Tuesday, May 24, 2011

With the Rise of APTs, Security Policies are More Important Than Ever

Recently, much has been made of a "new" attack known as the Advanced Persistent Threat (APT) due to recent attacks on RSA, Google, Adobe Systems, and others.  APTs are not new, but they can be by far the most damaging attack.  So what can you do to stop them?  First let's go over the basics:

Just What Exactly Is an Advanced Persistent Threat?

An APT is by far the most difficult type of attack to stop.  It combines multiple, sometimes zero-day, vulnerabilities, social engineering, spear phishing, and offline techniques into a long-term and carefully crafted attack.  There is an objective to these attacks – they are not smash-and-grab hits where attackers look for anything of value.  Anyone using an APT is after the “crown jewels” of a company: intellectual property, massive stores of customer or credit card data, classified information, product blueprints, source code, etc.  The attacks move laterally through a network, and can be difficult, if not impossible, to detect.  The attacker will have a long-term horizon, sometimes staying in a network for years, searching for its target. 

The good news, if there is any, is that these attacks are relatively rare.  Due to their complexity and cost, targets of APTs seem to be limited to very large corporations and government entities.  These aren’t the script kiddies of old, but sophisticated criminal or governmentally-funded entities, which is exactly what makes these attacks so devastating.  The only way to combat them is to:
  • Institute tight security controls and good coding practices on your public servers.
  • Perform vulnerability assessments to find systems that may allow code injection.
  • Monitor your network with an IDS and review system logs, tracking down any suspicious entries. 
  • Perhaps most importantly: educate your users on secure web and email practices, through the development and implementation of a solid security policy.

Unfortunately, the new challenge of IT Security involves protecting your network from unpredictable and blended threats that can come from anywhere – not just those that come through the front door.  APTs will likely become more prevalent as the costs and complexity of these attacks decrease with advances in technology.

If you don't already have a security policy, check out www.InstantSecurityPolicy.com, which can help you obtain a custom set of security policies in minutes.  Coming soon: "So What if You Are a Target?"
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)