/
What is Automated Threat Response?

What is Automated Threat Response?

To contain attacks faster, Barracuda Managed XDR includes automated threat response (ATR). With ATR, XDR automatically take remediation actions when it detects certain threats, moving to isolate threats faster, before humans are even aware of them. This saves time and money and lets humans focus on tasks that need their attention.

The ATR process

A flowchart of the ATR process
The ATR process for alerts

  1. An event occurs that triggers an alarm in Barracuda XDR.

  2. The alert is sent to the Barracuda XDR ATR.

  3. ATR determines whether the alert is malicious.

  4. If the alert is identified as malicious, the IP Address is automatically added to the firewall or network security solution block list.

  5. The alert is closed.

  6. If the alert is not identified as malicious, the IP Address is not blocked and the alert is closed.

The ATR process is different for Microsoft Defender for Endpoint. See https://documentation.campus.barracuda.com/wiki/spaces/SKOUT/pages/6949069.

 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.