Poll Finds Security Practitioners Falsely Believe They’re Protected Against APTs

If a recent poll of 1,000 security professionals is any indication, there remains a significant learning gap in understanding advanced persistent threats – and therefore building a strong defense to resist them.

If a recent poll of 1,000 security professionals is any indication, there remains a significant learning gap in understanding advanced persistent threats – and therefore building a strong defense to resist them.

The survey conducted by FireEye’s Malware Intelligence Lab showed nearly 60 percent of practitioners polled believed their company was protected from APTs and an even higher percentage (65 percent) believed the latest antimalware tools could defend such attacks.

But when the researchers drilled down to a specific attack — e-mail-based spear phishing — more than half of the security professionals weren’t convinced their current tools could prevent such an attack.

“With this insight in hand, we can only assume that most practitioners are still learning how best to address the problem that advanced targeted attacks present,” the researchers wrote in a blog post.

Part of the issue lies in fully understanding what constitutes an APT in order to marshal the correct response. Though high-profile APTs like the highly sophisticated Stuxnet and Flame malware appear to target governments and political groups, other APTs are utilized for corporate espionage.

Earlier this summer in SC Magazine, FireEye’s senior security researcher Alex Lanstein outlined three characteristics of APTs.

Those stealth-based characteristics include:

  • custom channel obfuscation that consistently evades detection
  • use of zero-day vulnerabilities to evade signatures
  • and obfuscation utilized in shellcode hides executables

Without more education and awareness, the newest report said,  IT security professionals may have a false sense of security when it comes to warding off such attacks.

“The challenge is real, and what is clear to us is that many security professionals still have a blurry understanding of how to best protect their organizations from advanced attacks,” according to the post on poll findings.

Suggested articles

Discussion

  • Tin Curtain on

    Setting aside the fact that the survey was conducted by an organization that profits by consulting services designed to stop "unknown threats", I propose the issue is not that security professionals do not know how to prevent them - nor that they are "fuzzy" on proper defense technique.

    Stolen laptops, the proliferation of mobile computing, admins pushing back when urged to patch systems, vendors and application designers mandating full, open access to file systems for base product functionality, employee neglect/misinformation/abuse - these are the issues security professionals battle daily. I'd wager much of the private sector sees more evidence that these are easily exploited versus dedicated APTs (defense- and security-focused organizations excluded).

    Defense in depth is and has always been the best means of mitigating risk, including those exploited by APTs. Security professionals must do their best to implement this while balancing technical, legal, and organizational constraints on efficacy.

    Research like this is necessary (and encouraged), but the threat landscape for many organizations is far larger than 1337 h4x0rz and script kiddies.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.