Tuesday, July 13, 2010

My Article on Advanced Persistent Threat Posted

My article Understanding the Advanced Persistent Threat provides an overview of APT. It's the cover story in the July 2010 Information Security Magazine. From the article:

The term advanced persistent threat, or APT, joined the common vocabulary of the information security profession in mid-January, when Google announced its intellectual property had been the victim of a targeted attack originating from China. Google wasn't alone; more than 30 other technology firms, defense contractors and large enterprises had been penetrated by hackers using an array of social engineering, targeted malware and monitoring technologies to quietly access reams of sensitive corporate data.

Google's public admission put a high-profile face on targeted attacks and the lengths attackers would go to gain access to proprietary corporate and military information. It also kicked off a spate of vendor marketing that promised counter-APT products and services that have only served to cloud the issue for security managers and operations people.

In this article, we'll define APT, dispel some myths and explain what you can do about this adversary.

3 comments:

Alex Raitz said...

Great article!

I especially like the section towards the end regarding getting that knock on the door from the FBI versus soliciting them for a briefing.

Mister Reiner said...

Nice. Thanks for clearing things up Richard. I've been dealing with APTs since 2002 and I was like, "What's up with this new term?? Why is everyone treating APT like it's something new? Why are people getting so excited about all of this?" Now it makes sense. lol

My recommended solution for dealing with APT: Connectivity auditing!

Cheers

Anonymous said...

I'm baffled why the word "China" is classified. The source IP is coming from China, the attackers browser is set to Mandarin Chinese....
Quacks like a duck, walks like a duck.....

APT, why not China....no wonder there is confusion