Managing today’s security threats: APT and EVT
New technology means new threats and new trends in threats. So what’s hot in security threats right now? Advanced persistent threats and advances evasion techniques. Let’s take a minute to explore what these threats are and how you can combat them.
Advanced Persistent Threats
What is APT?
Advanced Persistent Threat or APT refers to an attack on a network where an invader gains access and then hangs out for a long time. Unlike simple attacks where the hacker tries to get in and get out as quickly as possible, in an APT intruders attempt to go undetected in order to collect as much data as possible from a network. Targets of APTs tend to be organizations with high-value information like financial institutions, defense operations or manufacturing.
How to combat APT
To combat APT it’s important to understand what makes these attacks effective. APTs use a variety of techniques to get in and remain undetected for long periods of time. Each technique on its own might be easy enough to defend against, but the onslaught of tactics makes it seem more complicated. However, if done properly, basic security measures can protect an organization from advanced persistent threats. A few tips:
- Vet staff and contractors
- Manage access to information
- Use multi-factor authentication
- Monitor navigation behavior
- Use firewalls
- Monitor high-risk areas for attack
As with any threat, educating employees about high-risk areas and what to look out for is key for early detection. If your organization does detect an APT, it’s important to preserve forensic evidence and information while also shutting down the attack quickly.
Advanced Evasion Techniques
What is EVT?
Advanced Evasion Techniques refer to attacks that use a variety of known evasion techniques so systems won’t detect system invasions. These evasion techniques are distributed over multiple layers of a network simultaneously, and the code itself is not necessary malicious. The threat is in an organization’s inability to detect the intrusion. There are currently more than 200 undetectable evasion techniques that can’t be recognized by intrusion detective systems.
How to combat EVT
By nature, these attacks are hard to detect; simply using a firewall will not protect you from EVT. To detect and combat advanced evasion techniques is going to take a number of techniques. A few things you’ll want to be aware of:
- Educate employees about EVTs; they aren’t attacks so much as delivery systems.
- Know your risks; are you storing sensitive, valuable information?
- Fully understand the perimeters of your invasion prevention tools.
- Test and understand the capabilities of your security solutions against EVTs.
Despite the advanced nature of these threat trends, each is made up of recognizable and combatable components. Identifying and understanding the nature of these threats will help organizations recognize and fight back against them.
