Posted by: Ken Harthun
Advanced Persistent Threat, APT, InfoSec, Intrusion detection, Security, security awareness, Security practice
Just what we need – another coined phrase and acronym. This time, it’s Advanced Persistent Threat: APT for short. This new one was popularized at the RSA conference a couple of weeks ago. What is it? Let me explain; rather, let’s let Steve Gibson of the Security Now! podcast explain. This is from episode #240, Listener Feedback #88:
So this notion of an Advanced Persistent Threat is that some way in is found, and then the bad guys set up a persistent presence inside the network and attempt to stay undetected and connected in the network, present essentially, for as long as possible, for doing whatever they’re doing – surveillance, collecting files, sending them offsite, out of that local country zone, wherever.
Very bad. And the worst part about it is that it only takes one un-patched hole to leave a network open. The biggest problem with security is that it must be absolutely perfect. Here’s Steve again:
And remember, this is the big problem with security is it has to be perfect. Meaning it only takes one mistake somewhere, one thing missed, one vulnerability not patched, one port left open, one unsafe application running. I mean, literally, the barrier is so high to be absolutely secure because it just takes one hole for some guy to get in. And so if there’s tremendous pressure against the security perimeter, any leak will allow someone in.
This should be enough to get your attention and put in that IDS that you’ve been putting off for so long.