Combating APTs with NetFlow

Gone are the days when the biggest threats facing enterprises were relatively innocuous hackers launching widespread worms for simple notoriety. Today’s attacks are sharply targeted and nefarious in nature, driven by profit, theft of sensitive data, espionage, etc., and take great measures to evade detection. Particularly dangerous is the advanced persistent threat (APT), through which attackers infiltrate specific corporate and government entities over long periods of time to extract confidential information or gain access to critical systems.

Because they use an advanced combination of various attack methods launched “low and slow,” typically exploiting zero-day vulnerabilities, APTs are not often detected by traditional security technologies such as antivirus, firewalls and IDS/IPS. Additionally, those who launch these types of attacks often bypass the perimeter altogether, instead gaining access to the internal network by stealing login credentials through methods of social engineering such as spear phishing.

Not relying on signature updates to detect attacks, and providing in-depth visibility into the internal network, Lancope’s StealthWatch^® System provides a key layer of protection against APTs. By collecting and analyzing NetFlow and other flow data from existing network devices, StealthWatch provides IT administrators with a complete picture of everything happening on the network, delivering the levels of situational awareness needed to better respond to network and security issues. Advanced features including application and identity awareness, as well as automatic threat prioritization and mitigation, further enhance troubleshooting, making it easier to investigate and halt anomalous behaviors that could signify APTs.

For more details, please see the market brief on APTs.