After a web object has been scanned by Web Gateway for infections by viruses or other malware, it can additionally be scanned by the Skyhigh Security Advanced Threat Defense (Advanced Threat Defense) web security product.
Advanced Threat Defense uses a sandboxing approach for scanning, which means that the behavior of a particular web object in a "sandbox" environment is analyzed. The scanning result is recorded in a report and delivered to Web Gateway.
The additional scanning performed by Advanced Threat Defense is also referred to as offline scanning or background scanning. To enable the use of Advanced Threat Defense, suitable rules must be implemented on Web Gateway. You can import rule sets that contain such rules from the rule set library.
Note: The ATD servers configured in the Gateway ATD setting follow a round-robin failover mechanism.
Options for configuring the use of Advanced Threat Defense
You can configure different options to implement an additional scanning by Advanced Threat Defense.
- Forwarding a web object depending on the additional scanning — When this option is configured, the result of the additional scanning by Advanced Threat Defense determines whether a web object is forwarded to the user who requested it.
If a web object is found to be safe, it is forwarded, otherwise not.
- Forwarding a web object before the additional scanning — When this option is configured, a web object is forwarded to the user who requested it. before the additional scanning by Advanced Threat Defense.
If a web object is found to be infected, a warning message is sent to the administrator of the network that the user sent his request from.
You can also configure that a web object is not scanned a second time by Advanced Threat Defense if it has been scanned before. In this case, the existing report that was produced after the first scanning is evaluated once again.
Availability of Advanced Threat Defense
For use with Web Gateway, the Advanced Threat Defense web security software is delivered pre-installed on the same hardware platform, where it runs as an appliance on a separate server. Several instances of the product can also run on different servers and be used to support Web Gateway. Each instance of the product must be installed on its own hardware platform.