More

    The Impact of Advanced Persistent Threats to Enterprises

    It’s no secret that IT security threats keep evolving. Today’s advanced persistent threats (APTs) are increasingly sophisticated, diverse, targeted, aggressive…and successful. Security breaches still happen at an alarming rate, despite the fact that security technologies and processes keep evolving too. The lack of in-house enterprise expertise highlights an organizational gap that exists between the day-to-day operations team and the advanced security teams that contain and resolve incidents. This gap is worsened by the tendency of traditional advanced threat solutions to operate in a silo – and not share new threat intelligence across the security environment.

    Click through to learn the steps organizations can take to address advanced persistent threats, provided by Blue Coat Systems.

    The Impact of Advanced Persistent Threats to Enterprises - slide 1

    Click through to learn the steps organizations can take to address advanced persistent threats, provided by Blue Coat Systems.

    The Impact of Advanced Persistent Threats to Enterprises - slide 2

    Enterprises today lack the skills and technology to address the latest cybersecurity threats:

    • 84 percent of advanced persistent threats took seconds, minutes or hours to compromise targets (2013 Verizon Data Breach Report).
    • 78 percent of threats took weeks, months or years to discover.

    Today’s enterprises are experiencing material security breaches because of an organizational gap between day-to-day security operations and advanced security operations teams.

    The Impact of Advanced Persistent Threats to Enterprises - slide 3

    A recent Ponemon Institute survey found that most respondents did not have the tools, personnel or funding to determine root causes of a data breach. The top two reasons for failing to prevent a malicious breach were:

    • Lacked in-house expertise – 64 percent of businesses
    • Lacked adequate forensics capabilities – 47 percent of businesses

    These attacks cost the business an average of $840,000, as well as lost time, productivity and reputation.

    This gap exists because traditional security defenses are designed to detect and block known threats, while remaining largely blind to today’s zero-day threats and novel malware. This is worsened by the tendency for advanced security operations teams, as well as the defenses they employ, to operate in silos with no ability to share information across the entire security organization or environment.  

    The Impact of Advanced Persistent Threats to Enterprises - slide 4

    In a word – collaboration. It’s time to move to a systematic, lifecycle approach to advanced threat protection. This involves three key phases:

    1. Blocking known threats
    2. Analyzing unknown threats
    3. Remediating threats that end up on the network

    The Impact of Advanced Persistent Threats to Enterprises - slide 5

    Enterprises must have real-time defenses against known viruses, worms, Trojans, spyware, and other malicious content through secure Web gateways along with network-based malware scanning and application whitelisting. For unknown threats, advanced sandboxing technologies can analyze unknown content to see if it’s malicious and then contain and learn from malicious content that is identified, so it can then be blocked at the gateway. After quickly investigating and resolving the full scope of incidents that do occur, the resulting intelligence must then be shared with the gateway for future protection. Automating this process makes it possible for day-to-day security operations and advanced security teams to work together to protect and empower the business.

    The Impact of Advanced Persistent Threats to Enterprises - slide 6

    1. Ensure all blocking technologies are updated with latest signatures to create the best possible perimeter defense for known threats.
    2. Analyze current security infrastructure to identify potential security gaps that traditional, preventative security solutions don’t address.
    3. Deploy sandbox technology to identify and contain unknown malware and emerging threats.
    4. Implement security analytics to answer the how, what, where, when and why of a security breach.
    5. Define policies and incident response procedures to enable swift remediation and resolution.

    Latest Articles