To Catch An APT

It's not about prosecuting the nameless, faceless attackers behind these relentless targeted attacks--it's about minimizing the damage they incur.

September 9, 2011

2 Min Read
Network Computing logo

This is the second and last installment of a two-part series on security in the "Age of the APT."

An advanced persistent threat (APT) attacker probably already has infiltrated your network: that's the new normal in security. But what can you do about it?

It's a matter of moving beyond the traditional mindset of thinking purely in terms of prevention. "We're trying to help people to think beyond intrusion prevention to post-infection detection and mitigation," said Will Irace, director of research for Fidelis.

Accepting the premise that the attackers are already inside can be unsettling--even shocking--to some organizations, but the reality is that these cyberespionage attacks have evolved from a military/Defense Department problem to one plaguing various corners of the commercial world as well. "Previously, it was the military, then it was government actors, then it was the defense industrial base. We've seen the same actors continue to expand the number of their targets" to commercial firms in oil and gas, pharmaceuticals, and other areas, said Richard Bejtlich, CSO and VP of managed services for Mandiant. "That to me is pretty amazing--that they target so many different victims now."

Bejtlich says despite the ongoing and recurrent nature of these attacks, victim organizations eventually get better at staving them off. "The first time anyone deals with this, it's like nothing they've ever had to deal with before. That there is somebody out there after you and they will not give up and will always keep trying to get back into your organization is new for most people" to face, he said.

"It may take [as long as] a couple of years, but we [ultimately] do see improvement" in how victim organizations defend against these targeted attacks, he said.

Read the rest of this article on Dark Reading.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)

Read more about:

2011
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events