Enterprise Security Issue: Fighting Against APTs or Targeted Attacks?

Advanced Persistent Attacks(APTs) or targeted attacks are a category of intrusion attacks that compromise the targeted systems upon hacking. APTs are conducted in a series of failed and successful attacks over time to get deeper and deeper into the target’s network.

Enterprises consider APT attacks a high priority threat because of the significant impact on the past victims in the industry. These kind of attacks are highly risky and occur because of the weaknesses in the security system of the company. Once the enterprise network is compromised and the hacker allowed in to it, it becomes difficult to get it resolved fully.

The introduction and adaption of new technologies, platforms and entities into business can only further broaden the attack surface. Information Security Officers have found the necessity of safe guarding the company data on the network after they have seen the noticeable data breach attacks in past years.

A better understanding of targeted attacks can give enterprise security groups the correct mindset in dealing with these threats.

How do targeted attacks occur?


Intelligence gathering: Highly similar to a military reconnaissance mission, this initial phase aims to gain strategic information not only on the intended target’s IT environment but also on its organizational structure. The information gathered can range from the business applications and software an enterprise utilizes to the roles and relationships that exist within it.

Point of entry: As attacks usually target organizations, the delivery mechanism is therefore the most common form of office communication—email. Note, however, that instant-messaging and social networking platforms can also be utilized to entice targets to click a link or download malware. Eventually, establishing a connection with the target is acquired.

Compromise: Armed with knowledge obtained from the intelligence gathering stage and supplementary insights accumulated from prior attacks to a company’s environment, threat actors are able to select and specify the exploits to use on their target. At the end of this stage, a company’s network is infiltrated.

Command-and-control (C&C) communication: After an organization’s perimeter has been breached, continuous communication between the compromised host and the C&C server needs to be preserved. Threat actors use techniques to maintain C&C communication traffic under the radar often either by blending in with legitimate traffic or fully utilizing go-betweens.

Lateral movement: Once assured that there is constant access to the breached network, threat actors then laterally move throughout the company’s network, seeking valuable hosts that house sensitive information.

Asset/Data discovery: Noteworthy assets are identified within the infrastructure then isolated for future data exfiltration.

Data exfiltration: The attack’s ultimate objective is to transmit information from within the target organization’s perimeter to a location the threat actor controls. Data transmission can be done either quickly or gradually wherein information is moved to a staging phase then prepared for exfiltration.

What Can Enterprises Do Against APTs?

By design, APTs are able to evade standard perimeter and endpoint defenses. Industry analysts and experts have made a clear case that an expanded and layered definition of security due diligence is now a must for most enterprises and government organizations. Trend Micro provides a range of solutions that allow organizations to meet these new requirements, combating APTs with the best protection and proactive detection technologies.

Fundamental Defense
Standard perimeter and endpoint security technologies are essential to prevent most attacks and, at their best, may detect or block certain aspects of an APT or a targeted attack. The key factors behind the effectiveness of these products is the provider’s ability to source new threat information and the “time to protect”—how quickly new threat information is made available to the products deployed.

The Trend Micro™ Smart Protection Network™, for instance, provides Trend Micro products with the broadest and most up-to-date threat detection capabilities.4 The Smart Protection Network processes over 4TB of data daily, including daily analyses of over 8 billion URLs, 50 million email samples, 430,000 file samples, and 200,000 IP addresses.
  • InterScan Messaging Security combines the privacy and control of a powerful on-premise gateway software virtual appliance with the proactive protection of an optional cloud-based pre-filter that stops the majority of threats and spam in the cloud.
  • InterScan Web Security combines award-winning malware scanning with real-time web reputation, flexible URL filtering, and integrated caching for streamlined administration and lower total cost of ownership (TCO).
  • OfficeScan maximizes security and performance on physical and virtual desktops, providing the industry’s strongest threat and data protection, built into a single endpoint agent, and deployed and managed together from a single console.
Advanced Protection
Moving beyond fundamental defense is about providing additional security safeguards for sensitive resources and data, whether physical or virtual and whether these reside in the corporate network, the datacenter, or the cloud. Trend Micro can provide a hardened level of protection for the servers and data that are targets of an attack.
  • Deep Security provides a single platform for server security to protect physical, virtual, and cloud servers as well as virtual desktops. Tightly integrated modules easily expand to offer in-depth defenses, including anti-malware, integrity monitoring, intrusion detection and prevention, web application control, firewall, and log inspection.
  • SecureCloud is designed to encrypt and protect data in public, private, and hybrid clouds while also securing data stored in physical and virtual servers. Easy-to use, policy-based key management authenticates the identity and integrity of servers requesting encryption keys and controls when and where your secure data can be accessed.
Real-Time Threat Management
Moving beyond protection to embrace proactive detection capability is the ultimate step in combating APTs and targeted attacks. Specialized threat detection technology can detect “invisible” malware and human attacker activity by examining the content, communications, and behavior of all network traffic then providing actionable insights to aid in immediate containment and remediation.

Vulnerability exploits are a key tool of attackers and a proactive stance to vulnerability detection and timely patching is critical. A systematic approach to vulnerability management and a proactive virtual patching or vulnerability shielding strategy will minimize the window of opportunity for attackers.

These Trend Micro solutions enable you to take the ultimate proactive stance against APTs and targeted attacks:
  • Deep Discovery provides customers with the network wide visibility, insight, and control needed to reduce the risk of APTs and targeted attacks. Deep Discovery uniquely detects and identifies evasive threats in real time and provides the in depth analysis and actionable intelligence needed to prevent, discover, and contain attacks against corporate data.
  • Vulnerability Management Services provides on-demand network discovery, asset prioritization, application and system vulnerability assessment, and remediation tracking in a single software-as-a-service (SaaS) offering.
  • Deep Security deep packet inspection and intrusion prevention system(IPS) capabilities close the window on vulnerabilities and reduce patching costs by providing virtual patching to rapidly shield vulnerabilities without the need to wait for vendor patches or disrupt your standard patch cycles.
Source: A Special TrendLabs primer on APTs – Detecting the Enemy Inside the Network: How Tough Is It to Deal with APTs?

0/Post a reply/Replies

Previous Post Next Post