After overhearing a misguided conversation about Advanced Persistent Threats recently, I wanted to put together a quick article to help better educate some of our followers. Also, you can watch this recorded webinar with Viewfinity CEO, Leonid Schtilman and Gartner Analyst Neil MacDonald that explains how to effectively protect against APTs.
What is an Advanced Persistent Threat?
There are four main components that define an APT. APT attacks are targeted at a specific organization, for a specific purpose. APTs are persistent, in that they require a large amount of effort and research which takes place over a period of months or even years. They have to be evasive, meaning they are able to execute while hidden from network security and above all else they require advanced levels of expertise in order to execute these long-term targeted attacks. It usually takes highly-funded, expert class technicians to pull off an APT attack. These attacks are not opportunistic, they are not large scale sweeps of information gathering, they are discrete attacks, well planned and with a specific purpose; whether it be extracting certain data or causing specific damage to a network.
Who is targeted?
While there are a few key industries that are heavily targeted for obvious reasons (government agencies, financial institutions, energy companies, chemical manufacturers etc.) these days anyone and everyone is susceptible. If your company has an “enemy” or opposition you are at risk; if your company has sensitive information you are at risk; if someone can use your assets to their own benefit, you are at risk.
The trouble is, while in the past the artillery required to support a successful APT attack was rare and costly, hackers are beginning to sell things like source code and digital certificates to the masses. APTs are becoming a certain and present danger for organizations of any size.
How does an organization protect itself?
The bottom line is that antivirus software does not work, black lists are easily circumnavigated, whitelists are targeted and a massive amount of threats come from internal sources. Employees, whether acting maliciously or being unknowingly negligent, are a major risk.
Organizations need to utilize a multilayered approach to protecting their networks from inside and out. Application control reinforced with privilege management is the only way to mitigate user risk and secure against APTs. This webinar with Viewfinity and Gartner Analyst Neil MacDonald explains how Application Control Provides Tighter Control Against Advanced Persistent Threats.