Advanced persistent threats (APT) are among the most difficult cyber threats to defend against. APTs are sneaky and stealth, slipping into your network quietly and remaining there undetected for days, weeks or months while hackers gather sensitive information or spread more malware. All the while, the APTs evade or manipulate security systems to avoid detection.
Fighting APTs requires an advanced threat protection approach that’s smart enough to throw off modern malware evasion techniques. Is your security system smart enough to detect and shut down APTs and other threats?
Deceptive APT Tactics
APTs worm their way into your network through vulnerabilities in your system you may not know exist. Once inside, they find the weakest areas of the network to exploit. Most importantly, APTs cover their tracks well, making them difficult to detect. Even what appear to be the most secure networks aren’t immune to an APT.
Unfortunately, many organizations aren’t prepared for the growing sophistication of cyberattacks. “Gone are the days of predictable attack methods,” Fortinet’s Brian Forster wrote. “For this reason, organizations need to have a framework in place that can detect brand new threats and add them to the shared intelligence database.”
What’s Needed to Fight APTs
Fighting APTs requires a multi-layered approach that uses security technologies and human intelligence. We recommend a 3-pronged strategy:
- Build a deep defense with multiple technologies including firewalls, SIEM and sandboxing among other security appliances. Follow basic security best practices such as upgrading software and systems and staying on schedule with patches.
- Educate employees to recognize threat warning signs and avoid falling for socially engineered attacks.
- Develop a response plan before an incident occurs and regularly rehearse it so everyone will know what to do when an attack strikes.
When an APT is discovered, immediate mitigation is necessary including:
- Containment within the perimeter
- Malware analysis
- Memory and recognizing where the malware is stored and how it is sending feedback to hackers
Fortinet’s Advanced Threat Protection Framework Ups the Ante Against APTs
To facilitate this approach, our partner Fortinet has developed an Advanced Threat Protection (ATP) framework that functions as a component of the Fortinet “security fabric” platform.
The security fabric weaves together the ATP framework’s advanced security components to optimize core threat prevention, detection and mitigation. Among other tools, these include firewalls, secure email gateways and endpoint security clients to block known threats at the access layer. It also includes advanced sandboxing to detect previously unknown threats based on behaviors not just signatures, and creates actionable threat intelligence which is shared across prevention and detection tools along with global, database-driven intelligence from Fortiguard Labs.
To close the loop, Fortinet’s ATP solution provides the flexibility to handle threat mitigation in two ways: 1) Automatically with direct intelligence sharing between prevention and detection tools; or 2) With assisted mitigation that combines people and technology working together.
A partner of Fortinet and managed security services provider, CCSI can deliver an advanced threat protection framework that’s smart enough to thwart even the sneakiest malware evasion tactics. Contact us.