Cybercrimes are increasingly becoming sophisticated and widespread in today’s wireless world. However, what sets Advanced Persistent Threats (APTs) apart is the nature and scope of the attack as they stealthily exploit vulnerabilities over a period of time. Gartner (News - Alert) puts it simply - ‘Advanced’ means it gets through your existing defenses. ‘Persistent’ means it succeeds in hiding from your existing level of detection. ‘Threat’ means it causes you harm.” Once inside the network, APTs move around surreptitiously, seeking out sensitive data rather than disrupting systems and raising red flags. These attacks are well coordinated and have very specific objectives that target key users within the organization to gain access to high-value information – be it top-secret military or government documents, trade secrets, blueprints, intellectual properties, source codes and other confidential information. The worst part is that no organization, irrespective of size or type, is immune to these attacks.
Many of today’s businesses rely on basic security defenses like firewalls, anti-viruses and spyware that are dealing with APTs conceived years ago. Which means it is only a matter of time before our traditional cyber security systems will be faced with the next generation of attacks…and it is unlikely that they will succeed. It has become imperative to develop a layered security approach that will amp up the security arsenal with a 360-degree visibility into all corners of the network.
Forewarned is Forearmed – Key Elements to APT (News - Alert) Defense
Unfortunately, there is no magic bullet to combat APTs. The stealthy and random nature of APTs makes it a daunting task to predict attacks. Daunting, but not impossible. The time has come for organizations to move beyond a perimeter-based ideology to a more comprehensive and multi-layer security approach that ensures continual protection even in the case of a breach. The critical elements to a successful APT defense lies in an intelligent combination of defense, analytics and a proactive incident response plan.
1. Know what to protect: The first step in any APT defense strategy is knowing which assets to protect. Once this data is sorted and classified, it provides a bird’s eye-view of pieces of your infrastructure across storage, security and accessibility across devices and endpoints.
2. Assess your security loopholes: The next step is to identify and categorize the most-at-risk information systems and high liability assets that link back to critical data. Assessing these systems enable us to prioritize protection and remedial plans against potential vulnerabilities. It is especially important that risk assessment is an ongoing process to keep abreast with the ever-evolving threat landscape as well as to account for organizational changes and developments.
3. Shore up monitoring and detecting capabilities: Comprehensive monitoring of all inbound, outbound and internal traffic network is imperative to contain the scope and impact of a potential attack. Additionally, advance detection and real-time analytic tools in conjunction with traditional security solutions enable organizations to identify malicious activities as and when they occur. A truly effective solution lies in the ability to differentiate normal and anomalous traffic patterns or activities generated by any IP-based device that connects to the network. By applying threat intelligence through analytics, these real-time insights allow for immediate isolation and remediation to stop the attack in the early stages.
4. Ensure user awareness: Given the fact that APTs are often employed in the form of phishing emails, employees are the most susceptible targets. It does not take much to trigger a malicious code through an enticing link or attached file. Security education and training makes employees aware of the potential security pitfalls of BYOD and cloud services. It also places some level of responsibility on the employees themselves to ensure that sensitive data remains secure. An informed user is a safer user indeed.
5. Put an APT incident response plan in place: It is absolutely vital for an organization to have a carefully crafted and up-to-date incident response plan in place. It helps guide the organization in quick identification and response in controlling a potential breach. This is what ultimately determines the effectiveness of the organization’s response to an attack.
The complex nature of APTs poses huge challenges to our standard security defense systems. On the flip side, they provide a much-needed impetus to reassessing frameworks and utilizing solutions that are scalable to protect the entire organization. The fact remains that a multi-pronged and layered approach to security is no longer an option but a must-have for today’s interconnected business environment.
Aabout the Author
Prasenjit Saha has over 23 years of management experience in global markets. Before joining Happiest Minds, Prasenjit worked as the Vice President, SBU/Profit Center Head for Enterprise Security Solutions division of Wipro Technologies (News - Alert), and started the Wipro Security division in 2004 and scaled it up to the third largest Global Security Service Provider with more than US$200 million in business.