ATP recommend\dis

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ATP recommend\dis

L2 Linker

Hello,

We're currently using Threat Prevention (TP), which is performing well. We've caught dozens of threats and are satisfied with its effectiveness.

I'm now exploring Advanced Threat Protection (ATP) and, to be honest, I'm struggling to make a clear decision about purchasing it. They mention it incorporates inline cloud analysis, which sounds great, but I'm unclear about the specific actions it takes. For instance, if I host a website behind the on-premise NGFW and apply inline cloud analysis to the incoming policy rule, will every HTTP request body be sent for cloud analysis? This could potentially create a bottleneck and cause latency for users. When does it decide to use the local TP algorithm or the cloud one?

From my perspective, it seems very appealing to claim cloud analysis capabilities, but what are the "fine print" details?

2 REPLIES 2

L2 Linker

@chens ContentID marks the traffic to be sent to the cloud but only a fraction of the traffic is sent.

Then the verdicts are cached for future requests to prevent rescanning the traffic in the cloud. 

Finally, you can configure the maximum allowed processing time in the cloud before you either allow the traffic to pass through or to be blocked. You also have the option to capture samples in case you let the traffic pass unscanned.  

 

regards

 

--Richard

L2 Linker

thanks @rdumoulin 

What are the best practices here? if i set 200ms for example (default), how can i set the capture samples that you have mentioned?

  • 1301 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!