Bit9 Leader in Application Whitelisting

Skip Navigation Bit9 Products
Bit9 Parity Demo
Learn how Bit9 can help you manage your desktops:

Advanced Persistent Threat

In the computer security industry, "Advanced Persistent Threat" (APT) is a term used to refer to the long-term pattern of targeted sophisticated hacking attacks aimed at Western governments, companies and political activists, and by extension, also to refer to the groups behind these attacks. Some of the groups involved in the APT have been alleged by numerous sources to be affiliated with, or agents of, nation-states.

Definitions:

Advanced — Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the attack may not be classed as particularly "advanced" (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They combine multiple attack methodologies and tools in order to reach and compromise their target.

Persistent — Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a "low-and-slow" approach is usually more successful.

Threat — Means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal operators have a specific objective and are skilled, motivated, organized and well funded.

Malware, the foundation for a successful APT, is leveraged to retrieve confidential information, map infrastructure topologies, discover social relationships, map organizational structure, and maintain continuous control across compromised hosts. Unlike traditional malware that has a short life expectancy and tends to create burst of network traffic, APTs attempt to stay stealth as long as possible slowly moving from one compromised host to the next without generating regular or predictable network traffic.

Bit9 defends against APTs by simply preventing the introduction of any unauthorized code to endpoints. Without the ability to deposit malware the criminals lack the visibility, persistence, and control they need to compromise their targets and achieve their objectives.