05:57 AM
Quick Hits
Quick Hits
Quick Hits
Connect Directly
Repost This

How To Detect And Defend Against Advanced Persistent Threats

There are no silver bullets for APTs, but there are steps your organization can take. Here's a look at what you can do

[Excerpted from "Detecting and Defending Against Advanced Persistent Threats," a new report posted this week on Dark Reading's Advanced Threat Tech Center.]

One of the most insidious cyberthreats is the one that lies in wait. These exploits, commonly known as advanced persistent threats, are sophisticated, custom exploits with the express objective of gaining access to a targeted system and remaining undetected for an extended period of time.

An APT’s success requires considerable resources and expertise — hence the term “advanced.” “Persistent” doesn’t mean a continual barrage of attacks launched in the hope that one may succeed, but instead the relentless pursuit and development of a successful attack methodology. These exploits are developed by skilled, motivated, organized and well-resourced programmers working with a well-defined road map. These attacks can take many months to develop and even longer to successfully deploy.

The concern about APTs is increasing because of an escalating number of incidents and the severity and extent of the damage they cause. Cisco Security Intelligence Operations has reported a significant increase in the number of unique instances of malware it’s finding, an indication of APTs under development or being deployed. And although big and well-armed companies such as Google, RSA, Sony, and Lockheed Martin have been hit, there are signs that APTs may be going after smaller and less well-protected organizations to get to their eventual targets.

To combat the threat of APTs, it’s important to understand the different phases of an APT attack and the defenses required for each.

To read about the six phases of an APT -- and potential defenses that your organization can employ in each phase -- download the free report on how to detect and defend against APTs.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web