As advanced persistent threats (APTs) evolve, they are becoming more of a threat to businesses. Attacking until they reach their end goal, APTs aim to carry out corporate espionage or maintain control of a strategically important network, making it vital for businesses to understand the threat and take steps to protect themselves.
Research indicates that 83 per cent of APT infiltrations lasted weeks or more before they were discovered.
Gavin Coulthard, Manager Systems Engineering of Australia/New Zealand, Palo Alto Networks, said, “Attackers who have time to study a target, understand its weaknesses and craft an attack specifically are very difficult to defend against. That is the hallmark of the APT.
“Signature-based defences, which rely on the network being able to identify attackers’ signatures, can fail against a criminal who has time to prepare an attack against a specific network, because they can test their weapons against those signatures before the attack even begins. Understanding what is happening inside your network and on your hosts is critical to identifying APT attacks. Security information and event management (SIEM) is useful for organising the vast amount of information generated by security and monitoring tools, but simply feeding all of the data into them will not defend a network.”
Palo Alto Networks advises business to employ two key tactics against APTs:
- Get to know your network really well.
Your tools should help you understand all of the traffic flowing through the network and if there’s traffic that you can’t identify you should take the time to figure out what it is. Understand what your normal looks like so you can identify anomalies.
- Include threat intelligence as part of your incident handling process.
This will help track related attacks and potentially get a step ahead of your adversary.