Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Malware & Threats

Securing Against the APT – Integrating Security More Effectively Into the Enterprise

Combating APTs Requires More than Just Technology. Equally Important is a Security Mentality Shared across the Enterprise.

Combating APTs Requires More than Just Technology. Equally Important is a Security Mentality Shared across the Enterprise.

Not a day goes by that we don’t hear about Advanced Persistent Threats or APTs, adversaries with an interest in obtaining and maintaining a foothold in a target organization for an extended length of time. An APT has at its disposal sufficient resources—money, equipment and skill—to evolve attacks in direct response to detection capabilities of the target. These groups are typically state-sponsored and interested in data to support political, military and economic objectives. While previously focused on government entities, enterprises across a variety of industries increasingly are in their sights.

Protecting Against APTsThe strategies used by APTs to seize data and wreak havoc are far more sophisticated than typical attacks and, as a consequence, are difficult to protect against. An October 7, 2011 report by Gartner, “Defining Next-Generation Network Intrusion Prevention,” states that: advanced targeted threats—often called “advanced persistent threats” (APTs)—often use custom malicious executables that do not rely on missing patches or that take advantage of vulnerabilities for which no patch currently exists.

Microsoft’s recently released “Security Intelligence Report Vol. 11” confirms this approach by APTs but finds that only one percent of attacks in the first half of 2011 were a result of APTs. The remainder, 99 percent, stemmed from threats focused on known vulnerabilities that have not been patched.

Although APTs account for a small number of attacks, the damage can be widespread with long-term effects. This is due to the fact that APTs typically target data and systems—such as intellectual property, trade secrets, national security data, and critical infrastructure— essential to the strength of our economy, global defense strategies and continuity of operations.

With 99 percent of attacks focused on known vulnerabilities, the vast majority of an organization’s IT security resources should be directed toward closing these gaps in defenses. But organizations with high-value digital assets can’t afford to neglect the one percent. And over time this percentage is likely to increase, particularly if organizations fail to take a proactive approach to security. With already stretched IT budgets organizations need technology solutions built from the ground up to deal with both types of attacks and a security mentality that is pervasive across the enterprise. Let’s start by taking a closer look at technology.

Traditional static defenses are failing to keep up with the tens of thousands of malware attacks we now see on a daily basis that exploit known vulnerabilities. Designed for a different time, when IT environments were stable and slow to change, these traditional security tools weren’t built to deal with rapidly changing environments and rapidly changing attacks. Organizations need to identify agile security solutions that can dynamically provide needed protection for today’s world. These next-generation solutions automatically speed protection of known vulnerabilities and also provide an intelligent and essential foundation for combating APTs.

APTs target unknown vulnerabilities and that’s the rub—you can’t protect what you don’t know. Security solutions that allow you to customize security to your network using awareness and agility provide a means to deal with APTs. Specifically, agile solutions should allow IT security teams to create custom protections for their networks. These custom protections should be focused on driving intelligence about APT actors back into current defenses. This could be as simple as laying traps, for example monitoring specific hosts that never interact or users that never access certain servers or files for abnormal activity, or could involve more complex detection, for example monitoring for emerging indicators of APT actors. APTs take advantage of the unknown. Agile security enables you to know more, so you can do more.

Advertisement. Scroll to continue reading.

But combating APTs requires more than just technology. Equally important is a security mentality shared across the enterprise. Organizations and their employees must embrace security processes as part of daily business practices. This isn’t security training per se but a mind-set. As a simple example, employees must stop and think before opening attachments received via email. This may sound obvious but according to Microsoft’s previously cited report nearly 45 percent of successful attacks required some sort of user interaction. Security teams must shift their mentality as well. The traditional broken loop approach of “find a threat, fix the problem, remediate the infected hosts and notify users” needs to include a final step of driving all of the intelligence learned in the previous steps back into all security technologies to thwart future similar attacks. A shared security mentality across all employees will help protect an organization in general from all types of attacks.

Organizations can’t buy an “Anti-APT” solution—nothing can detect an unknown threat. But by adopting a security approach based on agile security and a security mentality that permeates the organization, IT security teams can know more and will stand a better chance of coming out on top in today’s threat landscape.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...