What is an Advanced Persistent Threat APT What is the goal o

What is an Advanced Persistent Threat (APT)?

What is the goal of an APT?

How can a business protect itself from an APT?

What tools can be used to detect an APT?

Solution

What is an Advanced Persistent Threat (APT)?
An advanced persistent threat is a set of stealthy and continuous computer hacking processes, often orchestrated by humans targeting a specific entity. An APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The \"advanced\" process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The \"persistent\" process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The \"threat\" process indicates human involvement in orchestrating the attack.

What is the goal of an APT?
In a simple attack, the intruder tries to get in and out as quickly as possible in order to avoid detection by the network\'s intrusion detection system (IDS). In an APT attack, however, the goal is not to get in and out but to achieve ongoing access. To maintain access without discovery, the intruder must continuously rewrite code and employ sophisticated evasion techniques. Some APTs are so complex that they require a full time administrator.
   An APT attacker often uses spear fishing, a type of social engineering, to gain access to the network through legitimate means. Once access has been achieved, the attacker establishes a back door.

How can a business protect itself from an APT?
There are hundreds of millions of malware variations, which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect, the command and control network traffic associated with APT can be detected at the network layer level. Deep log analyses and log correlation from various sources can be useful in detecting APT activities. Agents can be used to collect logs directly from assets into a syslog server.
   The characteristics and volume of security threats are changing, too. Simply ensuring an organization\'s firewall, antimalware and similar protective measures are functioning well and are up to date doesn\'t always protect it from today\'s malicious threats. Staying on top of the threat landscape is a challenge, to say the least, and can often be overwhelming for busy security professionals, but it\'s necessary for conducting business safely. That\'s where threat intelligence services enter the picture.

What tools can be used to detect an APT?
   There are millions of intruder variations, which makes it extremely challenging to protect organizations from APT. While APT activities are stealthy and hard to detect, the command and control network traffic associated with APT can be detected at the network layer level. Deep log analyses and log correlation from various sources can be useful in detecting APT activities. Agents can be used to collect logs (TCP and UDP) directly from assets into a syslog server. Then a Security Information and Event Management (SIEM) tool can correlate and analyze logs. While it is challenging to separate noises from legitimate traffic, a good log correlation tool can be used to filter out the legitimate traffic, so security staff can focus on the noises. A good asset management with documented components of the original Operation System plus software will help IT security analysts detect new files on the system.
   In the field of computer security, security information and event management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware and applications.