Our solution

PT Anti-APT detects and prevents targeted attacks. It enables detecting attacker presence on the network with maximum speed and recreating a full picture for thorough investigation.


Detects attackers both on the perimeter and inside infrastructure
Automatically identifies previously unknown hacks
Expands investigation capabilities thanks to Positive Technologies expertise

Thwart black hats: PT Anti-APT detects attacks on Active Directory

Active Directory is often the main prize for APT groups. Threat actors constantly find new vectors for targeting AD and not all security vendors are able to keep pace.

PT Anti-APT successfully detects attacks on Active Directory as well as other lateral movement attempts to expand from a network beachhead.

Protects against the most important threats

At the core of the solution is a unique knowledge base, which is regularly supplemented based on our pentesting, investigations of complex incidents, and security testing of various systems. Awareness of real-world tactics, techniques, and procedures plus Positive Technologies expertise offers a decisive advantage when confronting even the newest threats.

Key features

Detects based on wide range of signs
Detects based on wide range of signs
Attackers have a lot of tricks in their toolkit: social engineering, malware, hacking tools, violation of security policies, exploitation of vulnerabilities, domain controller attacks, lateral movement, data exfiltration, and others. But no matter which ones attackers choose, PT Anti-APT knows how to catch them before it's too late.
Reduces dwell time
Reduces dwell time
Previously undetected hacks are detected thanks to automatic retrospective analysis. Each time the knowledge base and reputation lists are updated, traffic and objects are rescanned. This means that attacker presence or malware will not remain hidden for long.
Defends from unknown and state-of-the-art threats
Defends from unknown and state-of-the-art threats
A robust sandbox prevents malware from detecting the emulation environment during analysis of all malware-related processes and files. Dangerous activity, even if seemingly unrelated to malware, gets flagged.

Foil phishers: PT Anti-APT detects packed and encrypted malware

For attackers, phishing is the main way in to government organizations. That's why this method is used by 87 percent of APT groups during the initial phase of the kill chain. To evade detection by antivirus software, they deliver it to infrastructure with packing and encryption (techniques known as "Obfuscated Files or Information" and "Software Packing"). Our solution is able to spot malware even when hidden with these techniques.

Get a free pilot

By clicking Send you give your free and explicit consent to process your personal data and agree to our Privacy Policy

Shortens response time and accelerates investigation

Understanding context is crucial: PT Anti-APT stores raw traffic, key session parameters, and detailed behavioral descriptions of scanned malware. Experts use this information to rapidly find traces of compromise, detect attackers as they move around the network, and devise countermeasures.

How it works

Как это работает
Deployment is possible both on the perimeter and adjacent to critical infrastructure assets. Thanks to this flexibility, it's possible to detect activity by attackers even when they are inside the network.

Data stays inside

All data regarding attacks and scanned objects is stored on the infrastructure of the client company on-premises. This data never leaves the network perimeter. Because of reduced spread of information about attacks and damage, this approach minimizes reputational risks.

Related services and solutions

Forensic investigation services Prevent future incidents
PT MultiScanner Multilayered protection against malware attacks
PT NAD NTA system to detect attacks on the perimeter and inside the network