Advanced persistent threats: Rethinking your information security

Despite the army of virus analysts writing new malware detection signatures, the hundreds of emerging malware samples simply overwhelm the antivirus vendors. Furthermore, malicious actors and hackers have probably already learned how to crack the protection of your security.

As technology advances, cyber threats and attacks are becoming more intelligent. Not long ago, malware and hacking attacks were a case of mass distribution to as many users as possible in an effort to “see what sticks.” These days, hacking attempts are focused and hackers’ favorite targets are companies great and small. Malicious hacking has become a big business.

One such threat is advanced persistent threats, or APTs. The purpose of an APT is to access the company’s servers and workstations and extract confidential data, such as usernames and passwords, and user created content such as documents, spreadsheets, presentations, accounting software databases, CRM databases, ERP databases and any other form of information the company would prefer remains private.

The hacker’s presence remains unknown and undetected by the company’s IT or security team for an extended period of time. APTs, as data theft vehicles, fall into a small handful of categories but the common thread is that the truly well-crafted APTs tend to be headed by groups that are well funded and capable of espionage.

Malicious actors typically find a back door entrance – a vulnerable spot in the company’s security infrastructure. The “back door” could be a vulnerable user receiving numerous documents daily, a vulnerable program which hasn’t been patched or an improperly configured firewall. Once they find their way in, hackers will work their way up to the more valuable segments of the network that contain sensitive information.

To combat APTs, organizations should consider employing the following simplified approach:

Defend your pre-perimeter: Leverage the cloud and use mail filtering and antispam solutions to remove potentially infected email attachments and phishing emails before they ever get to your network. Also consider using Domain Name Services security products which have a real-time database of spoofed and compromised servers, preventing communication with compromised web-servers and their hosts.

Defend your perimeter: Conduct penetration testing regularly; have intrusion detection and intrusion prevention systems installed over and above standard firewalls. Regularly audit firewall and SIEM logs for anomalies.

Defend the transit: Log network events through a security information and event management system (SIEM); employ network access control (NAC) and network intrusion detection mechanisms to control who has access to the transit and the actions they are permitted to perform once access is gained.

Defend your soft interior: Train and educate users on security protocols, have BYOD and VPN policies in place; have acceptable use policies backed by C-level execs – visibly enforce these policies and ensure user training is concurrent with the latest threats. Reinforce user education with ongoing systems’ administrator training in the arts of IT security.

Encrypt everything sensitive: If the data is too valuable to lose, encrypt it. Encrypted data bears no profit to those who may have stolen it but cannot read it.

Hackers will always be attempting new ways to breach defenses so it is important to be aware of the latest advancements in cyber security to help fend off these attacks and be constantly vigilant against this growing threat.

John Peterson is vice-president of enterprise product management and product marketing at Comodo, a cyber security solution provider, www.comodo.com.