Assessing the APT threat

Assessing the APT threat


Do security vendors secretly create the attacks their tools are designed to ward off? Of course not, but that old chestnut hints at a broader suspicion about whether the current state of security is really as bad as the security firms make it out to be, especially when it comes to the latest poster child: advanced persistent threats.

To ascertain just how real the APT threat is, the Enterprise Strategy Group surveyed 244 security professionals in companies with more than 1,000 employees. "When we started this project there was a fair amount of debate about APTs," says Jon Oltsik, a principal analyst at ESG and a Network World blogger. "Was this type of attack real and unique or were APTs nothing more than a marketing term to add an alarming label to pedestrian types of cyber attacks?"

IN DEPTH: What is an 'advanced persistent threat,' anyway?

The pros are divided. Some 50% view APTs -- examples of which include Stuxnet, Aurora and Zeus -- as a unique type of threat, while 48% say they are somewhat unique but similar to other threats, and 2% say they are not unique.

It appears the more you know about APTs, the more likely you are to perceive them as unique. Most CISOs said "they didn't think APTs were anything new until they were attacked," Oltsik writes. "As they watched APT attacks unfold, they were blown away by how they adapted, moved around the network, rooted themselves in systems, and used sophisticated (and often homegrown) innovation to fool security tools and remain stealthy."

The actual attack rates are surprising. Some 20% of those surveyed said they are certain they have been targeted, while another 39% said they are fairly certain they have been targeted. The latter is telling given that stealth and patience are hallmarks of APT attacks. Operation Aurora, originally directed at Google, spanned nine months. [see "Living with the knowledge that we're infected"]

What are companies doing to fight back? Some 50% do formal penetration testing one or more times per quarter, and for up-to-the-minute information about ongoing attacks, 68% rely on net management tools, 51% use log file analysis, 43% use IDS/IPS alerts and 41% lean on SIEM tools.

Of the survey respondents that are most prepared for APTs, 90% say they have implemented new or modified security processes to deal with APTs, while 60% have invested in new defense technologies. Training is also key: 56% of this prepared group say they are adding APT training for the security staff, while more than half will also train general employees about the threats. (This comprehensive study has many other relevant findings; click here to learn more.)

The take-away seems to be this: Those that know the most are most afraid of APTs. So if you're not sweating them, maybe you should be.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cybercrimelegalEnterprise Strategy


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Brand Post

Channel Roadmap

The Channel Roadmap is a bespoke content hub housing strategic priorities from technology vendors for 2022 and beyond, partners can find the guidance on the key technologies and markets to pursue, to help build a blueprint for future success.

Show Comments