Advanced Persistent Threats

Once primarily used for espionage on governments and militaries, advanced persistent threats (APTs) are growing and targeting a new variety of organizations.

AppRiver offers three tips to help keep your organization safe from APTs:

1. Cloud-based security solutions with real-time threat updates can help ensure that your organization is protected from the most recent threats. If your security software is only updated once per hour, then your network is vulnerable to the most recent APT attempts during that time. And given the message that a name like “advanced persistent threat” carries, waiting for a security update or patch is not ideal.  AppRiver’s Web Protection, for example, is updated thousands of times daily and based on malware trends from millions of sources.

2. While email spam and virus protection will block most malicious emails, the savviest APTs out there will deliver a payload that is not executable via email. Instead, they will have a link to a malicious website. This is where adopting a layered security approach comes into play. For example, AppRiver’s Email Threat Protection solution blocks more than 99 percent of malicious emails. However, if an email with a rogue URL were to sneak past us, then AppRiver’s Web Protection would use intelligent DNS to block the malicious website. However, if it were a malicious link on a reputable site, like a malvertisement on Yahoo, SecureSurf using an adaptive proxy would then block only the malicious advertisement while allowing the user to safely browse Yahoo.

3. Most APTs have the aim of running quietly in the background while sending out information on your network over time, which is what makes advanced threat notifications so imperative for triaging a successful APT attempt. When looking for the advanced threat notification that’s right for your organization, look for a solution that will alert you if a malicious program is attempting to send out information from within your network. This warning can save your business from public reputation damage and costly penalties if any personal information was compromised. It should also provide immediate notification of advanced persistent threat activity so that network administrators can locate and quickly remediate affected endpoints.