How to combat Advanced Persistent Threats

How to combat Advanced Persistent Threats

The diluted usage of the term advanced persistent threat (APT) across the media, marketing and industry conversations continues to amaze us. Too many organizations are now distracted by the hype surrounding APTs instead of focusing on the basic security principles. This is to recognize what the term APT has come to represent, and how the majority of organizations should approach defending against them.

Defining Advanced Persistent Threats

The definition of APT depends on who is defining it. The term APT was always intended to describe a “who” and not a “what.” Originally coined as a “polite” means of describing Chinese hackers, it is now used in those same circles to describe a determined, capable and deep-pocketed adversary. Note that evidence of an active, human adversary is a requirement; APT is not and has never been a malware classification.

For the rest of the market, the definition of APT has been broadening over the past few years to include a larger subset of attackers. As the tactics, techniques and procedures (TTPs) of the “true APT” have proliferated, there are now many groups around the world that resemble an APT. It is becoming increasingly difficult to tell whether an attack is perpetrated by a national actor, organized crime or an individual.
How to combat Advanced Persistent Threats

Image Courtesy (

How to combat Advanced Persistent Threats

The TTPs employed by the overwhelming majority of attackers are fairly simple compared to the elaborate tactics many people envision. Attackers simply do not need to be that clever to successfully reach their objectives because most organizations are not covering the basics.

This is actually a hallmark of highly effective offensive teams: The most expensive people and tools are used as a last resort. The result is that inexpensive phishing and watering hole attacks abound, despite the availability of reliable defenses. These methods are crude, and often times the tools used are in the public domain. But these methods work, and so they continue to appear.

Tightening up your policies and improving your configuration controls is not sexy. Improving security procedures is not “cutting edge”. But if you want to take large strides forward in your defense against an increasing number of ever-advancing attackers, getting the basics right is essential. Here are three quick pulse points:

  • Do your users have local administrator rights?
  • Can users install unwanted software like browser toolbars?
  • Can applications execute out of a user’s temporary directory?

In the words of an old Jeff Foxworthy joke, “If you answered yes to any of the above, you might have a basic security problem.”

Fighting APTs: The Human Touch

A final recommendation: Stop relying so much on technology and not enough on human expertise. Your security posture requires both talented humans and the right technology to contend with advanced attacks. No product – yet – can replace the ingenuity and insight of a human.

Attackers are humans. You must fight humans with humans. Even when it is increasingly difficult to find security talent, you cannot reallocate those dollars toward technology and get the same results.

In closing, don’t get too spun up on APTs until you have a system in place to mature your security policies, procedures and configurations. Ensure the investing in your team first and the right technology next, because technology alone will fail against a human attacker.

REALIZING and IMPROVING security policies, procedures and configurations is the first, and most important step which leads in acquiring the right Security Talent in the pursuit of defeating advanced persistent threats (APTs).

Get your secure email

Mailfence is a  secure and private email suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for Arnaud


Arnaud is the co-founder and CEO of Mailfence. He's been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Rendez-vous, IP Netvertising or NetMonitor. He is regarded as the internet advertising pioneer of Belgium. You can follow Arnaud on this blog.

You may also like...