How to Deal With Advanced Persistent Threats

Posted on: February 19, 2017 by Zeina Zakhour

As organizations become more digitally focused, the question of cybersecurity becomes even more pertinent. Not only are systems more complex, heterogeneous, decentralised, and therefore difficult to protect, but their increasing value makes them of increasing interest to cybercriminals leading to a corresponding increase in attacks.

Most worrying of all is a rise in Advanced Persistent Threats (APTs).

Unlike traditional threats such as viruses, phishing or rootkit, APTs are cyber-attacks of extraordinary complexity. They are introduced without the knowledge of the IT department and can remain dormant for months before activating. An APT can have multiple objectives: for instance, being able to cause unexpected damage, and stealing sensitive data – including financial, R&D or customer information. It is a changing, mixture of threats that has no foreseeable digital signature and can take up to six months before it is detected.

Damage Limitation

To deal with APT attacks, it is not a question of creating a specific process but rather to ensure that the processes in place are implemented and allow for the detection and remediation of an attack in real time. Faced with APT attacks, you must react immediately to limit the damage.

Importantly, a holistic approach is vital. Organizations must ensure that the process does not create silos between different network management, application or security teams. Facilitating exchanges between the teams can speed up the resolution of these security incidents, while collaboration between teams in modifying configurations, changing permissions, isolating machines, and blocking access can ensure the threat is kept contained as efficiently as possible.

Attention to security reporting is required. Directors need to have a detailed report which clearly states the company's security level and the risks and vulnerabilities facing the company. The monitoring over time of the risks and corrective actions identified are key to ensuring that known vulnerabilities are under control, as this already greatly reduces the number of APT attack vectors that are possible.

Real-Time Detection

An integrated approach like this can detect upstream cyberattacks and confine them, and then neutralise them with solutions installed across the entire IT system. Solutions and security skills should be federated and centralised to correlate suspicious events, identify intrusion attempts and to have a global view of risks and the appropriate defence against them.

A real-time analysis of mail flow, including emails and attachments, and web traffic, means you can provide real-time solutions for the detection and neutralization of APT attacks. Getting in early is crucial. In case of an attack, the organization should have the expertise ready to mobilise, implementing a forensic solution to identify the origin of the attack, the mechanisms used and impacted systems. This team should be equipped to not only implement control measures to protect the IT system, but also to strengthen the security strategy of the company to avoid any further cyber-attacks.

This type of integrated approach requires, above all, an agile security infrastructure that centralizes escalation of security and technology solutions from a holistic viewpoint, and translating it into a consolidated view of the security position. An integrated approach to security also requires the sharing and development of knowledge. Having a trusted partner on board can help ensure that the team is not limited in its ability to defend the business due to a lack of resource, tools, or specialised expertise.

Ultimately, in the event of any threat to security – whether it’s a small-scale incident on a single department, or a barrage of intrusion attempts and denial-of-service attacks across the entire organisation – it’s up to your SOC (Security Operations Center) & CERT (Cyber Emergency Response Team) Teams to fend off the cyberattack and maintain business as usual.

Attackers will operate at the cutting-edge of technology and so should you – ensuring that the work of the wider business is protected and able to grow and flourish within an increasingly digital world.

Share this blog article

About Zeina Zakhour
Fellow, Global Chief Technical Officer, Cybersecurity, Atos and member of the Scientific Community
Zeina Zakhour is the Global CTO for cybersecurity in Atos, creating , by day and a few nights, innovative solutions to be a step ahead of cybercriminals. Not an easy task you might say… But she is putting her 20 years of experience in the cybersecurity field to good use. Zeina covers the end-to-end spectrum of cybersecurity from security advisory, to security integration, managed security services and IoT and big data security. She worked closely with Fortune 500 companies to advise them in their security strategy and secure their infrastructure and protect their data. She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom Sud Paris and an Executive MBA from HEC. She is member of Atos Scientific Community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. Yet she believes that when it comes to cybersecurity, we never stop learning.

Follow or contact Zeina