Gartner warns of advanced persistent threats and offers suggestions for mitigation

News by Dan Raywood

Security controls need to evolve as targeted threats have.

Security controls need to evolve as targeted threats have.

According to Gartner analysts, the term ‘advanced persistent threat' (APT) has been over-hyped and is distracting organisations from a very real problem. It said that as advanced security threats increase, simply adding more layers of defence does not necessarily increase security.

John Pescatore, vice president and distinguished analyst at Gartner, said: “Targeted attacks are penetrating standard levels of security controls and causing significant business damage to organisations that do not evolve their security controls.

“For the average organisation, four to eight per cent of executables that pass through anti-virus and other common defences are malicious. Organisations need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats. There are existing security technologies that can greatly reduce vulnerability to targeted attacks.”

He said that the reality is that the most important issues are the vulnerabilities and the techniques used to exploit them, not the country that appears to be the source of the attack.

“The major advance in new threats has been the level of tailoring and targeting, these are not noisy, mass attacks that are easily handled by simple, signature-dependent security approaches,” he said.

Gartner admitted that defending against such attacks can be costly, but it recommended always applying security in-depth with increased staff and technology levels, as well as the use of specialised threat detection, network forensics and situational awareness technologies.

Lance James, director of intelligence at Vigilant, said: “This year we have seen a marked increase of APT-type activity, either because they are occurring and being discovered more often, or possibly because more companies are reporting on them.

“APTs have been around for a long time. The information security community has been playing catch-up against a surge of cyber crime that started around 2003. We're technically becoming proficient and effective in identifying and preventing them, but many companies were not, and still are not, equipped to detect these threats, nor were they ready to announce such breaches publicly."

Frank Coggrave, general manager of EMEA at Guidance Software, said: “We must remember that cyber criminals are becoming increasingly skilled in evading detection and since attacks are consistently breaking through even the toughest of security systems, organisations need to focus on deploying incident response plans to mitigate the effects.

“Organisations can then establish where the attacks have come from and ensure rapid reaction and diligence in dealing with the threat.”

Wade Williamson, threat analyst at Palo Alto Networks, said: “I agree with Gartner's comments today, AET and APT are poorly defined terms in as much as they can mean different things to different people. Vendors tend to define ‘advanced' evasions and threats based on the capabilities of their most recently released product.

“IT professionals on the other hand will often define ‘advanced' based on the last threat that made it through their defences. Both of these definitions can be a bit self-serving rather than scientific.  

“We should realise that an evasion technique (advanced or otherwise) is a component of a persistent attack. Put very simply, for a threat to be persistent it must be able to communicate with a remote attacker or infrastructure. If it cannot communicate across secured boundaries, then a persistent attack will quickly be caught. As such, knowing how to hide yourself is part and parcel with being persistent.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews