by September 18, 2013 0 comments

Advanced persistent threats (APTs) and targeted attacks have emphatically proven their ability to penetrate standard security defenses and remain undetected for months while siphoning valuable data or carrying out destructive actions. With an estimated 1.25 billion Internet users worldwide according to Computer Economics, cybercriminals have never had a bigger pool of potential victims from which to choose.

While these threat trends are alarming for every Internet user, it should particularly raise the eyes of the organizations overlooking the importance of cyber security. With all the confidential business information online, organizations need to be vigilant towards security.

Debatably, the response from the security industry has been largely limited to an “APT marketing makeover” around the traditional security technologies. But standard protection products’ signature-based, one-size-fits-all approach cannot deal with the custom nature of targeted attacks and their dedicated perpetrators. These attack groups utilize malware, social engineering, and hacker techniques specifically customized to the task of evading an organisation’s defenses and successfully attaining their goals against your company. By design, they will defeat standard security products utilizing generic signatures.

Many organizations feel that they have been targeted and admit that their current security activities are insufficient to stop a targeted attack. Not surprisingly, Trend Micro found that 55 percent are not even aware of intrusions, and fewer know the extent of the attack or who exactly is behind it. While necessary to thwart the majority of today’s attacks, standard defenses have proven insufficient to handle APTs and targeted attacks.

Combating these custom attacks requires a custom defense-a new strategy that recognizes the need for a specific approach and relevant intelligence that is uniquely adapted to each organization and its attackers. A multi-layered custom defense solution augments an organization’s standard security by detecting and analyzing APTs targeting the specific organization, immediately adapting protection against the attack, and enabling a rapid remediation response.

 

The Antonym of Advanced Targeted Attacks – An ideal solution

Until now, the best that the industry has to offer is new technology in the form of an additional network-based malware sandbox product that is largely independent and disconnected from the rest of an organization’s existing security solutions, i.e. a solution that offers a new level of detection but that at its heart is based on a generic one-size-fits-all approach similar to the standard protection products already in place.

What would an ideal solution be? An ideal solution would weave your entire security infrastructure into a custom and adaptable defense that is tuned to a particular environment and particular attackers.

An ideal solution would not only perform custom detection and analysis of attacks at the network level, but integrate advanced detection technology into your existing endpoint and gateway defenses. Detection at any one protection point would automatically update other protection points to defend against further attack-all working in a multi-vendor security environment. An ideal solution would leverage the global intelligence of a major security vendor to aid in detection, and use it to provide you threat profile information relevant to your particular attack. Finally, it would pair this profile with network-wide event analysis to guide rapid containment and remediation.
In short, an ideal solution is a custom defense employing a comprehensive Detect-Analyze-Adapt-Respond lifecycle unique to your particular organization and the threats against it.

Custom Defense Components

 

An optimum enterprise security and data protection suite is preferred which gives the ability to deploy integrated data protection wherever the end users access sensitive data along with adaptive threat protection that won’t slow down the endpoints. It must centrally manage to give visibility and control enterprise-wide. With complete end-user protection, one can prevent data breaches and business disruptions from gateway to mobile devices.

Data protection offered would control data wherever end users access it with an integrated and facilitating multi-layer protection. An optimal multi-layered security suite must encompass advanced threat detection at the heart of the custom defense along with monitoring the environment for malicious content, communication and behavior. It must use custom detection methods tailored to specific configurations and leverage deep threat analysis to generate custom updates to your protection points. Custom relevant intelligence must be provided to guide rapid response.

Furthermore, it should provide rapid adapt protection against attacks, enterprise-wide risk management, tools to discover and analyze advanced threats, assist in attack analysis and response, and augment the security responsiveness and expertise.
Combating Advanced

Persistent Threats

The face of the threat landscape continues to change, and by all accounts, APTs are succeeding in their effort to gain access to the data and systems of target organizations. It is not sufficient to rely on standard security products to detect targeted attacks, and it is equally important organizations don’t just simply fill the security gap with new network detection techniques as this only addresses a portion of the issue. Adopting a comprehensive strategy against APTs that enables organizations to effectively detect, analyze, adapt, and respond to attacks specifically targeting the organization will provide the strongest foundation for a successful defense. It is critical for organizations to take immediate action and to include implementation plans for a multi-layered custom defense strategy in their budgets.

This would lead to the evolution of new business models for customers to fight the increasing threats. To address all the threat challenges, enterprises are required to take a multi-layered approach to security, beginning at the network and finishing at the desktop. Advanced security at multiple points throughout the network is a necessity, and some additional effort must be made to protect against all the substantial threats.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<