How to Combat and Recover From APTs

How to Combat and Recover From APTs

How to Combat and Recover From APTsHow to Combat and Recover From APTs

Rather than target a mass audience, Advanced Persistent Threats zero in on specific individuals, who, if compromised, can be used to advance the goal of the attack.

Defend the Pre-PerimeterDefend the Pre-Perimeter

Leverage the cloud and use mail filtering and antispam solutions to remove potentially infected emails or attachments before they get to your network. Use Domain Name Services security products that have a real-time database of spoofed and compromised services.

Defend the PerimeterDefend the Perimeter

Conduct penetration testing regularly. Install intrusion detection and intrusion prevention systems over and above standard firewalls. Regularly audit firewall and Security Information and Event Management (SIEM) logs for anomalies.

Defend the Soft InteriorDefend the Soft Interior

Train and educate users about security protocols, implement BYOD and VPN policies, and have C-level executives back policies. Visibly enforce these policies and make sure users are trained for the latest threats.

Harden the Soft InteriorHarden the Soft Interior

Deploy and maintain antivirus, firewall, whitelisting and sandboxing/containerization technologies. Keep software up-to-date through patching.

Encrypt Everything SensitiveEncrypt Everything Sensitive

Encrypt your data at multiple checkpoints. Encrypted data is useless to the cyber-attacker.

Backup, Backup, Backup and Then RestoreBackup, Backup, Backup and Then Restore

Back up using three methods: File backup to off-site storage for organizational recovery. File backup to local storage for immediate volume recovery. File backup to local storage for immediate file recovery. Fully test backups by restoring critical data and verifying the data’s integrity.

Ensure the Principles of Least Privilege ThroughoutEnsure the Principles of Least Privilege Throughout

Domain administrators should not use domain administrator credentials for basic break-fix solutions. All you need is local administration. Rather than run as a system, custom software should have its own system-level account and privileges.

Perform Regular Access AuditsPerform Regular Access Audits

Frequently audit all access control lists. Have you insured that all ex-employee and contractors’ accounts and logins have been disabled or deleted?

Enforce Your Last Line of DefenseEnforce Your Last Line of Defense

There is a critical shortage of skilled and experienced IT security pros. Train system administrators in IT security so that when they accidentally stumble upon an anomaly, they instantly recognize and react to it.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles