/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsWith the rapid development of newer technologies relevant for corporate network expansion and data transfer, the cyber security landscape needs to transform itself in order to counter a new breed of online malicious entities being identified in India as well as globally. Today it is not just governments and large organizations that fall victim to cyber attacks, but also specific individuals within organizations.
The nature of attacks is swiftly becoming more targeted toward the individual. As these attacks become more targeted, they are also becoming more personalized. Further, security today is not just about tackling a breach after it has already happened, but preventing an attack or breach before it actually happens. More importantly, Information Technology (IT) security for business has moved from just being the prime focus of CIOs and CTOs, to now reaching the purview of business leaders including the C-suite level executives.
They now have the task of taking decisions that include what sort of IT infrastructure the organizations should have in place, as well as which IT vendor a company chooses in order to best suit their company requirements among others.
UNDERSTANDING ADVANCED PERSISTENT THREATS (APTS): THE CHALLENGE
One of the biggest concerns that confront large and small enterprises alike is what is known as Advanced Persistent Threats (APT). An APT is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. Unlike the basic or mass market threats that everyone should be blocking, APTs are unknown threats that cannot be detected by traditional signature-based defences such as firewalls, IPSs, and secure web and email gateways.
According to a recently released report by Verizon, in the year 2013, 92% of data- breaches were perpetrated by outsiders while 84% of attackers were able to compromise their targets in seconds, minutes or hours, however 78% of data-breach incidents took weeks, months or years to discover. This leaves a significant window that is used by the attackers leaving the organisations vulnerable during this period which can be more than years.
APTs have both the capability and the intent to persistently and effectively target a specific entity. The motive behind such threats is to steal confidential data and information from a specific person. For instance, this person could be an employee of a large organization be it a bank or a government body. APT attacks target organizations in sectors with high-value information, such as National defense, aerospace, oil and gas, manufacturing, banking, financial services, and insurance among others.
In a simple attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network's Intrusion Detection System (IDS). However, in an APT attack, the goal is not to get in and out, but rather to achieve ongoing access to sensitive data and information. Developers of APT's firstly look for vulnerabilities within the system. Post that, APT's evaluate the security controls protecting the system and try to come up with a plan in order to exploit this vulnerability. This entire process takes an incredible amount of time and research and the entire activity can take months if not years to develop.
ADVANCED PERSISTENT THREATS VERSUS TRADITIONAL DEFENCE SYSTEM: COUNTERING THIS CHALLENGE
Before trying to get into the aspect of understanding how to detect and counter an APT effectively, one must first fully understand their own business as well. Some of the fundamental questions that one should ask are: What are the entry and exit points of your business that could make your organization vulnerable to an attack from an unknown entity? Or what are the areas of your business that could come under attack? Asking these fundamental questions enable an organization to better prepare for such an attack and thereby, have the right IT infrastructure put in place, so that an APT is stopped before it actually penetrates through the system and retrieves confidential company data and information.
The main goal of an anti-APT operation should be to make it as difficult as possible for an adversary to steal intellectual property of an organization. Hence, security defenses have traditionally been built with standalone products that protect against known threats.
However, with today's increasingly sophisticated hackers and advanced threats, these traditionally solutions lack the potency to tackle highly advanced threats. In order to counter these threats, what's needed is a way to get the silos of security solutions working together, sharing intelligence and analysis so that they can adapt, scale, and extend, protection to unknown threats as well.
As a step forward what is needed is a ‘lifecycle approach' to implementing a complete, multi-layered defense. The three core capabilities of the lifecycle defense include ongoing operations, incident containment, and incident resolution. The lifecycle begins with detection and blocking of all known threats while unknown threats are moved to the incident containment stage.
At this stage, threats are carefully analysed and mitigated via closed-loop feedback through which threat intelligence is automatically shared with other security systems to inoculate the organization from future attacks. In addition threat information is shared in real time among millions of users in thousands of organizations via a global intelligence network, so the defense system can learn, adapt and evolve to stay a step ahead of advanced threats.
Finally, at the incident resolution stage, breaches that do occur are investigated, analysed and quickly remediated, and the resulting intelligence is shared via the global intelligence network, which in turn helps convert unknown threats into known threats.
This lifecycle approach can help organizations better prepare for advanced and unknown attacks that might occur so as to completely mitigate the damage, resolve the issue quickly, learn from incidents, and apply new intelligence so that future attacks do not succeed.