APT (Advanced Persistent Threats) are consistently covered in the press and on social media. Not a week goes by without some form of data breach or hactivist-type event being reported. Many do not understand what an APT, never mind how it can impact their business.
There are many definitions of an APT, each with a slightly different take on things. Irrespective of these conflicting definitions, there is a general consensus that an APT is a form of advanced attack, that can often bypass traditional signature based security controls, going unnoticed for months at a time. People simply don’t knowthey are compromised, how could they possibly be? The detection systems and heuristics simply don’t see the threat.
Emergence of APT
The emergence of APTs has led enterprises and public sector organisations to look for solutions that can identify, contain and neutralise this new threat. There is no simple solution, the whole crux of an APT is the fact it is ever-changing, ever-evolving and so very, very new. You cannot fix it, what you can do is ensure your organisation embraces a defence-in-depth approach and to make sure you do not rely on a single technology or indeed a single vendor as your only line of defence.
I am not suggesting multiple firewall vendors or layers of AV. I am suggesting you select best-of-breed technologies and not simply build your whole architecture around a single solution.
Holistic approach to security
An accepted way of reducing your exposure to APTs or compromise is to take a holistic approach to your cybersecurity or information security architecture (note the use of the word reduce, not eliminate).
A business should look to identify strategic technologies that can form part of their overall security architecture. A robust security solution is very much the sum of all parts and the way these parts interact, and not just a single shiny box.
It is also worth stressing that technology and software alone will not just stop APTs; education, expertise, architecture, processes, procedures and change-control are equally, if not more important than the technology itself.
APTs are a real concern for the modern business. Fortunately security vendors are rallying to the cause bringing a broad selection of products and services that can be combined to mitigate the risk.
It is worth noting the quote from Robert Mueller (former FBI Director) back in 2012:
There are only two types of companies: those that have been hacked, and those that will be.