges.

The guardian at the gate

Barracuda’s ATR for firewalls detect and capture all inbound and outbound traffic that involves external IPs. It then deduplicates data, checks whether the firewall has already blocked the detected traffic and identifies whether the traffic is inbound or outbound.

Drawing on an unrivaled threat intelligence database of over 10 billion indicators of compromise, as well as AI and machine learning, Barracuda’s ATR determines the risk scores and threat reputations of the external IPs detected in a customer’s traffic.

If the reputation and risk score exceed a predefined threshold, ATR immediately blocks the IP on the firewall and notifies the customer within 30 seconds. Barracuda Managed XDR customers or their service providers can also manually block IPs.

Threats countered by Barracuda’s ATR for firewalls

The common types of security incidents detected through ATR for firewalls include:

  • Remote execution tools and activity, including tools such as PsExec and Mimikatz designed for unauthorized lateral movement or credential theft
  • Suspicious login and access patterns, which flag potentially unauthorized access attempts from IPs with dubious reputations or unusual geographic locations
  • Traffic to high-risk destinations, highlighting communication with blocklisted countries or regions known for cybersecurity threats
  • High-volume data transfers, which could potentially indicate data exfiltration
  • Threat signature and intelligence matches involving the detection of known malicious signatures or interactions with previously identified malicious IPs, as this can signal an ongoing or attempted attack

The benefits of ATR for firewalls

ATR delivers a wide range of benefits for customers and their managed service providers. For example:

  • ATR saves time. Security professionals and their managed service providers don’t need to step in to detect or block suspicious or malicious IPs. This helps streamline the threat response process.
  • It shortens the time to response (TTR) by up to 99%. Threats are blocked as they appear, and other response activities are initiated within minutes.
  • It strengthens overall security posture. ATR blocks malicious traffic at the gate, fortifies the first line of defense against potential breaches, reduces the attack surface, and creates a safer digital environment.

Barracuda Managed XDR Network Security supports a wide range of firewall-based detections for automated blocking, seamlessly integrating data from many other vendor products, as well as Barracuda’s own IDS spam-based (port mirroring) detection for high-security signatures.

Conclusion

In a threat landscape characterized by growing complexity, constant evolution and the discovery and exploitation of new vulnerabilities, critical assets like firewalls and applications remain prime targets for malicious actors.

ATR offers organizations and their managed service providers a proactive approach to reducing the attack surface by swiftly eliminating and blocking threats as soon as they try to attack.

This protects organizations from the risk of an escalating attack, where a small initial breach could quickly turn into a devastating ransomware incident. ATR can intercept attacks at the outset, freeing up time for security teams to focus on core business operations.

Barracuda Managed XDR Cloud Security offers ATR capabilities across Microsoft 365, immediately disabling compromised user accounts. There are also ATR capabilities in place for Barracuda XDR Managed Endpoint Security, which includes quarantining devices that have been infected with ransomware or malware.

Click here to learn more information on how Barracuda Managed XDR Network Security can help with ATR.

This article was originally published at Barracuda Blog.

Photo: turtix / Shutterstock

 


Share This:
Merium Khalid

Posted by Merium Khalid

Merium Khalid is Director of SOC Offensive Security at Barracuda. Merium has extensive experience in analyzing data, identifying threats, incident response, research and development, and a lot more. Her team is responsible for leading Incident Response triage calls, building best-in-class use case detections through machine learning, static queries, researching, and implementing new platforms, and automation of workflow in efforts to protect their customers, providing best-in-class experience along with ensuring the SOC analyst experience is top notch. Merium received her bachelor’s degree in computer science from SUNY Old Westbury and has many years of experience leading and handling security operations.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *