Advanced Persistent Threats Detection Effectiveness

Organizations invest a great deal of resources protecting themselves from external real world threats – everything from leading-edge physical security and surveillance systems, to trained and certified security staff, and more.

Yet, what about detecting malware and advanced persistent threats (APTs)? That is, how effective are today’s organizations in thwarting attacks from within that could reap widespread havoc, and lead to massive financial losses and irreparable reputation damage, and possibly even exposure to fines, sanctions and litigation?

According to the Mandiant’s annual threat report “M-Trends® 2013: Attack the Security Gap™“, which was released on March 13, 2013, the results aren’t inspiring:

• Nearly 66% of organizations are unaware that they’re under attack, and only learn about it from an external source, such as a law enforcement agency
• Most attacks go completely unnoticed by organizations for almost eight months
• To cover their tracks and find new ways to get around network security, cyber criminals are relying more than ever on outsourced service providers and partners
• Cyber criminals are employing a “reconnaissance” approach, in which they steal valuable data over a series of attacks and use that to do more damage in less time

And perhaps most chillingly:

• APT attacks are fundamentally designed to be relentless, and don’t stop until their objective has been completed – i.e. stealing valuable (or invaluable) data and permanently destabilizing their victims

So, that begs the question: why aren’t more organizations doing a better job of detecting APTs? It’s not because they aren’t taking the problem seriously; many of them are (and it’s keeping them awake at night). Rather, the reason they’re vulnerable is because their current on-premises detection solution is coming up short, because it:

• does not cover external employees and partners
• does not cover any cloud applications located outside of the network
• delivers plenty of “false positives”
• is an outdated signatures-based solution

At the same time, many of these same organizations are struggling with the fact that, while their current APT detection solution is quite expensive, there’s no clear ROI. They’re also hesitating to spend even more of their limited budget (or, typically, exceed it) so that they can cover their entire internal network together and remote sites. And they’re unwilling to trade-off added security for reduced network performance.

As a result, many organizations are resigning themselves to the belief that there is no clear “bulletproof solution” out there that can protect against APTs – and as such, they’re living in fear, and hoping that tomorrow their luck doesn’t run out.

Fortunately, despite the sophisticated nature of APTs (these are not bored students in their parent’s basement looking for a quick thrill; these are sophisticated and surprisingly very well organized cyber criminals, hacktivists or nation-states), there is a way for organizations to dramatically fortify their defenses.

They simply need to choose an APT detection solution that:

• conducts cloud-based analysis of data over long periods of time, which is far superior and cost effective to any on-site device, since it’s not limited by appliance capacity (e.g. memory, storage, CPU, etc.)
• performs an elastic and automated malware analysis, which significantly increases the chances of identifying unknown and targeted attacks
• uses a unique botnet infection dataset that can correlate and identify an attack
• is non-intrusive, and will therefore not adversely impact the network
• does not deliver false positives (without exception!)

Ultimately, organizations that choose an advanced persistent threats detection solution that achieves the above will not only diminish the likelihood of an attack, but they’ll increase their ability to detect and eventually enhance their on-premises solution to stop the attacks as they occur. And that’s a recipe for a secure network – and peace of mind.