In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these two terms.
APT which stands for Advanced Persistent Threat is a name for a type of attacks in the Internet world (cyber attacks). An APT is an attack that is usually carried out by highly skilled and well-funded attackers.
These are usually military units, government intelligence agencies, or organized groups
that carry out very targeted attacks against assets that posses valuable information.
In the past, the idea was that, assuming we found a threat that could be exploited, it started and ended very quickly. For example, a certain attacker found a website that was vulnerable to an SQL Injection attack, by exploiting it, the attacker could change pages on the website. Another example is, an attacker found a “loophole” in a website responsible for providing a service for reloadable credit cards. The exploitation will be immediate, when the attacker will use the loophole and load large sums of money on the cards he just obtained. These attacks will occur once, and that’s it!
The case of APT is different. It’s based around an attack model that is counting on completely different tools than amazing technological capabilities (although such capabilities never get in the way). We us APT comes to describe a more serious, long-term attack (usually weeks, but the scope can also be extended to months and years), in which there will be a high level of sophistication in terms of the tools the attackers will use and certain capabilities of the attackers themselves. The most significant thing we see in APT is the desired achievement. This is not about stealing (almost meaningless) money, changing a website or infecting innocent computers on the Internet with financial Trojan horses. You can almost say that in APT, money is (usually) not the motive. There’s a bigger picture to look at.
These types of attacks are extremely dangerous, because the attackers are performing Zero-day attacks and use other sophisticated technical methods. They work methodically and continuously in order to gain access to a highly selective set of targets of military or economic value.
So, how do we deal with an APT?
That’s where ATP comes in. ATP which stands for Advanced Threat Protection is meant to describe a way of retaliating APT. These solutions are designed to protect the organization’s endpoints against advanced and sophisticated threats continuously. By focusing on preventing threats rather than detecting and responding to them after it’s “too late”. ATP tools minimize significantly the risk and potential impacts of advanced attacks on assets.
A good ATP tool should have :
- Constant Analyzing of Files – a simple, seemingly harmless file could actually be a Malware that will lead to bad things happening to your entire network. It’s important to automatically analyze all the files entering devices all across your organization. This is how we can distinguish between necessary and malicious files.
- Attack Surface Management – we will use a system to map the organization’s exposure surface, where can we be attacked? what is valuable to the organization? etc.
- Ongoing Prevention and Detection – as new threats and vulnerabilities are discovered every day, it is important to remain “vigilant”. Staying alert plays a very large part in the prevention of Zero-day attacks.
And in short?
APT is a fire starter and ATP is the firefighter.
We often use web application vulnerability scanners, such as Kayran. By using the tool and continuously scanning our assets, we will know what weaknesses we need to deal with. In addition, the tool is able to exploit the its findings, allowing us to impersonate attackers in order to simulate potential attacks.
Stay safe, choose Kayran.