Behavior Analysis for Discovery and Countering Advanced Persistent Threats

ORDER REPRINTS DOWNLOAD COMMENT DISCUSS SHARE

As threats evolve, the operator must be able to fully utilize new ways of detecting and combating these newer threats.

a variety of technologies for a defense-in‐depth solution. Consulting companies combine a consultant’s knowledge of the APT with their unique technology, or that of their partner's, to provide clients with another component of the solution. Companies that do "whitelisting" can be part of the holistic solution as well. Whitelisting can enable authorized access for specific software, applications and services. Whitelisting companies defend the endpoints against APTs by simply preventing the introduction of any unauthorized code to endpoints. Without the ability to deposit malware, the criminals lack the visibility, persistence and control they need to compromise their targets and achieve their objectives.

As threats evolve, the operator must be able to fully utilize new ways of detecting and combating these newer threats. The key is turning whatever information is gathered into actionable intelligence. While technology can help here, a more comprehensive solution must also address the need for better processes and training of our cyber warriors.

Over the past several years, there has been much discussion about situational awareness — the ability to understand what is happening on a network, from the traffic patterns to the context of changes in those traffic patterns. Indeed situational awareness is hailed as the foundation of network visibility, which is required to identify and combat any threat. Thus, by leveraging behavior analysis--along with partnerships and education--operators can attain situational awareness, and in turn, stop APTs in their tracks.