Technical Overview - ATP

Advanced Threat Protection (ATP) is a critical component of any complete security solution and core to Bitglass' Citadel data protection engine. Powered by Cylance's next-generation threat detection technology, Bitglass ATP is able to identify and stop the spread of known and unknown threats in real time.

  • Key Features
  • Why CASB ATP
  • How It Works
  • Use Cases
  • Deployment
Key Features
  • Detect and block 99% of known and unknown (zero-day) threats with Cylance-powered machine learning and AI models.
  • Instant analysis using attribute extraction, data classification, and more stops malicious uploads with minimal latency.
  • Stop the spread of malware between connected cloud apps, from cloud to endpoint, and from endpoint to cloud, with proxy-accelerated API scans and inline data protection.
  • Comprehensive ATP works across all your SaaS, IaaS, and custom cloud applications.
  • Deploy in minutes using Bitglass’ globally-hosted, high performance SaaS solution. All without agents.
Unbeknown to many, most major Saas and IaaS applications lack native threat protection. Only G Suite and Office 365 feature some basic threat protection, other cloud apps--Box, Salesforce, and Dropbox among them-- have no built-in threat detection capability. The issue here is twofold, lack of comprehensive threat protection in a number of widely used apps, and every cloud app’s inability to block zero-day threats.
How It Works

To limit the spread of malware and ransomware at access, Bitglass ATP leverages its Omni multi-proxies. Whether it’s a malicious file in the cloud downloaded to an endpoint or a malicious file on the endpoint uploaded to the cloud app, Bitglass’ instant analysis can detect and stop threats in their tracks. Real-time threat protection with minimal latency.

Bitglass ATP also scans data-at-rest in the cloud to identify existing threats in your cloud app instances and to prevent the spread of these threats to connected apps.

To detect threats at upload, download, and for data-at-rest in the cloud, Bitglass ATP leverages Cylance's predictive AV engine. By analyzing files at the DNA level, Cylance's engine can identify zero-day malware and ransomware with a higher efficacy rate than comparable solutions.

Machine learning and artificial intelligence play a major role in enabling instant detection of all threats. The AV engine looks at patterns in file characteristics and assigns a risk score to each file – for data-at-rest, files at upload, and files on download. Those deemed high risk are automatically blocked while IT is alerted to those deemed suspicious. For all data, an autonomous decision is made with no human intervention. Reliable, consistent, predictive threat detection.

Use Cases

Stops Threats at Upload

Where malware and ransomware is uploaded from end-user devices to your cloud applications, massive volumes of data may be compromised. To prevent the spread of malware, organizations need real-time protection. Bitglass ATP can instantly identify and block known and unknown threats at upload from any endpoint, including unmanaged devices using predictive AI-based AV.

Stop Threats at Download

For organizations that have already deployed an app like Office 365 or Box, files containing malware may have already found their way into your cloud. Managed and unmanaged devices are particularly prone to malware accessed from a trusted application like your corporate Office 365 instance. With Bitglass ATP, organizations can stop these threats at access.

Identify Threats in the Cloud, Prevent Proliferation to Connected Apps

Because so few cloud apps offer native threat protection, odds are that malware or ransomware is sitting in your cloud app. Bitglass ATP periodically scans your cloud apps via API to identify malicious data-at-rest in the cloud and prevents the spread of that data to connected apps that you have deployed in your organization.


Bitglass ATP can be deployed in minutes alongside the complete Bitglass CASB solution, without the pain that comes with traditional endpoint-based threat detection solutions. Setup is simple and straightforward, with nothing to install for either admins or users.

The Bitglass cloud service is hosted globally on AWS infrastructure with auto-scaling and replication. Its fully redundant architecture ensures constant uptime – Bitglass guarantees a 99.9% SLA, and greater than 99.99% historical performance.