Essential Guide

Endless variety: Dealing with advanced threats

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

New advanced persistent threat protection: Beyond perimeter defense

Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.

FROM THE ESSENTIAL GUIDE:

Endless variety: Dealing with advanced threats

+ Show More

According to ISACA, one in five enterprises has experienced an advanced persistent threat attack, and enterprises

are overwhelmingly relying on antimalware and perimeter technologies to stop these APT attacks. Obviously, such methods of advanced persistent threat protection haven't been effective in stopping APTs, so what new tactics or technologies can help protect enterprises against such attacks?

Ask the Expert!

SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

Enterprises have long relied on antivirus and perimeter firewalls for security. Even though these technologies don't provide adequate advanced persistent threat protection, enterprises have been slow to adapt to the changing information security risk environment. It's no wonder that, according to the 2013 Verizon Data Breach Investigations Report, enterprises typically learn about a breach from external parties only after they have been compromised.

With that in mind, the best advice to guard against APT-style attacks is to combine a mix of emerging information security technologies with proper implementation of known, effective security controls, particularly network monitoring.

The ISACA APT Awareness Study mentions the ineffective nature of traditional security controls and the disconnect in the awareness around APTs. The report mentions that such additional controls as network segmentation and rigorous email security will help protect against APT attacks. This added email security and security awareness training will help prevent against the phishing attacks used in APTs. There are other controls that will help detect APT attacks.

Since the sad reality is that most organizations won't spot an advanced attack until it's already well under way, using network monitoring to detect APT attacks and identify malicious activity is a fundamental security control, even though process-wise, it's not anything new (the technique dates at least as far back as the Tan Book from 1987). Remember that traditional firewalls and antivirus will not stop an APT attack. Utilizing new technologies to monitor all processes running on endpoints, monitoring the network for indicators of compromise, and reviewing new network connections are all forms of advanced persistent threat protection that might improve detection. By monitoring systems, you will have a better chance of detecting and stopping an APT attack.

This was first published in July 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Endless variety: Dealing with advanced threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close