Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Is Your Organization Prepared Against Advanced Persistent Threats?

Posted May 9, 2012    Peter McCalister

An advanced persistent threat (APT) is an attack by which an unauthorized person gains access to the network and stays there undetected for a long period of time. The intent of an advanced persistent threat is often to steal data than to damage the network. Sectors with high-value information, such as defense, manufacturing, financial, telecom verticals and increasingly social networking are the most common targets for APT attacks. The Stuxnet Worm is a good example of APT.

Advanced: sophisticated – hacker has the ability to evade detection and gain and maintain access to well protected networks and sensitive information

Persistent: continues to run until objectives are met – making it difficult to prevent access to your computer network once the threat actor has successfully gained access to your network

Threat: organized and well planned crime – hacker has not only the intent but also the capability to gain access to sensitive information stored electronically originated from the military sector and has been in play for decades.

APT captured media attention in the context of enterprise software, beyond being a mere security buzzword, after Google and Intel admitted to have been targeted by advanced persistent threats aimed at compromising sensitive corporate data and Google’s threat to pull out of China in January 2010. EMC’s announcement that RSA’s SecurID information had been swiped via a sophisticated hack attack in March 2011 further cemented the concerns and need to protect against these sophisticated and organized cyber-attack to access and steal information from compromised systems. Other than Google and RSA, we have also seen Sony and Lockheed Martin be hit by security breaches using advanced persistent threats (APTs).

Following the SecureID hack, Computer World opined that organizations should be proactively prepared for advanced persistent threats or risk being the next RSA. Threat modeling of past attacks, hardening computers’ security settings, implementing strong password policies, implementing application control whitelisting, implementing enterprise wide log management systems with comprehensive alerts and auditing, and most importantly implementing a least-privilege authentication and access control system and policies is critical in battling APT.

Although APT attacks are hard to identify, and combating the APT is a protracted event requiring a sustained effort to rid your networks of the threat, data theft can never be completely invisible. APT requires the victim organization to detect compromised systems, collect evidence, analyze data and remediate threats more rapidly, efficiently and effectively. Detecting anomalies in outbound data may be the best way for an administrator to recognize an APT attack.

Thanks to the persistent nature of APT attacks, traditional security controls do not deter these relentless hackers. A persistent attacker aims at another entry point to the organization – the insider. BeyondTrust, has been securing the perimeter within for over 25 years and gained the leadership position in management and access control for privileged credentials. BeyondTrust has been focused on the accidental and sometimes intentional threats posed by the insider and on Preventing Good People from doing Bad Things.

At BeyondTrust, we believe the first step towards cushioning damages that could be caused by advanced persistent threats, is to not give users access to any resource they don’t require or use. Managing your privileged users’ access and using appropriate delegation policies will significantly reduce the risk posed by APT to your organization.

Leave a Reply

Additional articles


Answering the age-old question, ‘What’s plugged into my network?’

Posted October 9, 2015    Alejandro DaCosta

“What’s plugged into my network?” is a question I hear frequently from security administrators. And, really, it’s no surprise why. No longer do we have to account just for the physical servers in our datacenters, workstations and a few network devices. Now we need to keep track of roaming laptops, dynamic virtual systems, off-site cloud deployments and BYOD.


Closing the Vulnerability Gap

Posted October 7, 2015    Brian Chappell

Managing vulnerabilities is a significant challenge for many organizations. The main difficulties with managing this manifest in two key areas. The first is that the list isn’t static. The second is priority.


Scottrade Breach: Identified by Federal Officials

Posted October 5, 2015    Morey Haber

Late afternoon on October 2nd, news leaked out of another large security breach, now at Scottrade. The identity count of records, in the millions again (4.6 million is the latest). This breach comes on the second day of national CyberSecurity month, the first being Experian/T-Mobile breach.