As its name implies, these new generation threats have a common denominator, which is evolutionary. Years ago, we observed viruses that infiltrated in a sustained way in our equipment of computation and we made challenging the use of this one, in addition to damage sometimes our equipment.
The difference between those days and the vulnerabilities we find today is that they are not seeking to make themselves visible or to boast about their ability to violate an organization’s security, to publicize or alter the virtual environments of our work environment.
Today, computer attacks have an economic motivation, which creates a malicious microeconomy around the capabilities of hackers. Today they have determined shifts, allocate certain economic and technical resources to achieve in periods of time, violate computer security for commercial purposes.
These new threats or Persistent Advanced Threats (APT) have the main feature that are actors and methodologies that seek to pass under the security detection radar of organizations.
One troubling statistic for the information technology industry is that a consistent computer attack can remain up to 6 months undetected. It is as if we are sleeping with the enemy – criminals who are not only extracting our information but analyzing it and sharing it for economic purposes that endanger the permanence of organizations, employees, and their clients.
Information technology manufacturers are becoming aware of the evolution of APTs and are trying to mitigate threats from different technological approaches. However, there is no consistency in the sense of strategic effectiveness that security solutions must provide.
Each of these manufacturers puts a lot of energy into caring for a part of the battlefront with a particular type of technology for certain attacks, which is correct, but at the same time, neglect other aspects of security or set of solutions do not contemplate by the way in which they were created. Security solutions are not integrated and are not communicating with each other.
The recommendation is to try not to see the safety in silos, from an isolated point of view. Integrate each of the solutions within the organization to work together to achieve a common goal. The intricacy of today’s network infrastructures makes the protection of the various assets it integrates: databases, archives, banking information, and more. This demands different solutions within the security management of the network.
Technological integrators, who are responsible for bringing network administrators and various solutions they have, must understand the business of their customers and the role they play in the productive industries. Today more than ever, the information technology sector needs vision consultants to understand the current situation and anticipate the potential threats that customers may face in the future, derived from the nature of their business and the computer risks they entail.
The key to protecting against APTs is to provide the necessary visibility to security tools that are already on the organizations’ network to do their job better. The is to set up a robust and agnostic visibility factory, a key feature for complete visibility since it does not conflict with any manufacturer’s security tools (firewalls, IPS, antimalware, etc.). Exploit the best of each tool, helping them access more points within the network to do their job better and making decisions in shorter periods of time.
There are traditional security architectures with special places in the network for various security tools, such as a Firewall. Although a network administrator knows what it is for, it is important to know if it is correctly placed in the correct place in the network.
The most significant trend in the world of network security is visibility – this new landscape responds to the way in which cyber criminals attack and respond through undetected hosting.