Advanced persistent threats are especially nasty. Cybercriminals (the skilled ones, at least) have moved beyond simple intrusions, viruses and worms. Nope, these people want to steal your data, for whatever reason. Your data has value. And the bad guys are willing to invest time and money to break into your network. They have upped the ante.
“Advanced persistent threats are just that - advanced and persistent,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's advanced threat protection (ATP) and cybersecurity solutions. “The attack is multi-faceted. They might try to get into your system via email and social engineering; they might target an unsecured mobile phone to gain access and then move sideways into the sensitive data. They look for unprotected ports. Or they'll try to use brute force to get a weak password. And, if you are a high value target, they'll keep trying until they get stopped or get through.
Five key steps to ATP
So what can you do? The answer is to fight multi-faceted threats with defence-in-depth to reduce the attack surface. There are five critical components to advanced threat protection:
- Access control
- Threat prevention
- Threat detection
- Incident response
- Continuous monitoring
These components, working in concert and kept current, can go a long way in protecting your network, data and reputation.
Access control Access control reduces the attack surface by forcing all users and traffic through established inspection points running appropriate threat prevention and detection technologies. Solutions include Layer 2/3 firewalls, patch management and two-factor authentication. A security-centric infrastructure with a hardened OS provides pervasive security.
Threat prevention Threat prevention stops malware before it enters the network. Most attacks utilise modified versions of known malware to bypass content-oriented inspection. Threat prevention technologies - such as intrusion prevention, application control, web/email filtering and anti-virus/spam - keep the windows and doors shut. Proactive solutions, typically subscription-based services from organisations such as Fortinet's FortiGuard Labs, can identify and stop most malware.
Threat detection If you do detect a threat - or even suspect that your perimeters have been breached - you need to take immediate action. For instance, you can ‘sandbox', run objects in a contained environment, to isolate threats. Similarly, botnet detection uncovers communication patterns indicating botnet activity.
Incident response If a security event occurs, incident response actions kick in to validate and contain the threat. All components, including those deployed for detection and prevention, need to work in concert for fast response and corrective action.
Continuous monitoring Containment and response leads into continuous monitoring for ongoing assessments and audits. These activities identify and specify the effectiveness of an organisation's security, the state of security amongst their peers and the continued evolution in the threat landscape.
“If you can provide these five components inside a homogeneous security-centric framework,” concludes Khan, “you'll be going a long way to keep your data safe and your reputation intact. Fortinet is leading the charge against these advanced persistent threats and we can help you keep your networks more secure. Give us a call (below) and we can show you how.
For further information, please contact:
Hugo Hutchinson, Business Development Manager Email :hugo.hutchinson@ingrammicro.com Mobile :021 245 8276
Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com Mobile: 021 241 6946
Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com Mobile : 021 819 793
