Lancope, Inc. has released a new report entitled “APTs and Incident Response: The Next Frontier of Cyber Security.” The report examines recent trends in cyber-attacks and how organisations can more effectively address evolving threats by elevating the importance of incident response within their overall security strategies.
“Few organisations view their incident responders as the front line in their defensive posture,” said Tom Cross, director of security research for Lancope. “However, the intelligence gathered from investigating breaches is the vital ingredient that enables an organisation to thwart subsequent attacks; so in a very real sense, the incident response team should become the heart of everything an organisation does to protect its network.”
The Lancope report examines the rise of the Advanced Persistent Threat (APT) all the way from the coining of the term in the early 2000s and Operation Aurora in 2010, to the most recent attacks on the Wall Street Journal and New York Times. Third-party reports from Mandiant, Cisco and others are also referenced.
“According to the Enterprise Strategy Group (ESG), nearly three-quarters of organisations expect to be the target of APTs in the near future,” said Amrit Williams, CTO of Lancope. “Organisations need to realise that they are either compromised or will be soon and that traditional techniques need to be augmented with newer methods to provide visibility and control into all aspects of the internal environment.”
The report also discusses how NetFlow collection and analysis can help fill in the gaps in conventional security strategies for improved incident response. Using the recently uncovered “APT1” attacks as an example, Lancope demonstrates how technical indicators of an attack can be fed into a flow-based monitoring system to gather actionable security intelligence for preventing future attacks.
By combining flow-based behavioural analysis and in-depth security context, Lancope’s StealthWatch® System provides a comprehensive view of network activity to keep organisations a step ahead of sophisticated attackers. Lancope’s security capabilities are continuously enhanced with research from the StealthWatch Labs Intelligence Center (SLIC).
“When you are living with an advanced threat, you are playing a nonstop game of cat and mouse on your computer network,” adds Cross. “The need to collect and analyse intelligence isn’t a one-time requirement that occurs as the result of a single incident. It needs to be an ongoing part of any organisation’s defensive operation.”