Recent security breaches have made the headlines, but advanced persistent threats, or APTs, are now making headway as a data theft force to be reckoned with. While other types of threats cause annoying little blips in web access or even large-scale business disruptions, APTs can be far more devastating — calling for more protection than traditional security measures may provide.
Understanding Advanced Persistent Threats
Unlike attacks that break in and dash off with data in one fell, highly visible swoop, APTs distinguish themselves as being “low and slow” attacks. Capable of flying under the security radar, they can enter your network through a seemingly innocent email to install botnets without being detected. And, they can remain there, silently active for years, secretly and continuously stealing data — from credit card numbers to intellectual property and trade secrets. As well-thought-out, strategic acts, many APT attacks come from organized groups with multiple layers of players, making it harder to find the source.
How to Ramp Up Network Security to Prevent APTs
With the increasing BYOD trend, the barbed-wire fences protecting the data center aren’t enough. Traveling well beyond these protected perimeters and outside IT control, user devices and the unsanctioned applications they can hold are vulnerable APT access points.
Reinforcing the need to act now is this: At AT&T, we process 310 billion flow records each day, totaling more than six petabytes of Internet traffic. Over the last year, we’ve seen a ten-fold increase in APTs attempts, which is a definite cause for concern.
What you can do
Traditional security measures may not work with APTs, because many only stop you from sending data to well-known malicious ports or IP addresses. Stealthy APTs require a multi-layered approach that digs deeper to detect suspicious activity. To increase your defenses:
1. Start with an APT Security Assessment to identify the presence of APTs and vulnerable security gaps in your network.
2. Apply a higher level of web and email filtering with deep packet inspection to examine outgoing traffic on a more detailed level to find hard-to-detect APTs.
3. Consider a data loss prevention service that alerts you when specific data leaves the company, such as large data file containing proprietary designs, to flag potential botnet activity in real time.
4. Explore using a network-based firewall to continuously inspect inbound/outbound traffic to stop threats before they infiltrate user devices or your network.
5. Educate users. We have a saying around AT&T that applies to employees at any company: “You are the firewall.” By training employees on security do’s and don’ts you send a message that security is everyone’s job.
Learn how AT&T network security and security consulting services can help protect your organization from APTs.