Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Assessing the APT threat

Do security vendors secretly create the attacks their tools are designed to ward off? Of course not, but that old chestnut hints at a broader suspicion about whether the current state of security is really as bad as the security firms make it out to be, especially when it comes to the latest poster child: advanced persistent threats.

To ascertain just how real the APT threat is, the Enterprise Strategy Group surveyed 244 security professionals in companies with more than 1,000 employees. "When we started this project there was a fair amount of debate about APTs," says Jon Oltsik, a principal analyst at ESG and a Network World blogger. "Was this type of attack real and unique or were APTs nothing more than a marketing term to add an alarming label to pedestrian types of cyber attacks?"

IN DEPTH: What is an 'advanced persistent threat,' anyway?

The pros are divided. Some 50% view APTs -- examples of which include Stuxnet, Aurora and Zeus -- as a unique type of threat, while 48% say they are somewhat unique but similar to other threats, and 2% say they are not unique.

It appears the more you know about APTs, the more likely you are to perceive them as unique. Most CISOs said "they didn't think APTs were anything new until they were attacked," Oltsik writes. "As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy."

The actual attack rates are surprising. Some 20% of those surveyed said they are certain they have been targeted, while another 39% said they are fairly certain they have been targeted. The latter is telling given that stealth and patience are hallmarks of APT attacks. Operation Aurora, originally directed at Google, spanned nine months. [see "Living with the knowledge that we're infected"]

What are companies doing to fight back? Some 50% do formal penetration testing one or more times per quarter, and for up-to-the-minute information about ongoing attacks, 68% rely on net management tools, 51% use log file analysis, 43% use IDS/IPS alerts and 41% lean on SIEM tools.

Of the survey respondents that are most prepared for APTs, 90% say they have implemented new or modified security processes to deal with APTs, while 60% have invested in new defense technologies. Training is also key: 56% of this prepared group say they are adding APT training for the security staff, while more than half will also train general employees about the threats. (This comprehensive study has many other relevant findings; click here to learn more.)

The take-away seems to be this: Those that know the most are most afraid of APTs. So if you're not sweating them, maybe you should be.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APT, Google, IPS, LAN
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cybercrime, Enterprise Strategy, legal, security
Latest Blog Posts
Whitepapers
  • Look both ways - Protecting your data with content inspection
    Today’s threat environment is as dynamic as the business world in which we operate. As the communications channels we use continue to proliferate and evolve, so too have the vulnerabilities. Finding the right balance between ensuring the security of sensitive data, enabling the free flow of information and making full use of the latest web-based technologies can be a challenge. Deep content inspection is a vital layer in any unified information security strategy, helping organisations to take control over their information assets while proactively protecting against malware and data leakage. Read on.
    Learn more »
  • Case Study - TNT Express successfully reduces their paper usage and costs using a new document solution
    in 2009 TNT decided to evaluate the market for new head office multifunction devices (MFD) as their current MFD fleet was almost seven years old. The objective was to reduce the number of devices and improve productivity, meet TNT’s future technical requirements and reduce the total cost of ownership of the equipment. They were also looking for a provider who would provide cost and service reporting as well as help streamline their electronic archiving requirements via the scanning of dockets and documents. Read on.
    Learn more »
  • Maximise Software Cost Savings by License Reharvesting, Recycling & Applying Product Use Rights
    Software asset management (SAM) is a complex process that enables organisations to gain control of their software estate from both a license compliance and financial standpoint. In many organisations, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimate that 30% or more of IT budgets are consumed by software license and maintenance costs. By optimising the SAM process, organisations can maximise software utilisation, reduce the risk of non-compliance (audits, fees, penalties), and reduce overall IT costs by as much as 5 to 10% per year. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.