Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • NGFW ATP Concept Guide

    Home FortiGate / FortiOS 7.4.2 NGFW ATP Concept Guide
    7.4.2
    7.4.2

    What is ATP?

    What is ATP?

    Advanced threat protection (ATP) refers to security solutions that protect your organization from advanced cyberattacks and malware that aim to exfiltrate, corrupt, or steal sensitive data. ATP provides network & file security through the combination of IPS and Anti-Malware techniques. IPS functions to monitor network traffic, analyze for malicious content and use AI/Machine Learning for real-time threat detection with virtual patching. Anti-malware offers real-time defense against all threats, enhances protection through threat intelligence, and provides multi-layered security.

    What is IPS?

    Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity, or security policy violations.

    An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSes.

    You can implement IPS in the form of a standalone appliance or as part of the feature set of a next generation firewall. IPS uses signatures, protocol decoders, heuristics (or behavioral monitoring), threat intelligence, and advanced threat detection to prevent exploitation of known threats. Some IPS implementations can even help prevent zero-day threats. FortiGate IPS can perform deep packet inspection to scan encrypted payloads to detect and prevent threats from attackers.

    This guide aims to dive deeper into different IPS features and technologies and introduce how FortiGate IPS implements these features.

    What is antimalware?

    Anti-malware is implemented through a bundle of services provided by FortiGuard. These services include Antivirus, Mobile Security, FortiSandbox, Virus Outbreak Protection, Botnet Domain security, and Content Disarm & Reconstruction. These services, often referred to as Advanced Malware Protection (AMP), together with IPS, comprise the Advanced Threat Protection bundle which provides a robust defense against today’s sophisticated attacks, both known and unknown threats.

    Like IPS, AMP works best when combined with deep packet inspection, allowing FortiGate to closely monitor the content of encrypted traffic for threats.

    Intended audience

    This guide is intended for an audience who is interested in understanding how IPS and Antivirus technology work together to provide network and file security, and what benefits they can bring to organizations of varying verticals and sizes. Readers should have a good understanding of networking and security concepts, such as traffic flows, application traffic identifiers, network protocols, CVE-ID, vulnerabilities, and exploits. Junior to intermediate level network security specialists should be comfortable with the content of this guide.

    About this guide

    This guide aims to introduce the concept of IPS and Malware protection, and how Fortinet implements them with regards to products, services, and techniques. After reading this guide readers should be comfortable talking about different IPS and Malware protection methodologies, and have a good understanding of where this protection is implemented in various networks.

    Previous
    Next

    What is ATP?

    What is ATP?

    Advanced threat protection (ATP) refers to security solutions that protect your organization from advanced cyberattacks and malware that aim to exfiltrate, corrupt, or steal sensitive data. ATP provides network & file security through the combination of IPS and Anti-Malware techniques. IPS functions to monitor network traffic, analyze for malicious content and use AI/Machine Learning for real-time threat detection with virtual patching. Anti-malware offers real-time defense against all threats, enhances protection through threat intelligence, and provides multi-layered security.

    What is IPS?

    Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity, or security policy violations.

    An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSes.

    You can implement IPS in the form of a standalone appliance or as part of the feature set of a next generation firewall. IPS uses signatures, protocol decoders, heuristics (or behavioral monitoring), threat intelligence, and advanced threat detection to prevent exploitation of known threats. Some IPS implementations can even help prevent zero-day threats. FortiGate IPS can perform deep packet inspection to scan encrypted payloads to detect and prevent threats from attackers.

    This guide aims to dive deeper into different IPS features and technologies and introduce how FortiGate IPS implements these features.

    What is antimalware?

    Anti-malware is implemented through a bundle of services provided by FortiGuard. These services include Antivirus, Mobile Security, FortiSandbox, Virus Outbreak Protection, Botnet Domain security, and Content Disarm & Reconstruction. These services, often referred to as Advanced Malware Protection (AMP), together with IPS, comprise the Advanced Threat Protection bundle which provides a robust defense against today’s sophisticated attacks, both known and unknown threats.

    Like IPS, AMP works best when combined with deep packet inspection, allowing FortiGate to closely monitor the content of encrypted traffic for threats.

    Intended audience

    This guide is intended for an audience who is interested in understanding how IPS and Antivirus technology work together to provide network and file security, and what benefits they can bring to organizations of varying verticals and sizes. Readers should have a good understanding of networking and security concepts, such as traffic flows, application traffic identifiers, network protocols, CVE-ID, vulnerabilities, and exploits. Junior to intermediate level network security specialists should be comfortable with the content of this guide.

    About this guide

    This guide aims to introduce the concept of IPS and Malware protection, and how Fortinet implements them with regards to products, services, and techniques. After reading this guide readers should be comfortable talking about different IPS and Malware protection methodologies, and have a good understanding of where this protection is implemented in various networks.

    Previous
    Next