Unfortunately, it’s a real term describing real threats. And, yeah, it’s as scary as it sounds, only there’s no Jack Ryan, Peter Sullivan or Evan Smoak to save the day. Instead, it’s smart people engineering smart security solutions and running security operations centers (SOCs) around the clock to deliver advanced persistent defense (APD). OK, so we made this last term up—APD isn’t real. But it’s what the real heroes of the story deliver. 

 

And then there’s you. MSSPs have a role to play, too. Here’s your intel brief. 

 

What’s an Advanced Persistent Threat (APT)?

Secure networking vendor Fortinet describes an advanced persistent threat (APT) as “an attack that continues, secretively, using innovative hacking methods to access a system and stay inside for a long period of time” to spy, extract data or achieve other nefarious ends. They’re typically executed by sophisticated cybercriminals. 

 

Typical targets are developed countries and their major businesses and organizations. In an increasingly familiar story in significant breaches of all types, penetration of target entities is often gained through smaller companies connected to them for supply chain or business partnership reasons. 

 

What’s “Advanced” and “Persistent” About APTs?

APTs leverage sophisticated espionage and social engineering tactics orchestrated and executed by multiperson teams to get past organizational firewalls. Some efforts take months or years to succeed. Entry points target weak points (e.g., email systems) to plant malware that studies network and security systems to document and exploit vulnerabilities. When in place, APTs leverage encryption and code rewrites to hide their tracks, extracting information or waiting for the right moment to “strike” with malicious code. They can remain hidden and operational for months or years.

 

Protecting Your Clients from APTs

At SecureNetworkHub, we write a lot about deploying a comprehensive security fabric that frees your MSSP and clients from dependency on inflexible point solutions and chasing elusive, multiedge security objectives. If you’ve been following some of that advice, you already have the building blocks to combat APTs. Here are four steps and tools you can use to help your clients gain the protection they need:

 

1. Next-Generation Firewall - A solid next-generation firewall (NGFW) goes a long way toward protecting against APTs. Its ability to deliver carefully engineered packet filtering to screen ingress and egress traffic for a wide range of attacks, malware and other threats. 

2. Safelisting -You can also employ safelisting to ID safe applications and domains while excluding traffic from everything else. 

3. Access Control - Compartmentalization delivers a solid security punch, especially when paired with multifactor authorization (MFA). It’s hard for the bad guys to get far when the key they stole won’t get them past the lobby.

4. Sandboxing - Isolating suspicious objects for analysis can protect other systems from potentially compromised applications. 

 

Want to dive deeper into APTs? Check out Fortinet’s comprehensive overview.