Why You’re Fighting a Losing Battle Against Advanced Persistent Threats

January 3, 2017 · steveverbanic · · Comments
You can’t let your guard down for a moment when defending against advanced persistent threats (APTs). APTs are not the work of a lone bad apple—but are often well-funded, highly sophisticated endeavors often backed by organized crime syndicates and even nation states.

Unlike many cyber crimes that are random, APTs focus on specific targets—such as governments and financial institutions. But any size organization is at risk.

These cyber criminals are intent on damaging organizations and stealing information. Often these elaborate APTs are designed to avoid detection for weeks, months or even years.  And all the while, they’re collecting valuable data or wreaking havoc of other sorts.

Staying out of the crosshairs isn’t easy.

Dangerous Threats

To better arm yourself against APTs; it’s important to understand the rising aggression and sophistication that’s part of the modern threat environment.

APT attacks aren’t new, but they’re on the uptick—and pulling in larger hauls of information as their spoils. Just last year, a group of Chinese hackers stole sensitive data about four million current and former federal employees from the U.S. government’s Office of Personnel Management.

But organizations aren’t taking these threats lying down.  Money spent on APT protection solutions was just over $1.9 billion in 2015 but is predicted to grow to more than $6.7 billion by 2019.

Modern Tactics

APTs make use of complex software and deceptive social engineering techniques to slip past traditional cybersecurity defenses. The tactics may vary, but here are some delivery mechanisms to be aware of:

·         Zero-day attacks involve taking advantage of previously unknown software vulnerabilities. There’s no patch yet and signature-based detection systems don’t recognize the intrusion.

·         Phishing relies on sending emails with links to phony websites or malware-infected attachments to dupe employees into giving up their credentials or installing viruses.

·         Hidden and disguised malware can avoid detection by traditional antivirus solutions and lay low for prolonged periods to inflict maximum damage.

How to Fight APTs

To combat APTs you need multi-layered security approach. Security awareness training is vital. Make sure employees can recognize social engineering methods and know not to click on dubious links.

In respect to technology, you need to deploy solutions that can monitor and share real time threat intelligence across the cloud, data center, web applications and all endpoints. By watching for suspicious behavior in log files and data traffic you may catch an APT before it takes hold.

And in case a dreaded breach does happen—you need an actionable response plan ready to go to minimize damage.

Comprehensive Approach Improves Prevention, Detection and Mitigation

SLAIT offers a comprehensive approach—Advanced Threat Protection Framework—to optimize interactions between all facets of security including prevention, detection and mitigation. It achieves this by:

·         Integrating firewalls, secure email gateways, two-factor authentication, patch management and VPNs to prevent known threats from getting through

·         Automatically detecting previously unknown threats and testing them in an isolated sandbox environment to create actionable threat intelligence for use against future attacks

·         Improving mitigation by automating direct intelligence sharing between detection and prevention tools and making it easier for people and technology to work together

The Fortinet Advanced Threat Protection Framework works best when deployed as part of a cohesive security fabric—a unique, open API-based platform developed by Fortinet to enable true end-to-end visibility and multi-tool collaboration. To add it to your arsenal of anti-APT tools, contact SLAIT Consulting for help.