Combating APTs with NetFlow
Over the past several years, the Advanced Persistent Threat (APT) has quickly risen as a top-level concern for organizations of all types and sizes.
Under today's security paradigm, determined attackers will eventually find their way into their target’s network, often employing social engineering tactics to steal credentials and obtain access. In order to combat APTs, it is imperative that organizations know what is going on within their internal networks to fill in the gaps left by perimeter security solutions.
Lancope’s StealthWatch® System serves as a key layer of protection against APTs by delivering in-depth visibility into the internal network without relying on signature updates to detect attacks.
By leveraging flow data with StealthWatch's sophisticated, behavioral analysis, IT administrators can:
- uncovers externally-launched attacks
- pinpoints suspicious insider activities
- provide critical insight into what compromised machines are doing after attacks inevitably evade perimeter defenses.
- detects the various “kill chain” steps that sophisticated attackers take to infiltrate a network, including network reconnaissance, covert C&C communications and internal pivoting.
The SLIC Threat Feed adds another layer of protection by monitoring customer networks for thousands of known C&C servers and adding new botnets to its radar as they are identified in the wild.
For more details, please see the market brief on APTs.