Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

The ABCs of APTs: How To Fight Advanced Persistent Threats

Security vendors are raising a hue and cry about the perils of advanced persistent threats (APTs), which only they can protect you from. In fact, some of these companies, such as RSA, an EMC acquisition, have gone so far as to say that APT attacks have reached pandemic levels.

While these companies--including Fidelis Security Systems, NetWitness (another EMC addition), Naurus, RedSeal Networks and Hewlett-Packard--promise that their products will help protect against APTs, many users are not aware of just what an APT is. The term itself has come under some criticism in the industry for being vague.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

"APTs are highly sophisticated, custom exploits created solely to gain continuous access to a targeted system and remain there undetected, to collect and steal data over an extended period of time," says Mike Cobb, founder and managing director of Cobweb Applications, who recently wrote the InformationWeek report How Did They Get In? A Guide to Tracking Down The Source of APTs. "They are not new, but we are only just discovering their existence."

Examples of APTs include the Stuxnet attack and last summer's revelation of Operation Shady Rat, in what was known as a spearphishing attack because it targeted specific government individuals due to their access to particular types of confidential information.

Several studies during the past year have gone into the issue of APTs. An April 2011 Ponemon Institute survey of the utilities industry, the State of IT Security: Study of Utilities & Energy Companies, sponsored by Q1 Labs, found that preventing or minimizing APTs was last on the list of security objectives, at just 5%. Preventing cyberattacks was given short shrift compared with basic security goals, such as minimizing risks and vulnerabilities and improving the organization's security posture. RSA Security held an APT summit last fall in Washington, D.C., that drew more than 100 of the world's top cybersecurity leaders from government and business.

Last November, Enterprise Strategies Group released a study that indicated 59% of enterprises with at least 1,000 employees had been hit by an APT, and 72% believed they'll be hit again. The survey also showed that even the 46% of enterprises that believe they are "most prepared for APTs," based on the security they have in place, still consider themselves vulnerable to future, more sophisticated attacks.

But once APTs are identified as such, the question then turns to what tools, resources and processes are available to defeat them. "Most APTs begin with a phishing campaign, so security awareness training is vital to ensure that employees are aware of the threats from unsolicited or suspicious email messages," Cobb says. "Data loss prevention technologies can make the data extraction process a lot harder for the attacker, but if an APT or APT-like activity is suspected, then most organizations will need to call in specialist help to begin the forensic hunt for the malicious code."

Because an APT typically has to send the data collected back to a command and control server to successfully complete its mission, this network activity, as well as the APT's attempts to explore the network in search of data, is likely to provide one of the few chances you will have to identify and halt the threat, Cobb says. It is therefore essential that you extensively monitor and log network traffic--in particular, outbound traffic, he suggests.

Learn more about Strategy: Tracking the Source of APTs by subscribing to Network Computing Pro Reports (free, registration required).


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers