To Catch An APT

It's not about prosecuting the nameless, faceless attackers behind these relentless targeted attacks--it's about minimizing the damage they incur.

September 9, 2011

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

This is the second and last installment of a two-part series on security in the "Age of the APT."

An advanced persistent threat (APT) attacker probably already has infiltrated your network: that's the new normal in security. But what can you do about it?

It's a matter of moving beyond the traditional mindset of thinking purely in terms of prevention. "We're trying to help people to think beyond intrusion prevention to post-infection detection and mitigation," said Will Irace, director of research for Fidelis.

Accepting the premise that the attackers are already inside can be unsettling--even shocking--to some organizations, but the reality is that these cyberespionage attacks have evolved from a military/Defense Department problem to one plaguing various corners of the commercial world as well. "Previously, it was the military, then it was government actors, then it was the defense industrial base. We've seen the same actors continue to expand the number of their targets" to commercial firms in oil and gas, pharmaceuticals, and other areas, said Richard Bejtlich, CSO and VP of managed services for Mandiant. "That to me is pretty amazing--that they target so many different victims now."

Bejtlich says despite the ongoing and recurrent nature of these attacks, victim organizations eventually get better at staving them off. "The first time anyone deals with this, it's like nothing they've ever had to deal with before. That there is somebody out there after you and they will not give up and will always keep trying to get back into your organization is new for most people" to face, he said.

"It may take [as long as] a couple of years, but we [ultimately] do see improvement" in how victim organizations defend against these targeted attacks, he said.

Read the rest of this article on Dark Reading.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)

Read more about:

2011
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights