The advanced persistent threat or APT is the up and coming menace to IT systems today.
The idea behind the APT is to penetrate a system by whatever means possible, and to then stay hidden for as long as possible, even indefinitely. Hackers working to put an APT in place may be prepared to spend weeks or months on the effort.
With the kind of resources required (even hackers have to eat), development of an APT may be sponsored by a group or even a state or country. Once hackers have made their way to the systems of real interest for them, they may then try to exfiltrate data or take over the control of the systems they have hacked. What then is the best defence?
Conventional firewalls and anti-virus software don’t make the list of potential defenders. While new generation firewalls and web application firewalls have made considerable advances in security technology, they remain a barrier between the outside and the inside world, as seen by the IT department of a company.
In other words, an attack that manages to defeat or get around the firewall will be able to attack the soft belly of the enterprise – the internal network without firewall protection.
Similarly, anti-virus software may pick up local virus infections, but lacks the technology to identify more complex attacks in progress and the existence of so-called “kill chains” used by hackers to jump from one system to another, towards their ultimate goal.
IT security approaches have changed to take APTs into account. They may prone a connected threat defence with deeper visibility, in order to track suspicious behaviour at different levels.
Global network traffic monitoring becomes the basis for strategies to spot, stop, and remediate advanced attacks, together with the investigation of any suspicious-looking files.
Algorithms and analytics are used to spot incident patterns, instead of simply using signature-matching techniques. By comparison, while firewalls and anti-virus software are still relevant for many types of attack, if you depend on them alone to keep your data, systems, and network safe, you could be attacked by an APT and not even know it until it was too late.