APT – the new generation: stealth, long term and deadlier than ever
Unlike most corporations, public bodies and even government agencies, Israeli clients are exposed to yet another layer of cyber risks, which are even more difficult and complex, as they originate in ideological, religious, military, geopolitical and sometimes even economic motivations.
In addition to ’regular’ attacks on organizational computers (which are usually designed to steal data, crack a technological challenge, or take revenge, in the case of a disgruntled employee or supplier), cyberattacks by various countries (at times major foreign powers), armed forces, intelligence organizations, terrorist cells and so on, tend to be more sophisticated, more difficult to monitor and long term (over months and years), as well as highly destructive, since they are discovered after the damage has been done.
All too often, APT attacks are not blocked by anti-viruses or firewalls, since they do not have an identifiable signature. These Zero Day attacks identify the vulnerabilities and security breaches posed by new network-based software – so they require a special, dedicated effort to handle them before they compromise the organization’s data systems.
Lockheed Martin President Marillyn A. Hewson recently issued the following press release:
“In the course of 2014 alone we have experienced some 50 cyberattack attempts, which we identified as APT attacks on our computer systems.”
Our answer for cyberattacks consists of a range of tools and systems, including firewalls, anti-virus software, anti-spam and anti-bot. Security against APT attacks requires familiarity with patterns akin to specific attacks, advance intelligence concerning malware signatures, the ability to monitor computer communication anomalies in the organization’s network, as well as collating all these events into an integrated insight that they amount to an APT.
Monitoring, identifying and thwarting advanced cyber threats is also executed using Sand Box, which is an isolated environment outside the active IT array (like a test environment). We refer seemingly harmless files (bound for organizational addresses) to Sand Box, where they are closely inspected (Deep Packet Inspection – DPI) and then retrieved to the operational environment only upon verification they are malware-free.
- Synchronized and unified reporting to monitor and alert for any APT event
- Neutralizing potential risks by isolating them and sending them to Sand Box (simulating real environment)
- Deep Packet Inspection (DPI)
- Discovering anomalies within the organization’s outgoing traffic
Best of Breed: Choosing the best product
After carefully exploring software vendors and existing on the shelf technologies, we at Spider Solutions have chosen as our business partners for Advanced Persistent Threats manufactured by: Trend Micro, Check Point, BlueCoat.
Spider Solutions’ service concept:
We place the highest emphasis on prompt, professional, courteous and efficient service, so we dedicate a great deal of time and resources in training our employees and certifying them by the leading software and hardware companies, our business partners.
Spider Solutions’ call center, which is on call 24/7, is fully staffed with data security engineers at our clients’ disposal.