If a recent poll of 1,000 security professionals is any indication, there remains a significant learning gap in understanding advanced persistent threats – and therefore building a strong defense to resist them.
The survey conducted by FireEye’s Malware Intelligence Lab showed nearly 60 percent of practitioners polled believed their company was protected from APTs and an even higher percentage (65 percent) believed the latest antimalware tools could defend such attacks.
But when the researchers drilled down to a specific attack — e-mail-based spear phishing — more than half of the security professionals weren’t convinced their current tools could prevent such an attack.
“With this insight in hand, we can only assume that most practitioners are still learning how best to address the problem that advanced targeted attacks present,” the researchers wrote in a blog post.
Part of the issue lies in fully understanding what constitutes an APT in order to marshal the correct response. Though high-profile APTs like the highly sophisticated Stuxnet and Flame malware appear to target governments and political groups, other APTs are utilized for corporate espionage.
Earlier this summer in SC Magazine, FireEye’s senior security researcher Alex Lanstein outlined three characteristics of APTs.
Those stealth-based characteristics include:
- custom channel obfuscation that consistently evades detection
- use of zero-day vulnerabilities to evade signatures
- and obfuscation utilized in shellcode hides executables
Without more education and awareness, the newest report said, IT security professionals may have a false sense of security when it comes to warding off such attacks.
“The challenge is real, and what is clear to us is that many security professionals still have a blurry understanding of how to best protect their organizations from advanced attacks,” according to the post on poll findings.
