After overhearing a misguided conversation about Advanced
Persistent Threats recently, I wanted to put together a quick article to help
better educate some of our followers. Also, you can watch this recorded webinar with
Viewfinity CEO, Leonid Schtilman and Gartner Analyst Neil MacDonald that
explains how to effectively protect against APTs.
What is an Advanced
There are four main components that define an APT. APT
attacks are targeted at a specific organization, for a specific purpose. APTs
are persistent, in that they require a large amount of effort and research
which takes place over a period of months or even years. They have to be
evasive, meaning they are able to execute while hidden from network security
and above all else they require advanced levels of expertise in order to
execute these long-term targeted attacks. It usually takes highly-funded,
expert class technicians to pull off an APT attack. These attacks are not
opportunistic, they are not large scale sweeps of information gathering, they
are discrete attacks, well planned and with a specific purpose; whether it be
extracting certain data or causing specific damage to a network.
Who is targeted?
While there are a few key industries that are heavily
targeted for obvious reasons (government agencies, financial institutions,
energy companies, chemical manufacturers etc.) these days anyone and everyone
is susceptible. If your company has an “enemy” or opposition you are at risk;
if your company has sensitive information you are at risk; if someone can use
your assets to their own benefit, you are at risk.
The trouble is, while in the past the artillery required to
support a successful APT attack was rare and costly, hackers are beginning to
sell things like source code and digital certificates to the masses. APTs are
becoming a certain and present danger for organizations of any size.
How does an
organization protect itself?
The bottom line is that antivirus software does not work,
black lists are easily circumnavigated, whitelists are targeted and a massive
amount of threats come from internal sources. Employees, whether acting
maliciously or being unknowingly negligent, are a major risk.
Organizations need to utilize a multilayered approach to
protecting their networks from inside and out. Application control reinforced
with privilege management is the only way to mitigate user risk and secure
against APTs. This webinar with Viewfinity and Gartner Analyst Neil MacDonald
explains how Application
Control Provides Tighter Control Against Advanced Persistent Threats.