How to combat Advanced Persistent Threats

How to combat Advanced Persistent Threats

The diluted usage of the term advanced persistent threat (APT) across the media, marketing and industry conversations continues to amaze us. Too many organizations are now distracted by the hype surrounding APTs instead of focusing on the basic security principles. This is to recognize what the term APT has come to represent, and how the majority of organizations should approach defending against them.

Defining Advanced Persistent Threats

The definition of APT depends on who is defining it. The term APT was always intended to describe a “who” and not a “what.” Originally coined as a “polite” means of describing Chinese hackers, it is now used in those same circles to describe a determined, capable and deep-pocketed adversary. Note that evidence of an active, human adversary is a requirement; APT is not and has never been a malware classification.

For the rest of the market, the definition of APT has been broadening over the past few years to include a larger subset of attackers. As the tactics, techniques and procedures (TTPs) of the “true APT” have proliferated, there are now many groups around the world that resemble an APT. It is becoming increasingly difficult to tell whether an attack is perpetrated by a national actor, organized crime or an individual.

How to combat Advanced Persistent Threats

Image Courtesy (https://www.masergy.com)

How to combat Advanced Persistent Threats

The TTPs employed by the overwhelming majority of attackers are fairly simple compared to the elaborate tactics many people envision. Attackers simply do not need to be that clever to successfully reach their objectives because most organizations are not covering the basics.

This is actually a hallmark of highly effective offensive teams: The most expensive people and tools are used as a last resort. The result is that inexpensive phishing and watering hole attacks abound, despite the availability of reliable defenses. These methods are crude, and often times the tools used are in the public domain. But these methods work, and so they continue to appear.

Tightening up your policies and improving your configuration controls is not sexy. Improving security procedures is not “cutting edge”. But if you want to take large strides forward in your defense against an increasing number of ever-advancing attackers, getting the basics right is essential. Here are three quick pulse points:

  • Do your users have local administrator rights?
  • Can users install unwanted software like browser toolbars?
  • Can applications execute out of a user’s temporary directory?

In the words of an old Jeff Foxworthy joke, “If you answered yes to any of the above, you might have a basic security problem.”

Fighting APTs: The Human Touch

A final recommendation: Stop relying so much on technology and not enough on human expertise. Your security posture requires both talented humans and the right technology to contend with advanced attacks. No product – yet – can replace the ingenuity and insight of a human.

Attackers are humans. You must fight humans with humans. Even when it is increasingly difficult to find security talent, you cannot reallocate those dollars toward technology and get the same results.

In closing, don’t get too spun up on APTs until you have a system in place to mature your security policies, procedures and configurations. Ensure the investing in your team first and the right technology next, because technology alone will fail against a human attacker.

REALIZING and IMPROVING security policies, procedures and configurations is the first, and most important step which leads in acquiring the right Security Talent in the pursuit of defeating advanced persistent threats (APTs).

Reclaim your email privacy!
Follow us on twitter/reddit and keep yourself posted at all times.- Mailfence Team

Spread the word !

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...

2 Responses

  1. October 10, 2016

    […] it also makes you and your computers susceptible to viruses, spam, phishing, scams and other online threats. What makes Mailfence stand out from all other email services is that it has been conceived to […]

  2. December 2, 2016

    […] nos ordinateurs vulnérables face aux virus, aux spams, au phishing, aux escroqueries et autres menaces en ligne.  Mailfence se démarque de l’ensemble des services par sa conception pensée pour vous […]

Leave a Reply

Your email address will not be published. Required fields are marked *