For years, Security and Risk (SR) professionals made major investments in signature-based defenses of email, network and endpoint security solutions. The methodology of these solutions has proven itself ineffective against today's evasive malware being developed by highly sophisticated and well-funded adversaries. As a response, SR professionals are turning to Automated Malware Analysis (AMA) technologies in order to arm themselves against zero day and Advanced Persistent Threats (APTs) attacking their organizations. AMA tools automate the unique skill set of malware analysis traditionally done only by highly qualified manual practitioners. Due to the shortage of this expertise, manual processes have been replaced with automation that performs a combination of static and behavioral analysis to detect and prevent the entry of known malware and brand-new exploits.
THREAT PROTECTION APPLIANCE 3.4
Forcepoint's Threat Protection Appliance (TPA) is an onpremises, automated malware analysis framework developed for organizations needing to add detection and prevention against stealthy and advanced threats to their existing Forcepoint Secure Web and Email Gateways. The TPA framework's unmatched efficacy processes files through seven distinct static analytic agents and a dual-sandboxing process. Its ecosystem analyses malware behavior with a combination of best-of-breed open source and Forcepoint proprietary static and dynamic technologies. Unique to the market is the defense-grade anti-evasion technology within Forcepoint's proprietary ThINK sandbox, stopping malware typically capable of circumventing commercially available sandboxes.
Threat Protection Appliance Efficacy
The Threat Protection Appliance automated malware analysis technology was initially developed by Forcepoint's parent company, Raytheon, an international government contractor. Raytheon is responsible for protecting highly classified materials experiencing constant cyber attacks by the stealthiest APT actors in the world. The sophistication in the attack vectors targeting Raytheon is so advanced that Raytheon could not purchase a commercially available solution to fight such sophisticated adversaries, and Threat Protection Appliance was born. Today, TPA is used to defend the integrity of highly valuable national security secrets and financial institutions' critical data.
Threat Protection Appliance has an extensive ecosystem leveraging today's best available open source and proprietary technology. It is capable of analyzing any and ALL file types (PDF files, Windows executables, Office documents, HTML files, Windows shortcut (.lnk) files, zip files, jar files and more) with exclusive sandboxing representing multiple combinations of operating systems and applications; it's able to customize multiple baselines in order to mimic your organization's infrastructure more accurately than any other on the market. TPA's ecosystem processes files through the following analysis:
