Posted on

Using Advanced Persistent Intelligence to Fight Advanced Persistent Threats

Face it, we’re all locked in a cyber-security arms race. Attackers are becoming smarter and more aggressive, while corporate networks and the data in them are becoming more complex and difficult to defend. Isn’t it about time we started fighting fire with fire, using advanced persistent intelligence to fight advanced persistent threats (APTs)?

Today’s APTs are more targeted and stealthy than ever. Attackers choose their victims carefully and craft their attacks specifically to gain undetected access to the network.

Consider the ease with which attackers were able to spear-phish staffers at the Democratic National Committee and trick them into providing email credentials, or how hackers were able to target the right accounts at the right banks to make off with $81 million from Bangladesh Bank.

Once inside, APTs deploy targeted malware designed to fly under the radar of traditional security, giving them time to learn the ins and outs of the network and hone in on the most lucrative data sets. They then quietly exfiltrate critical data, dripping data out slowly and unobtrusively, or hiding packets within legitimate traffic streams. Consequently, APTs are able to evade detection for weeks, even months, continually siphoning off data while leaving their victims none the wiser.

In this APT world, traditional signature-based tools alone are not enough. Instead, organizations need to embrace advanced persistent intelligence and defend the network using the same level of patience, expertise and technology as attackers. This means:

·         Giving employees the right intelligence: Your employees are your first line of defense – but they can’t recognize and deflect attacks if they don’t know the warning signs. A strong defense requires an effective security awareness program that keeps users abreast of the latest tactics and helps them identify possible phishing attacks or social engineering scams before they create problems.

·         Deploying layered defenses: To increase the chances of detection, organizations need to layer on different controls combining tools like antivirus, IDS/IPS and SIEM systems with advanced behavior-based controls such as next-generation firewalls and sandboxing. Along with strong vulnerability/ patch management, endpoint protection and authentication/identity management, defense-in-depth ensures attacks that evade one control are stopped at the next, or at least slowed to the point where they can be detected.

·         Responding rapidly: It’s not if but when you’ll be breached. That means companies need a solid incident response plan to recognize and shut down new attacks quickly, minimize damage and stop further leakage.

Fortinet’s Advanced Threat Protection Framework Fights Fire with Fire

Our partner Fortinet knows the challenges today’s APTs present. Its Advanced Threat Protection (ATP) solutions are engineered to provide the high degree of visibility and intelligent, automated collaboration needed to protect, detect and mitigate even the most sophisticated APTs.

With Fortinet’s FortiSandbox, FortiClient endpoint protection and FortiGate next-generation firewalls, Fortinet’s ATP works to intelligently block known malware, detect new attacks, create signatures on the fly and quickly update all ATP tools, automatically thwarting both known and unknown attacks. When integrated with Fortinet’s Security Fabric platform, even non-Fortinet solutions like Carbon Black’s endpoint protection can participate via the fabric’s open API-based architecture. The result is advanced, persistent intelligent defense end-to-end — across internal data centers, the cloud, mobile and more.

A partner of Fortinet, Fine Tec is in the ideal position to help arm your customers with the advanced persistence intelligence they need to fight ATPs. Learn more.