MeriTalk Report Advises How To Tackle APTs
By Christine Kern, contributing writer
A new MeriTalk white paper, “Defeating APTs: How Can Agencies Change The Game?” underwritten by Palo Alto Networks, examines what agencies need to know about advanced persistent threats (APTs), provides steps to avoid network infiltration, and includes guidelines for detection and extraction of APTs from agency systems.
According to the study, APTs represent a unique threat to government data. Because of the challenging nature of APTs, agencies can no longer depend on virus scanning software or simply patrol their digital perimeters. Adversaries lurk until they can sneak undetected past traditional security measures to infiltrate networks — and the problem is growing worse.
The study asserts, “Detection, prevention, and extraction of APTs has become more difficult because of the myriad of attack vectors. Just one in five Federal IT professionals rate their agency’s cybersecurity solutions as sufficient and sustainable … and 54 percent say network complexity has increased in the past year and 68 percent anticipate it will continue to increase over the next three years.”
John Banghart, director of federal cybersecurity with the Cybersecurity Directorate of the White House National Security Council is quoted in the study, stating: “We have often failed … to do a good job with what you might call the cyber hygiene element, or the foundational pieces — configuration management, vulnerability management, asset management….”
One point the study makes clear is that most agencies are relying on outdated or obsolete practices. For example, in 2013 the Department of Energy suffered from a hack of 14 of its servers and 20 of its work stations by APTs. The DOE revealed that 58 percent of the department’s computers ran on unpatched applications to protect against known vulnerabilities.
In addition, agencies become short sighted and focus on detection and remediation — a passive approach — rather than taking a proactive response to cybersecurity.
In order to better respond to APT threats, the study says, agencies need to “think outside the sandbox” and apply a “holistic defense with multiple layers. Sandboxing, or virtual execution engines, are one response that can help deter APTs.
Agencies should also establish end-to-end prevention and resilience to protect their data and systems. One opportunity to do this is through continuous diagnostics and mitigation (CDM). Uses can gain increased visibility, privacy, and instant access to security-related information using standardized security monitoring across government agencies.
Among other suggestions for preventing APTs are taking a platform approach, correlating known and new threats through a platform-based approach, segmenting the network to ensure resilience, continuously monitoring all traffic, whitelisting all authorized applications, and selectively decrypting SSL traffic to uncover potential threats.
Basically, the study concludes that agencies are only as strong as their weakest link, and therefore federal agencies need to adopt an effective modern security architecture to protect across agency lines. Such a system should “learn from all security functions, correlate threat data, address not only known but the most sophisticated previously unseen threats, and scale to protect all critical locations where there is likely to be an attack or lateral movement. The cyber defense must also withstand attempts to destroy lines of communication and remain resilient in a degraded mode.”