Protection against advanced persistent threats is becoming every business’s business
With Securicom’s advanced threat protection solution, every incoming e-mail is treated as suspicious, says Michael Morton, solutions architect at Securicom.
Companies should be as invested in protecting networks and data against advanced persistent threats (APTs) as cyber criminals are in targeting and implementing their attacks. In the past, APT countermeasures were only implemented by certain sectors where there were high-value targets like military plans and other sensitive government or enterprise damaging data. Nowadays, hackers are stealing data for financial gain or to get their hands on valuable intellectual property.
“Every business that values its data should have APT countermeasures in place,” says Michael Morton, Solutions Architect at specialist managed IT security services company, Securicom.
An APT is a targeted attack where an intruder spends time in gaining access to the network, in such a way that he can remain undetected for an extended period of time. Because APTs were time-consuming and resource intensive for hackers and required detailed understanding of networking and operating system typology, they were carefully targeted and less prevalent than they are today. As messaging gateways have evolved and become more advanced and easier to deploy, so too have APT attacks. The way APT attacks occur can now easily be adjusted and packaged for any attack and any vulnerable network.
APT groups will typically use highly targeted spear phishing attacks or social engineering to gain access to a network. The easiest and most common form in delivering the initial package is via mail. Due to the highly targeted approach, conventional anti-spam and anti-mail solutions will not necessarily detect this as an attack.
“What this means is that the majority of companies using traditional e-mail security tools are vulnerable. APT attacks happen where there is a lack of security and compliancy on the endpoint, such as a server, workstation or laptop. Missing patches, OS vulnerabilities, access controls and applications with missing security features are exploited and used to gain sensitive information,” says Morton.
He explains that protecting against APT attacks is not a single technology solution: “Having an APT protection tool at your e-mail gateway is highly recommended. But, this does not mean you should not patch your endpoints or update applications and operating systems. Due to the way in which APT attacks are built, you should have multiple tools and processes in place. This multi-pronged approach should include anti-APT technology at the e-mail gateway, anti-virus software that has built-in APT detection, a patch management solution, application reviewing tools, penetration testing capabilities and access control. Employee education is also crucial as APT attacks often include social engineering tactics.”
Securicom uses advanced threat protection (ATP) to protect against APTs. The solution comprises industry-leading technologies that are built into a multi-APT protection solution that fits within Securicom’s comprehensive e-mail content management service, e-Purifier.
With Securicom’s ATP, every incoming e-mail is treated as suspicious. ATP adds a proven layer of security to the organisation’s existing mail relay. Instead of relying of detection, ATP Mail Content Disarm and Reconstruction ensures security by transforming the entire e-mail message into neutralised (harmless) and trustworthy copy. ATP prevents advanced undetectable malicious code attacks and ransomware, while maintaining full usability, visibility and functionality.
Morton concludes: “Protecting against APT is not a single technology fix. It is a combination of technologies, processes and procedures combined with frequent reviews, and ideally, audits. The best way of protecting against APT is a healthy and active IT security ecosystem. Securicom can assist in providing a market leading e-mail solution, and endpoint protection that includes anti-virus, patch management and endpoint detection and response in combating APT threats.”
Securicom provides best in industry cloud-based Managed IT Security Services to address the increasing and ever evolving security threats that businesses face. Its partnerships with leading, global technology providers, combined with extensive experience in building and delivering locally hosted security services, ensure that its partners and customers can benefit from state of the art IT security, regardless of their size or number of users. Securicom’s solutions include email, endpoint and web protection, network security and cyber security monitoring. Securicom has offices in Johannesburg, Cape Town and Namibia; and has customers across the globe. For more information on Securicom, please visit www.securicom.co.za.