Innehållet på den här sidan är tyvärr inte tillgängligt på det språk du har valt.

Hoppa till huvudinnehåll
Hem Advanced threat detection

Advanced threat detection

(also ATD)

Advanced threat detection definition

Advanced threat detection (ATD) is a cybersecurity method for finding and stopping cyber threats that standard security measures may miss. It deals with highly targeted attacks, new vulnerabilities, and long-term infiltrations.

See also: advanced persistent threat, zero day, intrusion detection system, security incident and event management, behavior monitoring, malware sandboxing, cyber threat hunting

Use cases of advanced threat detection

  • Protecting against zero-day exploits. Dealing with new vulnerabilities that haven't been publicly reported or patched.
  • Stopping advanced persistent threats (APTs). Detecting and handling sophisticated attacks aimed at stealing data over long periods.
  • Preventing data breaches. Spotting unusual data transfers or access to sensitive information.
  • Compliance and risk management. Helping organizations meet legal standards by providing advanced levels of security.
  • Insider threat detection. Looking for risky actions by authorized users that could threaten security of the organization.
  • Securing cloud environments. Enhancing security in cloud-based systems, where traditional measures may fall short.

Components of advanced threat detection

  • Behavioral analysis. ATD systems monitor and analyze the behavior of users and network activities. They look for patterns or actions that deviate from the norm, which may be a sign of a threat.
  • Machine learning and AI. The system learns from previous incidents and adapts to new types of attacks, improving detection over time.
  • Anomaly detection. The system constantly checks for activities that are out of the ordinary. This could include unusual network traffic, unexpected access requests, or strange data movements.
  • Threat intelligence. ATD systems use the latest data on known threats, attack methods, and vulnerabilities for better protection.
  • Sandboxing. The system tests suspicious programs or files in a safe, isolated space (a sandbox) to avoid risking the main network.
  • Integration with other security measures. ATD often works with firewalls, antivirus, and intrusion detection systems for comprehensive security.