As advanced persistent threats (APTs) evolve, they are becoming more of a threat to businesses. Attacking until they reach their end goal, APTs aim to carry out corporate espionage or maintain control of a strategically important network, making it vital for businesses to understand the threat and take steps to protect themselves.
Research indicates that 83 per cent of APT infiltrations lasted weeks or more before they were discovered.
Gavin Coulthard, Manager Systems Engineering of Australia/New Zealand, Palo Alto Networks, said, “Attackers who have time to study a target, understand its weaknesses and craft an attack specifically are very difficult to defend against. That is the hallmark of the APT.
“Signature-based defences, which rely on the network being able to identify attackers’ signatures, can fail against a criminal who has time to prepare an attack against a specific network, because they can test their weapons against those signatures before the attack even begins. Understanding what is happening inside your network and on your hosts is critical to identifying APT attacks. Security information and event management (SIEM) is useful for organising the vast amount of information generated by security and monitoring tools, but simply feeding all of the data into them will not defend a network.”
Palo Alto Networks advises business to employ two key tactics against APTs: