BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Is Your Organization Prepared Against Advanced Persistent Threats?

Post by Peter McCalister May 9, 2012

An advanced persistent threat (APT) is an attack by which an unauthorized person gains access to the network and stays there undetected for a long period of time. The intent of an advanced persistent threat is often to steal data than to damage the network. Sectors with high-value information, such as defense, manufacturing, financial, telecom verticals and increasingly social networking are the most common targets for APT attacks. The Stuxnet Worm is a good example of APT.

Advanced: sophisticated – hacker has the ability to evade detection and gain and maintain access to well protected networks and sensitive information

Persistent: continues to run until objectives are met – making it difficult to prevent access to your computer network once the threat actor has successfully gained access to your network

Threat: organized and well planned crime – hacker has not only the intent but also the capability to gain access to sensitive information stored electronically originated from the military sector and has been in play for decades.

APT captured media attention in the context of enterprise software, beyond being a mere security buzzword, after Google and Intel admitted to have been targeted by advanced persistent threats aimed at compromising sensitive corporate data and Google’s threat to pull out of China in January 2010. EMC’s announcement that RSA’s SecurID information had been swiped via a sophisticated hack attack in March 2011 further cemented the concerns and need to protect against these sophisticated and organized cyber-attack to access and steal information from compromised systems. Other than Google and RSA, we have also seen Sony and Lockheed Martin be hit by security breaches using advanced persistent threats (APTs).

Following the SecureID hack, Computer World opined that organizations should be proactively prepared for advanced persistent threats or risk being the next RSA. Threat modeling of past attacks, hardening computers’ security settings, implementing strong password policies, implementing application control whitelisting, implementing enterprise wide log management systems with comprehensive alerts and auditing, and most importantly implementing a least-privilege authentication and access control system and policies is critical in battling APT.

Although APT attacks are hard to identify, and combating the APT is a protracted event requiring a sustained effort to rid your networks of the threat, data theft can never be completely invisible. APT requires the victim organization to detect compromised systems, collect evidence, analyze data and remediate threats more rapidly, efficiently and effectively. Detecting anomalies in outbound data may be the best way for an administrator to recognize an APT attack.

Thanks to the persistent nature of APT attacks, traditional security controls do not deter these relentless hackers. A persistent attacker aims at another entry point to the organization – the insider. BeyondTrust, has been securing the perimeter within for over 25 years and gained the leadership position in management and access control for privileged credentials. BeyondTrust has been focused on the accidental and sometimes intentional threats posed by the insider and on Preventing Good People from doing Bad Things.

At BeyondTrust, we believe the first step towards cushioning damages that could be caused by advanced persistent threats, is to not give users access to any resource they don’t require or use. Managing your privileged users’ access and using appropriate delegation policies will significantly reduce the risk posed by APT to your organization.

Leave a Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,