How to Deal With Advanced Persistent Threats

Posted on: February 19, 2017 by Zeina Zakhour

As organizations become more digitally focused, the question of cybersecurity becomes even more pertinent. Not only are systems more complex, heterogeneous, decentralised, and therefore difficult to protect, but their increasing value makes them of increasing interest to cybercriminals leading to a corresponding increase in attacks.

Most worrying of all is a rise in Advanced Persistent Threats (APTs).

Unlike traditional threats such as viruses, phishing or rootkit, APTs are cyber-attacks of extraordinary complexity. They are introduced without the knowledge of the IT department and can remain dormant for months before activating. An APT can have multiple objectives: for instance, being able to cause unexpected damage, and stealing sensitive data – including financial, R&D or customer information. It is a changing, mixture of threats that has no foreseeable digital signature and can take up to six months before it is detected.

Damage Limitation

To deal with APT attacks, it is not a question of creating a specific process but rather to ensure that the processes in place are implemented and allow for the detection and remediation of an attack in real time. Faced with APT attacks, you must react immediately to limit the damage.

Importantly, a holistic approach is vital. Organizations must ensure that the process does not create silos between different network management, application or security teams. Facilitating exchanges between the teams can speed up the resolution of these security incidents, while collaboration between teams in modifying configurations, changing permissions, isolating machines, and blocking access can ensure the threat is kept contained as efficiently as possible.

Attention to security reporting is required. Directors need to have a detailed report which clearly states the company's security level and the risks and vulnerabilities facing the company. The monitoring over time of the risks and corrective actions identified are key to ensuring that known vulnerabilities are under control, as this already greatly reduces the number of APT attack vectors that are possible.

Real-Time Detection

An integrated approach like this can detect upstream cyberattacks and confine them, and then neutralise them with solutions installed across the entire IT system. Solutions and security skills should be federated and centralised to correlate suspicious events, identify intrusion attempts and to have a global view of risks and the appropriate defence against them.

A real-time analysis of mail flow, including emails and attachments, and web traffic, means you can provide real-time solutions for the detection and neutralization of APT attacks. Getting in early is crucial. In case of an attack, the organization should have the expertise ready to mobilise, implementing a forensic solution to identify the origin of the attack, the mechanisms used and impacted systems. This team should be equipped to not only implement control measures to protect the IT system, but also to strengthen the security strategy of the company to avoid any further cyber-attacks.

This type of integrated approach requires, above all, an agile security infrastructure that centralizes escalation of security and technology solutions from a holistic viewpoint, and translating it into a consolidated view of the security position. An integrated approach to security also requires the sharing and development of knowledge. Having a trusted partner on board can help ensure that the team is not limited in its ability to defend the business due to a lack of resource, tools, or specialised expertise.

Ultimately, in the event of any threat to security – whether it’s a small-scale incident on a single department, or a barrage of intrusion attempts and denial-of-service attacks across the entire organisation – it’s up to your SOC (Security Operations Center) & CERT (Cyber Emergency Response Team) Teams to fend off the cyberattack and maintain business as usual.

Attackers will operate at the cutting-edge of technology and so should you – ensuring that the work of the wider business is protected and able to grow and flourish within an increasingly digital world.

Share this blog article

About Zeina Zakhour
Fellow, Global Chief Technical Officer, Digital security, Atos and member of the Scientific Community
Zeina Zakhour is Vice-president, Global CTO for Digital Security in Atos. Zeina has twenty years of experience in the Cybersecurity field covering the end-to-end spectrum of cybersecurity from security advisory, to security integration, Managed security services/Managed Detection and Response, to securing digital innovations (Cloud, IoT, Edge, AI etc…) as well as risk management, compliance and privacy. She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom SudParis and an Executive MBA focused on Innovation & Entrepreneurship from HEC School of Management. Zeina is a member of the Atos Scientific community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. She was the recipient of Atos Innovation trophy in 2013, was named in 2019 among the “100 fascinating Females Fighting cybercrime”, was listed in the CTO/CIO/CDO French top 10 influencers and was recognized as 2020 Cyber security leader by the Cyber Security Observatory.

Follow or contact Zeina