Advanced Persistent Threat
Bit9's adaptive application whitelisting approach provides advanced persistent threat detection and protection for your Enterprise network. In the computer security industry, Advanced Persistent Threat (APT) is a term used to refer to the long-term pattern of targeted attacks. These sophisticated attacks are often aimed at Western governments, companies and political activists. Some groups involved in using advanced persistent threat attacks have been allegedly from nation-states, including China.
Definitions:
Advanced — Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the attack may not be classed as particularly "advanced" (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required to bypass any advanced threat protection companies have in place. They combine multiple attack methodologies and tools in order to reach and compromise their target.
Persistent — Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a "low-and-slow" approach is usually more successful.
Threat — Means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal operators have a specific objective and are skilled, motivated, organized and well funded.
Malware, the foundation for successful advanced persistent threats, is leveraged to retrieve confidential information, map infrastructure topologies, discover social relationships, map organizational structure, and maintain continuous control across compromised hosts. Unlike traditional malware that has a short life expectancy and tends to create burst of network traffic, advanced persistent threats attempt to stay stealth as long as possible slowly moving from one compromised host to the next without generating regular or predictable network traffic.
Bit9 defends against advanced persistent threats by simply preventing the introduction of any unauthorized code to endpoints. Without the ability to deposit malware the criminals lack the visibility, persistence, and control they need to compromise their targets and achieve their objectives.