Countering Advanced Persistent Threats

This week’s ISSA-UK Chapter meeting addressed the subject of the Advanced Persistent Threat (APT). It was illuminating to hear four very different perspectives from a government expert, an engineer, a banker and a top US technologist.

Surprisingly, none of the speakers seemed to grasp the true nature of an APT. They described it as either a method of attack used by governments and criminals, an undetectable Trojan, or just another form of malware attack. In fact, an APT is exactly what it says: a threat that is both sophisticated and persistent. It’s someone that’s after your secrets: someone prepared to invest serious expertise, time and money to get them, and who will not go away, even after they’ve got them.

Each speaker recommended a different solution. The answer was either to share intelligence, install monitoring technology, educate your staff, or implement self-encrypting drives. These are all useful measures. But only the last one is guaranteed to eliminate  a major vulnerability that enables the type of deep-seated, covert attacks associated with APTs. The rest simply improve your odds of detection, which is not good enough, since an attacker only has to succeed once to succeed.  

One speaker claimed “There is no silver bullet technology solution”. That might indeed be true. But there are several available security technologies that are highly effective, yet not commonly deployed. Perhaps the real exposure is that today’s security community is too obsessed with compliance and established process, and takes insufficient interest in emerging security technologies.