So Whos afraid of APTs

Alley ManAdvanced Persistent Threats are a threat, not just to the travel and Tour industries but to companies across all industries, if you have secrets that can be sold, databases that can be mined in fact anything that has a value to the criminal gangs you are a target.

The question of APTs and how to detect and deal with them is a big subject, even the definition of a true APT is open to argument. What isn’t disputed is that the attacks launched by Cyber Criminal gangs are becoming increasingly sophisticated and so the tools that we use to detect and counter them must also change. Cyber Spears Persistence is a product that uses a strategy of anomaly detection to seek out zero day threats and APTs.

The problem with Advanced Persistent Threats is that they are by definition “Advanced”. The protagonists are technically adept, in fact so adept that in the opinion of some researchers the Cyber Criminal gangs behind them may have technical capabilities that are at a level with advanced modern Nation States. In some cases it is likely they are in fact sponsored and on occasion employed by states too.

The relevance of the Persistent bit is often over looked the Persistence doesn’t relate to the attack but to the aim of the cyber criminals to be Persistently and covertly on your network in the long term. So they often use a long and low strategy of infiltration to keep them under your IT radar.

This means your response has to be sophisticated at all levels.

Traditionally Network security has focused on perimeter defence and arraying defences, the approach we advocate is a layered approach which lays greater emphasis on protecting your crown jewels and slowing down the progress of possible infiltrations. Early warning of a breach is probably a more realistic approach than attempting to cover every conceivable avenue of attack as new ones are conceived every day.

Almost any piece of coding or script could be viewed as vulnerable as vulnerabilities are often the exploitation of a legitimate process being exploited for non-legitimate purposes in a manner that was just not foreseen by the developer. Of course scripts that have been in existence for years are suddenly identified as having hidden flaws, or a flaw is introduced by a development of the code (Heartbleed).

In fact the researchers seem to be in competition to find the oldest flaw, the present record appears to be 19 years in the case of Microsofts WinShock discovered in May.

With so many avenues of attack products such as Cyber Spears Persistence are coming to the attention of the beleaguered IT managers as a way of detecting breaches before real damage can be done. Cyber Spear is effective at detecting ongoing APTs and zero day attacks as it looks for suspicious behaviours on the network. Cyber Spear Persistence being a fully managed service, on detecting a possible breach will then go through a process that confirms or gives the anomaly a clean bill of health. If an attack is underway it gets nipped in the bud and the IT team is notified of the issue.

As many in the IT industry now believe that given the scale of the problem that network breaches are almost an inevitability. A Pragmatic approach to this reality is a more flexible and agile approach where companies may legitimately set goals for IT Security where early detection and remedy is seen as a win scenario as loss of data has been prevented.

 

Leave a Reply

Your email address will not be published. Required fields are marked *