22nd October, 2020
An Advanced Persistent Threat (APT) is a prolonged, sustained attack delivered by skilled users using sophisticated and well developed tools, techniques and procedures (TTP).
These attacks are well planned and usually target large enterprises and critical national infrastructure (including government networks). The challenge isn’t just mitigating these attacks, but detecting APT activity on networks that operate at the highest rate and scale.
ADVANCED PERSISTENT THREAT DETECTION
The ‘Detecting Advanced Persistent Threats’ infographic below shows how a typical APT attack might play out and how Telesoft’s Cyber Platform can be used against it.
Our 400Gbps FlowProbe, for example, has the capability to analyse every single flow in multi-Tbps, high volume networks, hunting for malicious traffic. By continuously monitoring the network, APT infiltration can be detected and its behaviour tracked 24/7.
Using the Telesoft CERNE Network Instrusion Detection System (NIDS), we can scan and capture network packets associated with any IP address under investigation by FlowProbe. Used together, APT activity can be mitigated before valuable information (IP, employee data, financial records, etc) can be exfiltrated.
See the APT detection process in detail in the infographic below. Click the image to view and/or download it.
Download the APT detection infographic: Detecting Advanced Persistent Threats
The Telesoft FlowProbe provides detailed un-sampled traffic statistics in the form of flow records from large scale networks up to 4 x 100GbE per high-performance 1U appliance. The flow records created from the raw data can be passed in real-time to the Telesoft TDAC or any other compatible customer data platform.
The Telesoft CERNE combines a high rate 100Gbps IDS engine with an automated record of relevant network traffic for real-time and historical threat investigation and digital forensics. CERNE continuously scans and captures network packets and only stores traffic associated with an IDS alert, discarding all other traffic, giving an analyst rapid access to critical packets up to 2.4 seconds before an event.
For more information about APT detection and mitigation, read our Advanced Persistent Threat Analysis series.