Security Corner

Mar 23 2010   1:08AM GMT

Technospeak: Advanced Persistent Threat

Ken Harthun Ken Harthun Profile: Ken Harthun

Just what we need – another coined phrase and acronym. This time, it’s Advanced Persistent Threat: APT for short. This new one was popularized at the RSA conference a couple of weeks ago. What is it? Let me explain; rather, let’s let Steve Gibson of the Security Now! podcast explain. This is from episode #240, Listener Feedback #88:

So this notion of an Advanced Persistent Threat is that some way in is found, and then the bad guys set up a persistent presence inside the network and attempt to stay undetected and connected in the network, present essentially, for as long as possible, for doing whatever they’re doing – surveillance, collecting files, sending them offsite, out of that local country zone, wherever.

Very bad. And the worst part about it is that it only takes one un-patched hole to leave a network open. The biggest problem with security is that it must be absolutely perfect. Here’s Steve again:

And remember, this is the big problem with security is it has to be perfect. Meaning it only takes one mistake somewhere, one thing missed, one vulnerability not patched, one port left open, one unsafe application running. I mean, literally, the barrier is so high to be absolutely secure because it just takes one hole for some guy to get in. And so if there’s tremendous pressure against the security perimeter, any leak will allow someone in.

This should be enough to get your attention and put in that IDS that you’ve been putting off for so long.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: