SYNOPSIS
Businesses face a constantly evolving threat landscape. Malware is becoming more complex, architectural changes create new vulnerabilities, and attackers are willing to focus their efforts on specific companies. The advanced persistent threat (APT) is a term commonly used to describe some combinations of these new threats. Mitigating the risk of APTs requires advances beyond traditional layered security to include real-time threat management. This Essential Series describes the nature of APTs, the risks they pose to businesses and techniques for blocking, detecting, and containing APTs and other emerging threats.
CHAPTER PREVIEWS
Article 1: Beyond the Hype: Advanced Persistent Threats
Businesses face a constantly evolving threat landscape. Malware is becoming more complex, architectural changes create new vulnerabilities, and attackers are willing to focus their efforts on specific companies. The advanced persistent threat (APT) is a term commonly used to describe some combinations of these new threats. Mitigating the risk of APTs requires advances beyond traditional layered security to include real-time threat management. Businesses face a constantly evolving threat landscape. One of the greatest challenges is presented by advanced persistent threats (APTs), which are sophisticated, multi-faceted attacks targeting a particular organization. Mitigating the risk of APTs requires advances beyond traditional layered security to include real-time threat management. This Essentials Series describes the nature of APTs, the risks they pose to businesses, and techniques for blocking, detecting, and containing APTs and other emerging threats. We begin with a pragmatic assessment of the nature of APTs, specifically:
- The nature of APTs today
- The continuously evolving threat landscape
- Elements of APTs
- Changing business practices that compound the problem
- Assessment of potential to control and mitigate the risk from APTs
Clearly, the threat landscape continues to become more challenging. The motivation and means for carrying out attacks on information systems is changing. Determined, committed attackers are employing multiple means to breach security controls. Businesses need to respond in kind with multiple security controls, including real-time monitoring and rapid containment measures.
Article 2: Need for Real-time Management and Responding
Ideally, we can deploy security controls that would prevent a successful attack by an advanced persistent threat (APT), but we should be pragmatic in our assessment. APTs are multifaceted and although one countermeasure, such as an antivirus system, may block one part of an APT, there can be other elements of the attack that do not depend on detectable malware. Just consider a malicious insider who uses social engineering to discover the password to an administration account of a document management system in order to copy the contents of the repository and mine them for intellectual property. When planning a response to the threat of APTs, we should assume there will be a breach at some time. The overall goal of risk management in this case is to minimize the impact of threats by blocking when possible and detecting and containing when not-to do that, we need real-time monitoring and remediation mechanisms.
This article considers the need for real-time threat management and response, specifically:
- The limits of conventional endpoint and perimeter security controls
- The stages of a response to a breach by an APT
- Ideal and realistic assessments of preventing a breach
Article 3: Planning for Real-time ATP Countermeasures
This article is organized around basic steps to plan for the deployment of real-time threat management to mitigate the risk of APTs:
- Developing a business case for real-time threat management
- Assessing the current state of readiness for real-time threat management
- Developing a deployment plan
