Dealing With Advanced Persistent Threats

This blog is an excerpt from GovLoop’s recent industry perspective, Advanced Threat Protection in the Public Sector: Addressing 3 Critical Shortfalls. Download the full perspective here.

Federal networks and systems today are under unrelenting attack by persistent, sophisticated and resourceful adversaries who operate on behalf of nation states or criminal groups with the aim of stealing sensitive data, causing harm or exploiting federal and military systems. Furthermore the problem is worsening: The Government Accountability Office reported that cyber incidents affecting federal systems spiked from 5,503 in 2006 to 67,168 in 2014 — an incredible 1,121% increase.

Many of these incidents are likely from advanced persistent threats, or APTs. This category of cyberthreat is particularly difficult to detect and protect against for several reasons. For one thing, APTs are tailored to penetrate specific targeted networks or organizations. For example, an attacker may insert malicious code via an email customized to a specific person with access to a targeted network. The email will be designed to appear as though from a friend, relative or colleague so as to gain that person’s trust in disclosing a password or opening a malicious attachment. Or an attacker may rely on other sophisticated means, sometimes employing so-called “zero day” tactics, which exploit vulnerabilities in software or hardware that are not publicly known.

Also, APTs approach from multiple vectors, such as email, a Web page or a shared file. They are often the product of extensive planning and resources. They take the form of a campaign over time, not just a single piece of malware, which increases the chances of success. They enter a network quietly and remain stealthy long afterward. If and when they are detected, it is often already too late to prevent damage.

The proliferation of cyber incidents reported by federal agencies reflects many challenges confronting government. For example, many agencies struggle to assess risks and develop and implement security controls. Many are also vulnerable due to poor basic cyber hygiene, budget constraints, excessive access points to the Internet, cyber skills shortages and the prevalence of legacy IT systems ill-designed for security. These are generally well-known challenges that policymakers are working to address.

But there also are technical challenges that complicate the government’s ability to counter advanced threats. Three industry experts — Ken Durbin, Unified Security Practice Manager, and Tom Blauvelt, Security Architect, both at cybersecurity company Symantec, and Don Maclean, Chief Cybersecurity Technologist at DLT Solutions — discussed these technical challenges with GovLoop and how federal managers can address them.

They agree that federal agencies can contain advanced threats if they bolster identification and authentication capabilities, implement data loss prevention, and automate cybersecurity functions as much as possible.

This Industry Perspective will assess each of these challenges and offer insights into how existing solutions and technologies can help agencies address them effectively.

Download the full guide here.

Symantec DLT_Logo_2color_Trademark (1)

Leave a Comment

Leave a comment

Leave a Reply