APT: Are You Already A Victim?

In a recent planning call for the upcoming Lone Star Information Security Forum, Steering Committee members discussed the need for more peer collaboration around the topic of APT. This is nothing new. APT has been on everyone’s radar for some time, and IANS held a series of APT Symposia to convene APT stakeholders for confidential best practices sharing. Organizations from diverse industries shared thoughts on ways to keep up with current threats and strategized on ways to disrupt command and control of persistent adversaries, crippling their ability to infiltrate network defenses and disrupt business.

Of course, the latest breach at Lockheed Martin has brought the discussion of "how do I remain safe" to a fever pitch. Everyone's key question: “How can such a sophisticated information security organization not be well enough equipped to deflect such an attack?" It's a valid point raised by a member of our Steering Committee but it's not the question security professionals should be asking. The right question? “What can less mature organizations [read: yours] do to protect themselves when a mature, prepared company like Lockheed Martin can be attacked?” The main issues are the complexity and skill level of the threat actors; whether or not there's a connection to the RSA breach; if this recent breach is part of a larger, episodic hack; and if the actors in question are full-time employees of crime syndicates. The days of the "part-time" hacker or "script kiddie" getting headlines with exploits are over. These hackers are highly motivated, well compensated, and have the luxury of time on their side. I’ve yet to see their business plans or HR sheets, but just like any other underground network, I believe (as most everyone I’ve talked to does) there is sufficient support provided for those who can successfully carry out malicious exploits, in a hacker’s case, taking down a major corporate network, accessing sensitive data, or exposing vulnerabilities in a well known company.

So what are our clients looking to learn from peer organizations in order to make positive steps forward in protecting their critical assets and systems? Here are a few of the questions we’ve received through Steering calls and Ask an Expert queries:

• “How do you keep up with threats in your particular industry?”
• “What tactics and techniques can be used to uncover APTs?”
• “What are the real implications of APT: It’s not OK to say to a board, ‘it’s going to happen,’ even though we know it probably will. How do we quantify the risks?”
• “Attackers are getting more sophisticated. How do we keep up?”
• “Is there a career path for counter-APT?”
• “How others are handling / are they preparing for it?”
• “Who is targeting these systems, why are they being targeted, is it the individual behind the system that’s being targeted or it is the organization as a whole?”
• "What are best practice defense and detection technologies that have been deployed?"

If you have thoughts or techniques that have proven to aid in mitigation of attacks or lessen the time to detect, we'd like to get you involved in the conversation. If you'd like to get some insights for your own organization, reach out to us via your account manager or ask(at)iansresearch(dot)com  - we're here to help!

Finally, look out for an update regarding our New England Forum! In the days to come we will be announcing a prominent APT expert who will lead a roundtable session at the upcoming September Forum in Boston in September 2011. We know he will bring tremendous insights from a managerial perspective that will help stir the pot!