Toto, I have a feeling we’re not in Kansas anymore

Cyber threats and attacks used to be about fame, politics, boredom and personal challenge. Now, it’s about ROI. Criminals have evolved and become more strategic – advanced persistent threats (APTs) are here and antivirus protection and traditional firewall port security are no longer enough. Criminals using APTs want data, so the more valuable an organization’s data, the more likely it is to be targeted.
Government agencies and organizations in industries such as finance, energy, healthcare, aerospace and defense are the most likely targets of APT infections. Users and organizations with access to valuable data through business relationships, such as smaller vendors and contractors, are also being targeted.
So, what is an APT? Although the term first referred to nation-states engaging in cyber espionage, APTs are now in use by cyber criminals everywhere to steal data from businesses for financial gain. What distinguishes an APT from other threats? Simply put, they are targeted. Unlike most malware, which randomly infects any computer susceptible to a given exploit, APTs target specific organizations with the purpose of stealing specific data, or causing specific damage.
Another important differentiating characteristic between most malware and an APT is its ability to evade detection by network security controls while still mining and collecting data. The many ingenious methods in use, such as unknown zero-day exploits, rarely have antivirus signatures available to provide adequate protection and response.
To achieve their objectives, those utilizing APTs must still find vulnerabilities within a target’s infrastructure, assess the security controls in place, determine how to distribute the attack and exploit the weaknesses, compromise the perimeter, gain access to privileged hosts, identify the target data and then extract it. This requires extensive research and the process could take several months, or even years. But once an APT has successfully compromised the network, the complexity and evasiveness of the threat make early detection nearly impossible by most perimeter defense mechanisms. If your organization’s technological defenses and strategies are dated, it is very likely that your bottom line will discover the damage well before your technology does.
Enter the Cisco X-Series Next-Generation Firewall. While a layered defense strategy is still required, the Cisco X-Series protects networks against many types of malware, including web-based threats, vulnerabilities, and advanced persistent threats (APTs) via Cisco Cloud Web Security and Cisco Security Intelligence Operations (SIO). Cisco Cloud Web Security provides centralized, cloud-based integration with Cisco ASA firewalls and integrated services routers, delivering localized network security, comprehensive malware protection, visibility and control of web applications. Cisco SIO is a cloud-based service that performs real-time analysis of telemetry from nearly two million security devices and more than 150 million mobile endpoints throughout the world. Continuous updates on Internet threats, network vulnerabilities, and host site reputation are sent to Cisco security devices every three to five minutes, providing near real-time protection from zero-day threats. Cisco customers can use this information to develop and enforce more granular, robust security policies to proactively protect their networks months ahead of a specific threat.

Comments are closed.