Headlines about “advanced persistent threats” and targeted attacks have organizations of all sizes concerned. Barely a week goes by without news of a new, stealthy campaign targeting executives, government leaders or platforms used by prominent organizations.
But while APT-style and targeted attacks may have the attention of the boardroom, organizations still face a Herculean task determining when an attack they’ve detected is targeted, and when it is merely indiscriminate.
To help answer that question, I “hung out” with two experts in detecting and analyzing malicious threats to enterprises. Anup Ghosh is the CEO and co-founder of Invincea, which makes malware detection tools that isolate threats on endpoints. Matt Hartley is the Senior Director, Intelligence Lab Services at iSIGHT Partners, a cyber threat intelligence firm.
Both told me that, while targeted attacks are on the rise, awareness about them is also at an all time high. That can, sometimes, result in organizations treating every attack as if it is targeted and not merely incidental, or part of a broader campaign that isn’t specific to one organization.
“There are a lot of misconceptions about perceived threats,”Hartley told me. “People think that they are being targeted. In some cases, that’s true. But often we see swaths of industry or government that are being targeted. The attackers want to collect what they need and move on. We try to help industry understand that so they can prioritize and triage.”
Check out our Google Hangout (the inaugural Security Ledger Hangout) below: