Story image

Demystifying APTs: From ID to mitigation

A multi-staged approach is required to protect from advanced persistent threats, says Websense's Gerry Tucker.

In a recent Ponemon Institute study, IT security professionals across the ditch placed being hit by an advanced persistent threat (APT) as their number one fear.

With 58% admitting that they do not have the defences in place to stop cybercriminals stealing their data and only 42% believing they are protected from advanced cyber-attacks, it’s no wonder they fear the worse. In fact, 33% would completely overhaul their current enterprise security given the resources and opportunity.

The myriad of reports of customer records, blueprints, product roadmaps, source code and other confidential information being stolen may heighten their fears. Cybercriminals using APTs want data; the more valuable, the more likely it is to be targeted. Organisations require a heightened level of protection to meet cybercriminals head-on and thwart inbound and outbound data theft attempts.

And while APTs don’t target everyone, everyone should understand how they work because the same techniques will be used in targeted attacks designed to steal sensitive data from all kinds of organisations.

APTs exploit the full spectrum of attack methods and bypass traditional defences. Defending against APTs requires a new approach, with enhancements that include advanced threat protection with expanded inline sandboxing, malware isolation to heighten data loss prevention, end-user phishing education and new platform support. Organisations relying on security solutions such as antivirus, firewall and IDS/IPS products, that only address a part of the advanced threat kill chain, are vulnerable.

As different attack vectors are used, a multi-staged approach to preventing (or at least minimising the impact of an APT) is required. By shifting the paradigm from prevention to detection, organisations can take focused, intelligent action to stay safe.

APTs typically consist of seven customary attack stages to enhance cybercriminals theft success rate, including: recon, lure, redirect, exploit kit, dropper file, call-home and data theft. For the best defence, companies need to be able to stop threats across the entire threat kill chain.

Five strategies

APTs typically play out in multiple phases. In some cases, they may take months or even years to fully execute and successfully extract data from a network. To sufficiently prepare your organisation for these vicious and effective cybercrime techniques, we recommend you speak to your security vendor or partner on the following five strategies:

Real-time threat analysis Organisations must employ more than traditional defenses. Real-time analysis provides security teams with a constant stream of data, which can be used to make vital and immediate decisions about an organisation's security posture.

Global threat awareness Simply put, organisations benefit from large threat detection networks. The larger the network, the greater the threat awareness.

DLP capabilities A fully contextually aware DLP solution must be deployed to protect sensitive data against exfiltration.

SandboxingEffective analysis and reporting has become crucial for security professionals to make informed decisions about their organisation's security posture.

Forensic and behavioural reporting A successful security deployment will include forensic and behavioral analysis and yield actionable reports. The more actionable the report, the more valuable it is to the organisation.

Gerry Tucker is ANZ country manager for Websense, a global leader in protecting organisations from cyber attacks and data theft.

Story image
Google report unlocks AI's power for social good
"As more social sector organisations recognise AI’s potential, we all have a role to play in supporting their work for a better world."More
Story image
06 Sep
ServiceNow's latest release offers mobile experiences for everyday work
Powered by the Now Platform, the platform designed to manage complex enterprise workflows across functions, departments and systems, ServiceNow’s new Now Mobile app is designed to simplify everyday work tasks, the company says.More
Story image
06 Sep
Acquia snaps up Cohesion, creator of website builder tool
“Businesses need to launch, manage, and update their websites quicker and more efficiently than ever before. This acquisition allows Acquia to continue simplifying the way organisations of all sizes build, style, and design websites."More
Story image
09 Sep
VMware's open pledge to help partners and customers make their mark
Technology is neither good nor bad, but it’s often how we shape it. Will technology shape the world we want to live in? Or will it create a world we’re afraid to live in?More
Story image
Google rolls out new Anthos capabilities for cloud
Anthos now features Service Mesh that connects, manages, and secures microservices; as well as Cloud Run for Anthos, which enables organisations to run stateless workloads on a fully-managed Anthos environment.More
Story image
12 Sep
Citrix and Palo Alto Networks team up on SD-WAN protection
The collaboration aims to enable easy deployment and management of next-generation firewalls within Citrix SD-WAN.More