How to Combat Advanced Persistent Threats (APT)?

Most of the organizations spend their security budgets in firewalls, antivirus, other traditional signature-based, anomalies based detection and security measures, but Combating the APT requires a continuous effort and combination of various tools and techniques for performing tasks more rapidly and efficiently. The most used techniques across various APT attacks are social engineering, spear phishing, rootkits, exploits and other tools. Managing APT’s requires a layered security approach which includes 3 major steps.

1. Monitoring

APT groups are committed and motivated for achieving their objectives and are well funded to achieve those specific motives. Everything around the organizations network infrastructure should be monitored such as where is the data stored? who has the access to confidential data? Is the firewall updated? Who can make changes to firewall? The main target of the APT’s is the data and organizations should be aware of what is happening to the files, where are the files for preventing APT’s from damaging the organization.

2. Applying data security analytics

APT attacks usually focus towards data breaches, any sensitive data (especially government related) is a primary target for an APT. Trade secrets, Patents, personally identifiable information (PII), access credentials are few examples of data which can be breached. Applying analytics helps organizations in comparing the user activity from their normal behaviour for detecting any suspicious activities and anomalies. By analysing the signatures of already occurred attacks, unknown threats can be detected and a response plan can be made before the occurrence of attack. Analytics enables the organization in identifying vulnerabilities and investigating each incident and threat.

3. Protecting the perimeter

Perimeter is the first line of defence in a security system, any attack would start with the perimeter and continuing the lateral movement to the most valuable place in the network infrastructure. Protecting the perimeter is an important criterion for any organization as any access points are probable entry points in an APT attack. Open Wi-Fi routers, unsecure firewall, unpatched servers and more can be the opportunities for attackers for intrusion.


APT is a targeted and well-funded network attack, which exploit network vulnerabilities and enables attacker to gain access to a network. APT’s are most prolonged cyberattacks which usually goes undetected and is designed for capturing valuable information for extended period. The main purpose of APT attack is data breach unlike other ransomware or attacks which causes damage to organization. Monitoring, data analytics, and perimeter security makes it possible to protect organizations against APT attacks.

– Sonam Chawla, 
Research Analyst,
Infoholic Research