GovDefenders Wednesdays: What is an Advanced Persistent Threat (APT)?

GovDefenders Wednesdays is written by Van Ristau, DLT Solutions’ Chief Technology Officer. Throughout the month, he’ll explore the world of public sector cybersecurity; introducing concepts, offering opinions, providing resources, and identifying ways to protect your agency. You may also follow Van on Twitter at @VanRistau.

Malware, social engineering, viruses, worms, trojans, spyware, keyloggers, rootkits, phishing, malbots and botnets, distributed denial-of-service (DDoS), ransomeware, zero-day, kill chains - the list of information security threats grows each year as does the vocabulary of terms to describe them.

Here's a relatively newcomer to the vocabulary; it's called an “Advanced Persistent Threat” (APT) and it is a doozy. Why is it particularly toxic? Because if you have an APT problem, it's a bit like having termites in the foundation of your home. As with a termite problem, if you've been targeted for an APT it is unlikely you will be aware of the damage until the roof caves in - unless trained professionals are doing frequent inspections.

“Targeted” is the key descriptor for APTs: Sophisticated bad actors are trying to gain access to specific critical data that you need to protect. An APT may include a variety of exploits over a period of time, including ones used as diversions to gain access for a prolonged harvesting of critical data. It is not untypical for APT attackers to use one or more zero-day vulnerabilities (newly discovered vulnerabilities for which no patch has yet been issued) to gain access to critical networks and remaining undiscovered while exploring and removing information that has been targeted. The skill levels required for successful APT attacks against reasonably well defended networks is quite high, so the payoff in terms of criminal or national security gains must also be high to justify the effort involved.

So what's the solution to the APT threat?

Unfortunately, there is no simple solution to defending against advanced persistent threats. You must, on the one hand, ensure that staff are educated and vigilant with respect to social engineering techniques, and at the other extreme, be alerted at the earliest possible point in time of software zero-day vulnerabilities. You must protect data using data loss prevention tools while ensuring that the mission of the agency is not hobbled. As well, remote access must be controlled; a difficult challenge in today's environment of mobile devices.

DLT Solutions' vendor partner Symantec is frequently cited as an authoritative source of information regarding security threats and has developed a multi-layered approach to supporting government security professionals with both initial security assessment services as well as a portfolio of products and programs designed to reveal vulnerabilities and protect against the APT. For a detailed discussion of the Symantec approach to APTs, visit the Symantec Advanced Persistent Threat web page or contact DLT Solutions’ Symantec security engineers.

 

Additional Cybersecurity Wednesdays articles:

Information Security Continuous Monitoring (ISCM) Enabling Technologies: Can You Name Them?

Continuous Monitoring is not like a Mobius Strip: How to get in the Loop