Our 10 years of experience in simulating such attacks and trying to assist our clients in addressing them, have allowed us to “demystify APTs” and, at the same time, to pin down the limitations of current approaches and paradigms. A new paradigm is required, one that will overcome the shortcomings of current approaches, by tackling the actual root causes of the problem. To this end, we see APT not as a Malware or Adversary problem, but rather as:
a Complexity Problem
“Complexity” shows up as a critical constraint in most attempts to address APT-related attack elements. In essence, adversaries are exploiting the ever increasing complexity of the Internet, software, IT environments and business processes, in order to hide their signs, evade controls, escalate access and realize their objectives.
a Business Agility Problem
Retaining and increasing business and operational agility is an absolute requirement for any organization, which has to be religiously served by IT and corresponding processes. However, supporting this requirement makes inescapably “Preventive” controls, less and less effective, a fact that is exploited by adversaries during targeted cyber-attacks.
and a Human Factor Problem
Last but not least, a critical differentiation of these threats and corresponding attacks is that they are designed, instrumented and operated by humans and not by a “mindless” piece of code, as common malware. This makes the battle with traditional (or less traditional) “automated technical controls” totally uneven and in favor of the attacker.