An advanced persistent threat (APT) is a network attack in which an unauthorized individual gains access to a network and then stays in the network, undetected, for a long period of time.[1] APTs use multiple phases to break into networks and avoid detection. During this period of time, the attacker will scan the network for confidential information.  There are usually five phases of an APT attack. The first is reconnaissance, in which the attacker leverages information to understand the target.

2014 was a banner year for high-profile security breaches. The Sony hack, big box store data breaches, and the rumblings of problems at the federal government’s Office of Personnel Management all contributed to a problematic year for IT, business and government leaders.

Many of these breaches stemmed from inadequately protected on-premise systems, but what’s been going on with cloud security? For answers look no further than DLT partner, Alert Logic’s newly released 2015 Cloud Security Report.

Bring Your Own Device (BYOD) programs are popping up across corporate America. Yet many in the U.S. government still eye this cost-saving strategy (less infrastructure = reduced IT footprint) with caution.

Security and liability are among the top concerns that are stalling widespread adoption with many government officials finding BYOD programs to be “more trouble than they’re worth” (Forrester).

A new report from the Government Accountability Office (GAO) released on September 29 highlights the challenges that 24 federal agencies still face when it comes to applying information security policies and practices, despite throwing billions of dollars at the problem.

"Federal agencies' information and systems remain at a high risk of unauthorized access, use, disclosure modification and disruption," Gregory Wilshusen, information security issues director at GAO, says in the report.

The growth of BYOD programs is exploding in the private sector. Indeed Gartner expects half of all companies to establish mandatory BYOD policies by 2017. After all, the economics make sense, according to Cisco, the predicted savings per employee amounts to a staggering $3,150.

So how is the federal government responding to the BYOD boom? Not well according to all reports.

In the few months since the data breach at OPM was announced, IT leaders and agencies have been assessing and scrambling to manage the fall-out (with some even finding positives in the wake of the breach).

So where has all this introspection got us? This month, a discussion brought together military leaders to share some of the lessons learned at the DoD.

Writing for Federal Computer Week, Zach Noble, summarized some of the key takeaways:

Open source has changed the way we build software. A fully distributed team of strangers, rarely working on the same thing at the same time or in the same place at the same time, yet open source projects consistently produce better software than their closed-source and proprietary counterparts. How then, can this reimagined software development workflow be leveraged by the enterprise to produce more modern software, even if that software ultimately remains closed source?

In my last post, I mentioned that a good use case for containers is managing application deployments.  I'm going to go a step further here and state that containers are the next evolution of application packaging and application run time separation.

Security breaches are on the rise and government systems are goldmines for would-be intruders. If 2015 has taught us anything it’s that it’s no longer a case of if or when a significant security incident will occur, but how well your processes and controls address detection, analysis and response.

We all know the negative outcomes of the data breach at the Office of Personnel Management (OPM) and can only hope that there are no more surprises stemming from the hack. Yet, despite the gloom and doom, the attack has delivered some positives and has quickly become a major catalyst for change in how the government approaches cybersecurity. Below are two positives (and more to come), that we’ve been able to identify so far: