Enterprise Threat Protector (ETP) Advanced Threat is a new bundle offering of ETP. In addition to the existing DNS protection layer, ETP Advanced Threat offers additional capabilities of URL and payload inspection using inline malware detection and analysis engines.
There are two new key capabilities that are being introduced as part of ETP Advanced Threat.
ETP Proxy - Analyzes suspicious HTTP(S) traffic and protects an enterprise network from threats. ETP Proxy goes beyond the DNS layer, examines the full URL path of the request and checks if a URL is a known threat. If it is a threat, the threat is handled based on the assigned policy action. ETP Proxy then forwards the request to the origin server and returns the payload to the client.
Inline Payload Analysis - When inline payload analysis is enabled, ETP inspects website content and performs malware scanning on responses from the origin server. For example, this feature allows ETP to scan a file like a PDF or an image. If the payload analysis detects a threat, the response is blocked or monitored based on the assigned policy action.
ETP Dashboard allows you to review and analyze HTTP(S) threat events. You can zoom in and drill down into each occurrence and get information such as location, domains, layer 7 protocols, source and destination IP, autonomous system name and more.
In the screenshot below we see that ETP suspected some domains to be risky because either they are newly registered or potentially malicious. Then based on the configured policy threat event is logged and the domain is blocked.
ETP Proxy is available to all existing customers, Inline Payload Analysis is available only as part of ETP Advance Threat, which you can upgrade to.
ETP Proxy and Inline Payload Analysis are super easy to configure and can easily be turned ON or OFF by a toggle of a button.
In the Luna control center, under the Configure menu, navigate to the Enterprise Security category and select Enterprise Threat Protector
Under Policies and Proxy settings slide the button to Enable Proxy and Inline Payload Analysis (if licensed for ETP Advance Threat)
For Risky Domains and File Sharing, select Allow or Classify action.
With Allow action, risky domains and domains for supported file sharing applications or services bypass the proxy and with Classify action, ETP proxy scans full URLs.