Dctechsource.com Home Page
FAQ Contact Get Updates
Bookmark
 
 
Follow Us: Become a fan of Dctechsource.com on Facebook Follow Dctechsource.com on Twitter!
 
 
 
 
Home > News
RSS Print Page Email Page
 

Bookmark
News   |   Feature Stories
 

Companies Step Up Response to Advanced Persistent Threats

The network security game is changing with the rapidly growing prevalence of advanced persistent threats – thorough, well-funded attacks on enterprise networks.

By Avery Fellow | March 11, 2010


Matt Watchinski, senior director of the Vulnerability Research Team at Sourcefire
After Google was hacked from within China last year, businesses have been paying closer attention to the danger of advanced persistent threats (APTs) – well-funded, deep attacks on enterprise networks.

"We’re starting to see big companies, like Google, come out and talk about their fight against APTs," said Matt Watchinski, senior director of the Vulnerability Research Team at Sourcefire Inc., a Columbia, Md. company that makes threat detection and prevention defenses for companies, government agencies and the military.

"There’s a difference between your run-of-the-mill attacker and the person who actually cares about the data that he is trying to steal from you," Watchinski said. According to Watchinski, the APT attackers have more cash and backing and are often seeking money and intellectual secrets, rather than just looking to cause a disruption.

"APT is organized by people who have resources, money, time and they care about the data they are going after. Whereas your casual attacker who is using some off-the-shelf rotator botnet is really not an APT," Watchinski said.

Additionally, there is an important distinction between APT and malicious software, or malware.

"They usually use more than one technique and lots of different control channels so if one gets shut down, they can go after another. It’s an umbrella," Watchinski said.  He continued, saying that attackers use Word docs, PDFs and fishing – taking advantage of a trusted relationship between business partners to exploit a company’s network. "We’re seeing a blended type of threat," Watchinski said.

"It’s difficult to stop an attacker from getting a small foothold on your network," Watchinski said. "It’s easier to catch them after the fact when they call home and try to transfer data."

So how can businesses cope with these threats?

"No single device is going to protect you from APT because APT is not a singular thing," Watchinski said, suggesting a set of network prevention devices, host prevention systems, and other protection devices.

"Just deploying one security technology is not going to save you from these threats," Watchinski said.

For businesses looking to protect their network, Watchinski suggested, "Make sure you are using something that you can customize to your environment and protect the things you know about."

Watchinski’s Vulnerability Research Team explores complicated file formats to find and address vulnerabilities, makes the information available to clients and publishes new findings on its blog, http://vrt-sourcefire.blogspot.com/. The team processes 27,000 malicious pieces of software per day.

 


Related Keywords : security

Read More News

Name:

City:
State:
 
Comments:

We look forward to reviewing your comments!

Please input the text and numbers that you see above into the following box in order to post your comment.

 

Comments

 

Americaneagle.com


 
Americaneagle.com

Home  |  News  |  Events  |  Jobs  |  About  |  Contact Us  |  FAQ  |  Site Map  |  RSS  |  Advertise with dcTechSource

© dcTechSource. All Rights Reserved   |   Web site design and development by Americaneagle.com  |  Privacy Policy  |  Terms & Conditions