Three Tips for Avoiding Advanced Persistent Threats (APT)
Blog
Thought Leadership
Three Tips for Avoiding Advanced Persistent Threats (APT)
Kristy McDaniel Baia
By Rocco Donnino, AppRiver
Once primarily used for espionage on governments and militaries, advanced persistent threats (APTs) are growing and targeting a new variety of organizations. Many companies are bolstering their online security, as evidenced by the $985 million organizations spent on advanced threat detection in 2014, according to recent research from Gartner*.
AppRiver offers three tips to help keep your organization safe from APTs:
Cloud-based security solutions with real-time threat updates can help ensure that your organization is protected from the most recent threats. If your security software is only updated once per hour, then your network is vulnerable to the most recent APT attempts during that time. And given the message that a name like “advanced persistent threat” carries, waiting for a security update or patch is not ideal. AppRiver’s SecureSurf™ Web Protection, for example, is updated thousands of times daily and based on malware trends from millions of sources. While email spam and virus protection will block most malicious emails, the savviest APTs out there will deliver a payload that is not executable via email. Instead, they will have a link to a malicious website. This is where adopting a layered security approach comes into play. For example, AppRiver’s email spam and virus filtering solution, SecureTide™, blocks more than 99 percent of malicious emails. However, if an email with a rogue URL were to sneak past us, then AppRiver’s SecureSurf would use intelligent DNS to block the malicious website. However, if it were a malicious link on a reputable site, like a malvertisement on Yahoo, SecureSurf using an adaptive proxy (which is also recommended by Gartner) would then block only the malicious advertisement while allowing the user to safely browse Yahoo. Most ATPs have the aim of running quietly in the background while sending out information on your network over time, which is what makes advanced threat notifications so imperative for triaging a successful ATP attempt. When looking for the advanced threat notification that’s right for your organization, look for a solution that will alert you if a malicious program is attempting to send out information from within your network. This warning can save your business from public reputation damage and costly penalties if any personal information was compromised. It should also provide immediate notification of advanced persistent threat activity so that network administrators can locate and quickly remediate affected endpoints.* Pingree, L., MacDonald, Neil., Firstrbook, P. (4 May 2015). Best Practices for Detecting and Mitigating Advanced Persistent Threats, Gartner Research.