Advanced Persistent Threat (APT) is a term that has become widespread in response to cyberattacks like the one on Google. And although it has become popular lately, it was not developed recently and has been used for quite a while primarily in military and government circles to describe cyberattacks perpetrated by highly organized and skilled groups. These furtive attacks are complex, technical, and persistent.
One might wonder how this is anything new, as any kind of cyberattack could be considered complicated. It is important to note that is it the process of implementation which makes these kinds of
attacks different than traditional cyberattacks. The significant distinction is in the methodical exploitation of vulnerabilities in stages, from selecting individual targets, to baiting and phishing, and on to the continuous extraction of sensitive information.
An article in InformationWeek, “Anatomy of A Modern Hack”, summarizes the steps and phases of Advanced Persistent Threats.
Recently, these kinds of attacks have been carrying over from government into the corporate world for the purpose of obtaining trade secrets and stealing intellectual property. In order to combat these attacks, there is a need for network monitoring, which is discussed in a Computerworld article. Specifically, the second of three suggestions mentions monitoring. Ed Skoudis, co-founder of InGuardians, a Washington-based security consultancy, said: Advanced persistent threats by definition are designed to get around firewalls, antivirus software, intrusion detection systems and other controls a company might have in place for blocking illegal access to data. So companies need to have tools for monitoring anomalous behavior on their network, and for detecting unusual long-term persistent network connections and other ‘outlier behavior’… Also vital is the need for companies to monitor their logs closely, Skoudis said. Looking at firewall logs, network based IDS alerts and Web proxy server logs can help companies identify suspicious activity on their networks, he said.
In order to thwart these kinds of attacks complete network visibility is needed. Net Optics provides network access solutions designed for security and monitoring tools that counter these kinds of attacks on government and enterprise networks. We offer complete network visibility allowing comprehensive monitoring to combat successful infiltration of your organization’s network. For more information or to schedule a demonstration of our network access solutions for security, as well as forensic and performance monitoring, contact a Customer Service Representative at (408) 737-7777 or firstname.lastname@example.org.