Assessing the APT threat

Do security vendors secretly create the attacks their tools are designed to ward off? Of course not, but that old chestnut hints at a broader suspicion about whether the current state of security is really as bad as the security firms make it out to be, especially when it comes to the latest poster child: advanced persistent threats.

To ascertain just how real the APT threat is, the Enterprise Strategy Group surveyed 244 security professionals in companies with more than 1,000 employees. "When we started this project there was a fair amount of debate about APTs," says Jon Oltsik, a principal analyst at ESG and a Network World blogger. "Was this type of attack real and unique or were APTs nothing more than a marketing term to add an alarming label to pedestrian types of cyber attacks?"

IN DEPTH: What is an 'advanced persistent threat,' anyway?

The pros are divided. Some 50% view APTs -- examples of which include Stuxnet, Aurora and Zeus -- as a unique type of threat, while 48% say they are somewhat unique but similar to other threats, and 2% say they are not unique.

It appears the more you know about APTs, the more likely you are to perceive them as unique. Most CISOs said "they didn't think APTs were anything new until they were attacked," Oltsik writes. "As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy."

The actual attack rates are surprising. Some 20% of those surveyed said they are certain they have been targeted, while another 39% said they are fairly certain they have been targeted. The latter is telling given that stealth and patience are hallmarks of APT attacks. Operation Aurora, originally directed at Google, spanned nine months. [see "Living with the knowledge that we're infected"]

What are companies doing to fight back? Some 50% do formal penetration testing one or more times per quarter, and for up-to-the-minute information about ongoing attacks, 68% rely on net management tools, 51% use log file analysis, 43% use IDS/IPS alerts and 41% lean on SIEM tools.

Of the survey respondents that are most prepared for APTs, 90% say they have implemented new or modified security processes to deal with APTs, while 60% have invested in new defense technologies. Training is also key: 56% of this prepared group say they are adding APT training for the security staff, while more than half will also train general employees about the threats. (This comprehensive study has many other relevant findings; click here to learn more.)

The take-away seems to be this: Those that know the most are most afraid of APTs. So if you're not sweating them, maybe you should be.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Enterprise Strategysecuritylegalcybercrime

More about APTGoogleIPSLAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Dix

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts