Today’s most damaging attacks are Advanced Persistent Threats (APT). Cybercrime is no longer random or about brute force, it’s more subtle - aiming to infiltrate, stay hidden, and extract data without detection. Rapid innovation on the malware front, the exploitation of new zero-day vulnerabilities, and emerging evasion techniques can all render any single security approach ineffective. A deeper, more comprehensive approach is needed to counter these increasingly sophisticated attacks. It’s not one particular technology that’s the key to Advanced Threat Protection (ATP), but the notion of the integration and collaboration between them.
Prevent–The Known Threats
Lots of malware is already known. Last year, nearly a quarter of malware was more than 10 years old and almost 90% discovered before 2014. Known threats should be blocked immediately through the use of next-generation firewalls, secure email gateways, endpoint security, and other similar products leveraging highly accurate security technologies.
Many new approaches can detect previously unknown threats and create actionable threat intelligence. Sandboxing allows potentially malicious software to be handed off to a sheltered environment so its full behaviour can be directly observed without affecting production networks.
The prevention of threats into the network is the first priority for any security system. But a clear detection and remediation process is key when, not if, they do. Once an intrusion has been validated, users, devices and content should be quarantined, with automated and manual systems in place to ensure the safety of network resources and organizational data. Previously unknown threats should be forwarded and analysed in depth, resulting in updates being fed back to the different services in the network providing every layer with the right mix of up-to-date protection.
Industrialization of the Hacking Sector
The average hacking house has evolved from the script kiddie to groups of specialized experts whose goal is to extract revenue from compromised information (User data, Ransomware, etc.,) Adversaries are increasing at an unprecedented rate and are becoming more sophisticated not only in their approaches to launching attacks, but also in evading detection. They are changing their tactics and tools from moment to moment, disappearing from a network before they can be stopped, or quickly choosing a different method to gain entry.