ATP sensor is malware and targeted attack capturing appliance. It is a combination of both hardware and in-house developed software which will replicate your entire IT infrastructure so that all the targeted attacks are deflected from actual network.
The virtual world of internet is full of real threats. Earlier attackers used to float Trojans, worms and spy-wares into your network. But the world has advanced and now the attacks are targeted. Undoubtedly the latest firewall devices and other security appliances are doing well in blocking the attacks until some extent. But do we really come know from where did the attack was done! Why was your organization attacked? What were the intentions of the attacker? Above all, who was the attacker?
When we actually searched for the answers, we concluded on a phrase, "If you are not facing any attack doesn’t mean you are not being attacked. Maybe you haven’t identified it yet."
The answers for the questions were given by our patented technology Advanced Threat Protection Sensor i.e. ATP sensor.
This device is an in-house developed appliance which is a combination of hardware and software. It is basically a malware capturing device which is configured to replicate your entire network with some ports deliberately opened to get hacked. We misuse the behaviour of an attacker i.e. getting lured to open ports. The replica is made only of the face, of your network. Your database is still secured and is completely in your custody.
Let us understand with an example. Suppose I am an attacker. I’ll first of all search the IP of amity.edu. Then I’ll copy the IP in some tools to find more of the IPs hosted by Amity University and I get the complete list. Then after I search for the IP that brings me some interest. I find this IP to be one of the amity university’s another website which may contain some important data and may be in service for internal sharing. I then again use another tool to find some open ports in it. Here I got couple of ports. I simply upload my malware through this port. But actually, this IP where he uploaded was ATP sensor. It seems that attacker achieved his goal. But the truth is, there is 0 data in this website because he never entered into your network. He was simply hovering inside the ATP sensor. And this is how an attacker is trapped and the malware is captured.
Our malware research team then downloads the uploaded malware from our CCFIS sandbox and reverse engineer it to find complete information about the malware. It is done both ways, automatically and manually.
Every information is then reported into Advanced Threat Report. This report contains recommendations to secure on the basis of attack your network faced. This is our monthly deliverable.
When we deployed ATP sensor in 11 amity university campuses globally, within 4 months, it captured 500+ malwares and 20 lakhs+ attacks.
When a university can be attacked so brutally, think of other organizations such as research centers, various government departments, banks, small & big companies, are at how much risk.