Thwarting APT

Hey Everyone, I wanted to tell you about a great blog that CTO and Co-Founder of AlgoSec did at Infosec Island. In an article titled: “Back to basics: how simple techniques can thwart complex APT attacks.”

In the article he goes on to state some basic things that everyone can do to lower their risk level. I wanted to share some of his excellent and simple steps for an enterprise to do. He writes:

“Whilst it is very difficult to prevent attackers from carrying out the first stage in their APT journey – after all, there’s nothing particularly secretive about many OSINT scanning techniques – it is possible to prevent them from laterally moving across your network in search of your valuable data, with some back-to-basics principles.

  • Segment your network. Break up your flat internal network into multiple zones, based on the use pattern and category of data processed within each zone. This segmentation then prevents the APT from jumping from one ‘stepping stone’ machine to another.
  • Place firewalls to filter traffic between those zones. ‘Choke points’ – i.e. firewalls – must be placed between the zones to filter the traffic entering and exiting. In other words, firewalls must be placed on internal, lateral traffic paths, not just your network perimeter.
  • Write restrictive security policies for those firewalls to enforce. Gartner Research has suggested that 99% of firewall breaches are caused by firewall mis-configurations, not firewall flaws. The message is clear – your firewalls absolutely must be configured accurately and intelligently, to analyze and block the kind of internal communications that signal APTs.”

This is excellent advice for anyone looking to lower the risk of APT in their environment and good practice in any event. In the article he also explains the different steps that an attacker takes to infiltrate your network. See the full article here at: