Advanced persistent threats and targeted attacks:

  • Have caused numerous large, costly data breaches
  • Routinely defeat or evade traditional security measures
  • Are targeting growing numbers of organizations
  • Result in strategic chaos, massive costs, and crippled careers

Fortunately, advanced capabilities are available to help you detect, analyse, and respond to these attacks before damage is done.

Why they’re different

Based on extensive prior research, targeted attacks and advanced threats (also sometimes referred to as advanced persistent threats or APTs), are purpose-built to breach your network and steal your data, intellectual property, and communications without being detected.

Traditional threats:

  • Generic – A virus or malware is repurposed and aimed at any target it can find.
  • Scattershot – A virus or malware is cast widely across the Internet in the hope of finding a foothold in any end-user device or corporate server.
  • Predictable – The virus or malware remains in a generally consistent form and behaves in a generally consistent manner, which creates opportunities to identify and block it.

Targeted attacks and advanced persistent threats:

  • Customized – An attack on your network is a carefully planned heist. Attackers carry out extensive research and tailor the attack targeted at evading your specific defences, explore your specific network, and steal specific types of high-value data.
  • Surgical – Rather than being scattered to the wind, targeted attacks and APTs are carefully delivered to specific targets, often using highly convincing email intended for a single individual within your organization as a penetration vector.
  • Highly sophisticated – Today’s targeted attacks and advanced persistent threats use complex techniques to conceal themselves from your defences. Once inside the network, they can alter their appearance, switch ports and protocols, and remain undetected for long periods as they move around the network to find and steal your data. Detecting these attacks requires a modern, advanced solution that provides visibility into every corner of your network.

Business impacts

Targeted attacks and advanced persistent threats have led to many of the major data breaches of recent years. Organizations of all kinds and sizes—including yours—are at risk. Indeed, your network may well already have been compromised.

Targeted attacks are as much a strategic business concern as they are a security concern. The consequences go well beyond creating headaches for your security professionals. The strategic impacts of targeted attacks and advanced threats include:

Unexpected strategic impacts:

  • Loss of revenue.
  • Loss of intellectual property.
  • Deterioration or loss of intangible assets: technology, market, customer, operational practices, etc.
  • Erosion of market value.

Unexpected risks:

  • Litigation by shareholders, customers, employees, or suppliers.
  • Accountability for your network being used as a beachhead to launch attacks against customers, suppliers, business partners, or others.
  • -Deterioration of brand equity.

Unexpected costs:

  • Regulatory filings.
  • Internal and/or external investigation.
  • Compensation.

Unexpected career impacts:

  • Scapegoat effect.
  • Resignation or dismissal of c-level executives.
  • Risk to reputation and market value of directors and executives.

Detecting the Attacker with Trend Micro Deep Discovery Inspector

Deep Discovery Inspector is an advanced network protection appliance that monitors virtually all network traffic to identify and analyse malware, command-and-control (C&C) communications, and evasive attacker activities that are invisible to standard security. Unlike standard security solutions, Deep Discovery Inspector:

·Scans all network ports and over 80 network protocols for broad coverage.

·Accurately detects advanced malware by using custom sandbox images that precisely match system configurations.

·Uses multiple techniques to identify attack signals across a range of endpoints and mobile devices including Microsoft Windows, Apple OSX, and Android.

Blocking Attackers with TippingPoint Next-Gen IPS and Next-Gen FW

TippingPoint NGIPS and NGFW deliver high-performance inline protection against a broad range of attack elements including malware, C&C, and vulnerability exploits. The TippingPoint Security Management System (SMS) provides central management, policy control, and SIEM integration to enable enterprise-wide investigations.

When integrated with Deep Discovery Inspector, NGIPS and NGFW can block newly discovered C&C paths identified by Deep Discovery sandbox analysis. Deep Discovery Inspector maintains a real-time link with TippingPoint SMS to convey Indicators of Compromise (IOCs) that SMS broadcasts to all TippingPoint devices per explicit policy management configurations. The devices can then block all subsequent C&C to/from the C&C location for any host on the network.