Story image

Demystifying APTs: From ID to mitigation

12 Aug 14

A multi-staged approach is required to protect from advanced persistent threats, says Websense's Gerry Tucker.

In a recent Ponemon Institute study, IT security professionals across the ditch placed being hit by an advanced persistent threat (APT) as their number one fear.

With 58% admitting that they do not have the defences in place to stop cybercriminals stealing their data and only 42% believing they are protected from advanced cyber-attacks, it’s no wonder they fear the worse. In fact, 33% would completely overhaul their current enterprise security given the resources and opportunity.

The myriad of reports of customer records, blueprints, product roadmaps, source code and other confidential information being stolen may heighten their fears. Cybercriminals using APTs want data; the more valuable, the more likely it is to be targeted. Organisations require a heightened level of protection to meet cybercriminals head-on and thwart inbound and outbound data theft attempts.

And while APTs don’t target everyone, everyone should understand how they work because the same techniques will be used in targeted attacks designed to steal sensitive data from all kinds of organisations.

APTs exploit the full spectrum of attack methods and bypass traditional defences. Defending against APTs requires a new approach, with enhancements that include advanced threat protection with expanded inline sandboxing, malware isolation to heighten data loss prevention, end-user phishing education and new platform support. Organisations relying on security solutions such as antivirus, firewall and IDS/IPS products, that only address a part of the advanced threat kill chain, are vulnerable.

As different attack vectors are used, a multi-staged approach to preventing (or at least minimising the impact of an APT) is required. By shifting the paradigm from prevention to detection, organisations can take focused, intelligent action to stay safe.

APTs typically consist of seven customary attack stages to enhance cybercriminals theft success rate, including: recon, lure, redirect, exploit kit, dropper file, call-home and data theft. For the best defence, companies need to be able to stop threats across the entire threat kill chain.

Five strategies

APTs typically play out in multiple phases. In some cases, they may take months or even years to fully execute and successfully extract data from a network. To sufficiently prepare your organisation for these vicious and effective cybercrime techniques, we recommend you speak to your security vendor or partner on the following five strategies:

Real-time threat analysis Organisations must employ more than traditional defenses. Real-time analysis provides security teams with a constant stream of data, which can be used to make vital and immediate decisions about an organisation's security posture.

Global threat awareness Simply put, organisations benefit from large threat detection networks. The larger the network, the greater the threat awareness.

DLP capabilities A fully contextually aware DLP solution must be deployed to protect sensitive data against exfiltration.

Sandboxing Effective analysis and reporting has become crucial for security professionals to make informed decisions about their organisation's security posture.

Forensic and behavioural reporting A successful security deployment will include forensic and behavioral analysis and yield actionable reports. The more actionable the report, the more valuable it is to the organisation.

Gerry Tucker is ANZ country manager for Websense, a global leader in protecting organisations from cyber attacks and data theft.


Video conferencing in dire need of simplification, study shows
A Forrester study shows that 84% of companies are using two or more cloud-based video conferencing apps.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.
HPE unveils AI-driven operations for ProLiant, Synergy and Apollo servers
With global learning and predictive analytics capabilities based on real-world operational data, HPE InfoSight supposedly drives down operating costs.
Deloitte bolsters AWS offerings with CloudinIT
“By joining forces we can help even more organisations adopt cloud technologies and put their customers at the heart of their digital agendas.”
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
Enterprises to begin closing their data centres
Dan Hushon predicts next year companies will begin bidding farewell (if they haven't already) to their onsite data centres.
Citrix acquires micro app platform Sapho
Sapho’s micro applications improve employee productivity by consolidating access to tools, activities and tasks in a simple and unified work feed.