Skip Links

6 tips to combat Advanced Persistent Threats

Experts say takes time, training and collaboration to thwart APTs. But with these best practices, you can keep your defenses high

By Taylor Armerding, CSO
February 18, 2014 03:25 PM ET

CSO - The success of advanced persistent threats (APT) is reportedly so pervasive that detecting and defeating them with any consistency may seem to be a hopeless battle.

[In depth: What does APT really mean?]

Based on news reports and multiple statements from U.S. officials, hackers from China breach the systems of all kinds of U.S. businesses, from major newspapers to defense contractors and cutting-edge technology companies, and remain undetected long enough to make off with billions in intellectual property and sophisticated weapon designs.

Defense Secretary Chuck Hagel and officials from the National Security Agency and the Department of Homeland Security have called the power of APTs the security challenge of the modern era.

"Cyber is one of those quiet, deadly, insidious unknowns you can't see," Hagel told U.S. troops in Hawaii. "It's in the ether -- it's not one big navy sailing into a port, or one big army crossing a border, or squadrons of fighter planes ... This is a very difficult, but real and dangerous, threat. There is no higher priority for our country than this issue."

APTs are also no longer solely the domain of nation-states with vast resources, nor are they focused only on espionage or attacks against military and other government entities. They are "living" on networks in IT, energy, news, telecom, manufacturing and other sectors of the economy.

But according to a number of security experts, while it will probably never be possible to eliminate them entirely, it is possible to detect APTs and minimize the damage they cause.

"There are solutions -- the sky is not falling," says Wade Williamson, senior security analyst at Palo Alto Networks. "A lot of times security folks use APTs as an excuse for failure, but it shouldn't be. There are technologies that can help."

Williamson is among those who also argue that detecting and defending against APTs effectively will take more than technology. In general, he says, "the biggest change we need is not one of tactics, but strategy. Security must evolve to become a very creative discipline.

"Historically, security held the view of saying no to requests and blocking 100% of threats. Neither of these maxims is practical today. We need security professionals to be inquisitive -- to be looking out for the things that don't exactly make sense, and to ask themselves what it could mean, and how they should look deeper into the issue.

[The processes and tools behind a true APT campaign: Overview]

"We will always need automated security that blocks bad things," Williamson says, "but we also need creative, engaged security experts to be looking for the creative, engaged bad guys on the other end of the connection."

That said, there are a number of practices security experts recommend for organizations that are serious about the battle with APTs. In no particular order of ranking, they are:

[APT attackers getting more evasive, even more persistent]

1. Use big data for analysis/detection

The word from RSA Executive Chairman Art Coviello during his keynote address at the 2013 RSA conference is, "The whole game here is to shift away from a prevention regime -- big data will allow you to detect and respond more quickly."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News