What do JPMorgan Chase, Target, Anthem and the U.S. Office of Personnel Management (OPM) have in common?

They all fell victim to advanced persistent threats (APTs) — sophisticated malware that lingered undetected on their networks, siphoning off reams of sensitive, critical data before being discovered.

APTs differ from traditional malware in that they target a specific victim, are coded to bypass that victim’s security controls and once inside, use stealth to evade detection, steal sensitive data and cover their tracks.

They use a variety of advanced techniques, from phishing and encrypted communications to kernel-level rootkits and zero-day vulnerabilities to slide past conventional security controls — making them exceptionally difficult to detect. Many times, victims don’t even know they were breached until they discover their sensitive information available for sale on the Internet. In fact, it can take six months or more, on average, for a breach to be detected.

To defend against APTs, organizations can’t rely on traditional signature-based security tools alone. Instead, they must:

• Deploy layered security: To increase the chances of detection, organizations need to layer on different controls, combining antivirus, IDS/IPS and SIEM systems with advanced behavior-based controls like next-generation firewalls and sandboxing. With programs for vulnerability/patch management, endpoint protection and authentication/ identity management, this approach ensures attacks that evade one control are stopped at the next, or at least slowed to the point where they can be detected.

• Educate employees: Employees can’t detect and deflect attacks if they don’t know the warning signs. Implementing a good security awareness program helps them identify possible phishing or social engineering scams and know how to report attacks so they can be stopped in their tracks.

• Plan an incident response strategy: Most experts agree it’s not if but when you’ll be breached, and that means companies need a solid incident response plan in place to recognize and shut down new attacks quickly, minimize damage and stop further leakage.

The idea is to slow attacks down, stop what you can and minimize the effects of a breach on brand and reputation.

You may also like: 6-Point Checklist For Cybersecurity Awareness Month >>

What Is An Advanced Threat Protection Framework?

Our partner Fortinet knows the challenges today’s APTs present. It designed its Advanced Threat Protection (ATP) framework to provide the high degree of visibility and collaboration needed to protect, detect and mitigate even the most sophisticated APTs.

Fortinet weaves together signature- and behavior-based network and endpoint controls in a security fabric that enables each tool to  address its portion of network security and collaborate with other tools in the fabric.

It also uses advanced sandboxing to test and identify both known and zero-day threats, build new signatures and communicate those findings to all other tools in the fabric. Consequently, attacks that fly under the radar of a single security solution become amplified and detectable, by bringing together small reported anomalies to build a centralized, cohesive picture of attack.

With Fortinet’s ATP framework in place, you can ensure all security tools work in concert to provide end-to-end visibility, share intelligence and respond quickly to attacks, all while minimizing risk.

A Fortinet partner, Resilient can deliver an ATP framework as part of a cohesive security fabric platform. Learn more.