APT: It's about the attacker, not the attack

The term advanced persistent threats or APT is becoming increasingly common in discussions around information security, but not everyone in the security industry likes the term.

Critics typically question in what sense the attacks termed APTs are advanced or persistent, arguing that the term is misleading or inaccurate.

RSA’s Uri Rivner, however, provides a perspective on the term that gives an interesting insight into the nature of these attacks and should eliminate the need for any further debate.

In military parlance, he says, state-level or state-sponsored attacks are commonly termed APTs, and the same is true in the cyber world.

The term tells us about the type of attacker, and has nothing to do with attack methods or tools, says Rivner, head of new technologies, identity protection and verification at RSA.

APTs in the cyber context, then, simply refer to military-grade attacks against commercial entities.

What this means in real terms, says Rivner, is that this level of attack backed by powerful resources is something new to non-military information security professionals.

Never before have corporate networks faced this level of co-ordinated expertise that enables penetration capabilities that corporates are ill-equipped to handle.

Most business organisations do not have the forensic tools or skills at their disposal required to analyse and understand what is going on in their networks, says Rivner.

In the face of APTs, businesses need a new defence doctrine, which is under discussion by an increasing number of corporate chief information security officers, he says.

According to Rivner, APTs demand a new kind of strategy that accepts attackers will gain access to corporate networks, but is designed to detect, resist, investigate and recover from such attacks.