Juniper ATP Cloud is a cloud-based threat detection service that protects all hosts in your network against evolving security threats. It uses a combination of tools to identify and block malware, such as cache lookup, static analysis, and dynamic analysis12
Cache lookup is the first step in the malware detection process. It checks the file hash against a database of known malicious and benign files. If the file is found in the cache, the analysis is completed and the file is either allowed or blocked based on the cache result12
Static analysis is the second step in the malware detection process. It examines the file attributes, such as file size, file type, file name, and embedded URLs, to determine if the file is suspicious or not. If the file is deemed suspicious, it is sent to the next step for further analysis. If the file is deemed benign, it is allowed to pass through12
Dynamic analysis is the third and final step in the malware detection process. It executes the file in a sandbox environment and observes its behavior, such as network connections, registry changes, file operations, and process injections. If the file exhibits malicious behavior, it is blocked and reported. If the file does not exhibit malicious behavior, it is allowed to pass through12
Therefore, dynamic analysis is not always performed to determine if a file contains malware, as it depends on the results of the cache lookup and static analysis. Similarly, if the cache lookup determines that a file contains malware, static analysis is not performed to verify the results, as the file is already blocked based on the cache lookup12
References:
Juniper Advanced Threat Prevention Cloud (ATP Cloud) Documentation
Juniper Advanced Threat Prevention Cloud | Juniper Networks
