Advanced Persistent Threat Management
APT attacks are the word in everyone's mouth at the moment. Targeted cyber attacks, such as the one against Sony in 2014 where the entire organization network was hacked unnoticed for a period of over six months, have unfortunately become reality than an isolated case.
Although earlier attacks were aimed at crashing or destroying data, hackers today try to cover their tracks with the aim of maintaining access for future initiatives without being detected.
An APT attack comprises 6 basic phases
- Targeting the objective
- Infiltrating malware onto the target system
- Controlling by command-and-control server (installing other malware)
- Spreading the attack onto several systems
- Exfiltrating target data from the victim's network
- Covering tracks to maintain access to the victim's system to exfiltrate as much data as possible
The difference between APTs and cyber terrorism is that APTs try to steal as much data as possible from the target system while cyber terrorism tries from the second phase to completely destroy the victim's system.
So-called "perimeter security" for APTs is unfortunately insufficient to identify hackers. Functions are required to evaluate incidents in their entirety. As perimeter security can only be deployed to evaluate individual data packets, the correlation between isolated incidents is missing. It is often the case that hackers intentionally trigger false alarms at one point in order to establish a foothold at another point in the system without being detected.
Unfortunately today's APT mitigation strategies are behind the hackers. The correlation of events is required to piece together the APTs like a puzzle and establish a strategy against the hackers. The hackers know the mitigation systems and exactly know which logs and port combinations have to be avoided. The expenditure for Internet security within an organization has increased by 8% from 2013 to 2014. It is expected that the amount spent on Internet security will increase again by 8% in 2015 in comparison to last year. This money is often invested randomly instead of in a comprehensive security strategy. We can help you do this.
A traditional perimeter security must be extended to include the following functions
- Advanced detection: Analysis of traffic and application patterns if an attack is in progress.
- Total containment: Once an attack is detected, it must be ensured that this cannot spread further.
- Threat identification: The deployment of a "key-learning tool" which learns with every attack and improves long-term protection.
- Advanced threat mitigation: This includes the targeted removal of malware, the reorganization of hazardous systems and restore after an attack.
These types of security aspects are based on proactive handling rather than responding when it could be too late.
We can assist in in finding and deploying a solution that provides advanced protection for your data and network in the future.