Pub. 10 2015-2016 Issue 3

www.nebankers.org 16 Extraordinary Service for Extraordinary Members. N OONE REALLY KNOWSWHERE THE term APT originated. Ad- vanced Persistent Threats, or APT, can likely be traced back to the United States government, as the term originated about the time our federal government started to ac- knowledge the infiltration of foreign adversaries into government networks, and when several major U.S. corpora- tions were hit with “low and slow” style attacks. The break-in at security firm RSA in 2011 was one of the first highly publicized hacks that referred to APT as the means. Once out of the bag, security product vendors picked up on the term APT to coax customers into reactionary purchases to help defend against the new threat. APT is aptly named, as this type of attack is characterized by sophisticated (advanced) attack activity that typically involves both human and automated means over a long period of time (per- sistent). The goal is not necessarily the rapid infection of machines with malware, rather it’s the implementation of exploits (threats) that can remain available and useful to the cybercriminal over a period of time. A clear difference in APT versus malware is that APT is targeted against a specific entity rather than the traditional notion of malware, which uses broad infection rates to sow itself. However, many APT attacks absolutely use focused malware attacks as part of its insertion method. Also, since APT is not broad in its delivery, it tends to be especially hard to detect, often exploiting zero-day vulnerabilities. Currently, there is no single con- trol capable of defending against and noticing APT attacks; therefore, the implementation of layered controls is necessary. Below aremy top six controls to stay ahead of APTs: 1. Deploy devices and software prod- ucts capable of detecting and/or blocking anomalous activity at the host and network levels. This is advisable since signature-based technology is not a very good plat- form to protect against APT, due to the use of zero-day exploits by cyber criminals. Installation of network anomaly detection devices should Six Controls to Defend Against Advanced Persistent Threats (APT) Mark Faske, CoNetrix TECH TALK