Detecting and protecting software
ADVANCED PERSISTENT THREAT (APT) BLOCKER
An Advanced Persistent Threat (APT) is a form of network attack in which an unauthorized entity gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organisation.
In a ‘normal’ attack the intruder tries to get in and out as quickly as possible in order to avoid detection by the network's Intrusion Prevention System (IPS). However in an APT attack, the goal is to maintain an ongoing presence on the network in order to achieve ongoing access. To remain undetected, the code deployed by the attacker is usually maintained and adapted on an ongoing basis whilst also deploying sophisticated evasion techniques. It has speculated that some discovered APT attacks must be ‘State funded’ due to their sheer complexity and wide scale infiltration.
An APT attacker can use a multitude of ways to capture legitimate credentials in order to gain access to the network. Once access has been achieved, the attacker establishes a back door in order to ‘drop’ or download their malicious coding into the network.
Although APT attacks are difficult to identify, the theft of information can never be fully concealed. The sole primary purpose of an APT Blocker is to identify and stop any malicious coding from enabling the attacker to infiltrate, or remove data from the network.