File Integrity Monitoring and SIEM - Why Layered Security Is Essential to Combat the APT

The 2012 APT (Advanced Persistent Threat)

The Advanced Persistent menace differs from a regular hack or Trojan invade in that it is as the celebrity suggests, advanced in technology and technique, and persisting, in that it is typically a sustained purloining of data over many months.

So farther the APT has largely been viewed in the same manner with Government sponsored cyber-espionage in conditions of the resources needed to orchestrate in the same state an attack, such as the fresh Flame malware which appears to be the subject of been a US or Israeli backed espionage beginning against Iran. However you always consider the leading edge of technology adorn the norm a year later, with equal rean expect to see APT attacks influence the more mainstream, competitor-backed industrial espionage, and 'hacktivist' groups like Lulzsec and Anonymous adopting similar approaches.

The common vector for these attacks is a targeted spire phishing infiltration of the organization. Using Facebook, LinkedIn or other neighborly media makes identification of targets abundant easier today, and also what description of phishing 'bait' is going to exist most effective in duping the mark into providing the all-important welcoming vibrate with a on the tasty links or downloads offered.

Phishing is already a well-established tool for Organized Crime gangs who be disposed utilize these same profiled spear phishing techniques to come unlawfully by data. As an interesting aside in reference to organized crimes' usage of 'cybermuscle', it is reported that prices the sake of botnets are plummeting at the twinkling of an eye due to oversupply of available robot networks. If you shortness to coerce an organization with a threat of disabling their web presence, frith yourself with a global botnet and peculiarity it at their site - DDOS attacks are easier than aye to orchestrate.

Something Must Be Done...

To exist clear on what we are speech here, it isn't that AV or firewalls are not at all use, far from it. But the APT style of menace will evade both by design and this is the highest fact to acknowledge - like the in the place step for a recovering alcoholic the before anything else step is to admit you acquire a problem!

By definition, this style of attack is the most hazardous because any attack that is pungent enough to skip past standard defense measures is definitely going to exist one that is backed by a dangerous intent to damage your organization (reckoning: don't think that APT technology is then only an issue for blue cut s from organizations - that may have been the contingency but now that the concepts and science of the APT is in the mainstream, the wider hacker and hacktivist communities testament already have engineered their own interpretations of the APT)