• Kevin Thomas

The Advanced Persistent Threat - APT

The bad guys have made spectacular progress in creating penetration mechanisms that far outstrip most company’s’ ability to defend them. They have moved from backroom hackers into government-sponsored activities. Their access to money and resources is far greater than those of most organization’s detection budgets. This has created a widening imbalance between their ability to develop new intrusion techniques and your cost of defending against them. The bad guys are not burdened by your existing infrastructure, application portfolio, and organizational complexity. Also, they are very well organized and focused, while most corporations still have disjointed solutions that have been built in pieces over time with very little central organization.


The bad guys are very clever. They know that your systems and staff will be overwhelmed by the sheer volume of alerts from your defense systems, so they set out to bombard your systems to create an overload of “false positives.” That allows them to slip in a piece of malware called an Advanced Persistent Threat (APT). Such technologies are extremely difficult to detect and can sit inside the corporation for years before being activated -- sort of like sleeper cells waiting for orders. Once activated, they have proven to be quite successful in obtaining sensitive information for years without detection, once again by exporting your valuable information very slowly and quietly, unnoticed among all the noise of your normal Internet traffic.


APTs require a new approach

APTs require much more sophisticated prevention/detection/reaction mechanisms that can evolve with the threats and learn from their activities to help predict future behaviors. This is only possible through the use of solutions that can learn from past and current behaviors and predict future activity. This is the emerging breed of Artificial Intelligence tools, which can recognize the very weak signals of malware among all the noise.


Artificial Intelligence is very similar to your own body. Our internal defense mechanisms are designed to recognize external threats (like viruses) and defend against them. These defense mechanisms continue to learn and evolve. A key component of AI’s capability is anticipating future intrusions. By utilizing the learnings from past activity trends, AI will evolve into a predictive tool, using all the power and sophistication of “Big Data” analytics in use today. This is the focus of much R&D activity in the cybersecurity product companies.


Integrated Cyber has deployed IC360, an Operating System that is orchestrated and automated by our advanced Security Orchestration, Automation & Response (SOAR) software connected to leading-edge auto-containment and auto-remediation modules.

The solution covers the entire framework of the internationally accepted ISO27001, NIST 800-53 and the Cyber Security Capability Maturity Model (C2M2) by incorporating the Cyber Standards and Stages of Assess; Prevent; Detect; React; and Remedy. IC360 is a hybrid of machine intelligence and human intelligence. It is a unique cybersecurity operating system that uses machine reasoning, machine learning, robotic process automation, and context fusion. It creates the most sophisticated cyber oversight capability available by providing 360-degree coverage of all threat aspects. Contact us today to discuss how the IC360 Operating System can protect you from APTs and more in today’s hostile environment.