Companies should be as invested in protecting networks and data against advanced persistent threats (APTs) as cyber criminals are in targeting and implementing their attacks. In the past, APT counter measures were only implemented by certain sectors where there were high-value targets like military plans and other sensitive government or enterprise damaging data.
Nowadays, hackers are stealing data for financial gain or to get their hands on valuable intellectual property.
“Every business that values its data should have APT counter measures in place,” says Michael Morton, Solutions Architect at specialist managed IT security services company, Securicom.
An APT is a targeted attack where an intruder spends time in gaining access to the network, in such a way that he can remain undetected for an extended period of time. Because APTs were time consuming and resource intensive for hackers and required detailed understanding of networking and operating system typology, they were carefully targeted and less prevalent than they are today. As messaging gateways have evolved and become more advanced and easier to deploy, so too have APT attacks. The way APT attacks occur can now easily be adjusted and packaged for any attack and any vulnerable network.
APT groups will typically use highly-targeted spear phishing attacks or social engineering to gain access to a network. The easiest and most common form in delivering the initial package is via mail. Due to the highly-targeted approach, conventional anti-spam and anti-mail solutions will not necessarily detect this as an attack.
“What this means is that the majority of companies using traditional email security tools are vulnerable. APT attacks happen where there is a lack of security and compliancy on the endpoint such as a server, workstation or laptop. Missing patches, OS vulnerabilities, access controls and applications with missing security features are exploited and used to gain sensitive information,” says Morton.
He explains that protecting against APT attacks is not a single technology solution, “Having an APT protection tool at your email gateway is highly recommended. But, this does not mean you should not patch your endpoints or update applications and operating systems. Due to the way in which APT attacks are built, you should have multiple tools and processes in place. This multi-pronged approach should include anti-APT technology at the email gateway, antivirus software that has built-in APT detection, a patch management solution, application reviewing tools, penetration testing capabilities and access control. Employee education is also crucial as APT attacks often include social engineering tactics.”
Securicom uses Advanced Threat Protection (ATP) to protect against APT. The solution comprises industry leading technologies that are built into a multi-APT protection solution that fits within Securicom’s comprehensive email content management service, e-Purifier.
With Securicom’s ATP every incoming email is treated as suspicious. ATP adds a proven layer of security to the organisation’s existing mail relay. Instead of relying of detection, ATP Mail Content Disarm and Reconstruction ensures security by transforming the entire email message into neutralised (harmless) and trustworthy copy. ATP prevents advanced undetectable malicious code attacks and ransomware, while maintaining full usability, visibility and functionality.
Morton concludes: “Protecting against APT is not a single technology fix. It is a combination of technologies, processes and procedures combined with frequent reviews, and ideally, audits. The best way of protecting against APT is a healthy and active IT security ecosystem. Securicom can assist in providing a market leading e-mail solution, and endpoint protection that includes antivirus, patch management, and endpoint detection and response in combating against APT threats.”