Security Corner

Mar 23 2010   1:08AM GMT

Technospeak: Advanced Persistent Threat



Posted by: Ken Harthun
Tags:
Advanced Persistent Threat
APT
InfoSec
Intrusion detection
Security
security awareness
Security practice

Just what we need – another coined phrase and acronym. This time, it’s Advanced Persistent Threat: APT for short. This new one was popularized at the RSA conference a couple of weeks ago. What is it? Let me explain; rather, let’s let Steve Gibson of the Security Now! podcast explain. This is from episode #240, Listener Feedback #88:

So this notion of an Advanced Persistent Threat is that some way in is found, and then the bad guys set up a persistent presence inside the network and attempt to stay undetected and connected in the network, present essentially, for as long as possible, for doing whatever they’re doing – surveillance, collecting files, sending them offsite, out of that local country zone, wherever.

Very bad. And the worst part about it is that it only takes one un-patched hole to leave a network open. The biggest problem with security is that it must be absolutely perfect. Here’s Steve again:

And remember, this is the big problem with security is it has to be perfect. Meaning it only takes one mistake somewhere, one thing missed, one vulnerability not patched, one port left open, one unsafe application running. I mean, literally, the barrier is so high to be absolutely secure because it just takes one hole for some guy to get in. And so if there’s tremendous pressure against the security perimeter, any leak will allow someone in.

This should be enough to get your attention and put in that IDS that you’ve been putting off for so long.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: