Story image

Demystifying APTs: From ID to mitigation

12 Aug 2014

A multi-staged approach is required to protect from advanced persistent threats, says Websense's Gerry Tucker.

In a recent Ponemon Institute study, IT security professionals across the ditch placed being hit by an advanced persistent threat (APT) as their number one fear.

With 58% admitting that they do not have the defences in place to stop cybercriminals stealing their data and only 42% believing they are protected from advanced cyber-attacks, it’s no wonder they fear the worse. In fact, 33% would completely overhaul their current enterprise security given the resources and opportunity.

The myriad of reports of customer records, blueprints, product roadmaps, source code and other confidential information being stolen may heighten their fears. Cybercriminals using APTs want data; the more valuable, the more likely it is to be targeted. Organisations require a heightened level of protection to meet cybercriminals head-on and thwart inbound and outbound data theft attempts.

And while APTs don’t target everyone, everyone should understand how they work because the same techniques will be used in targeted attacks designed to steal sensitive data from all kinds of organisations.

APTs exploit the full spectrum of attack methods and bypass traditional defences. Defending against APTs requires a new approach, with enhancements that include advanced threat protection with expanded inline sandboxing, malware isolation to heighten data loss prevention, end-user phishing education and new platform support. Organisations relying on security solutions such as antivirus, firewall and IDS/IPS products, that only address a part of the advanced threat kill chain, are vulnerable.

As different attack vectors are used, a multi-staged approach to preventing (or at least minimising the impact of an APT) is required. By shifting the paradigm from prevention to detection, organisations can take focused, intelligent action to stay safe.

APTs typically consist of seven customary attack stages to enhance cybercriminals theft success rate, including: recon, lure, redirect, exploit kit, dropper file, call-home and data theft. For the best defence, companies need to be able to stop threats across the entire threat kill chain.

Five strategies

APTs typically play out in multiple phases. In some cases, they may take months or even years to fully execute and successfully extract data from a network. To sufficiently prepare your organisation for these vicious and effective cybercrime techniques, we recommend you speak to your security vendor or partner on the following five strategies:

Real-time threat analysis Organisations must employ more than traditional defenses. Real-time analysis provides security teams with a constant stream of data, which can be used to make vital and immediate decisions about an organisation's security posture.

Global threat awareness Simply put, organisations benefit from large threat detection networks. The larger the network, the greater the threat awareness.

DLP capabilities A fully contextually aware DLP solution must be deployed to protect sensitive data against exfiltration.

Sandboxing Effective analysis and reporting has become crucial for security professionals to make informed decisions about their organisation's security posture.

Forensic and behavioural reporting A successful security deployment will include forensic and behavioral analysis and yield actionable reports. The more actionable the report, the more valuable it is to the organisation.

Gerry Tucker is ANZ country manager for Websense, a global leader in protecting organisations from cyber attacks and data theft.

Interview: What you can expect from LogicMonitor's APAC expansion
LogicMonitor is a provider of SaaS-based infrastructure monitoring software for hybrid IT environments – and it has big plans to shake up Asia Pacific this year.
Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide. 
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.