Whitelisting Defense Combat Ready

Friday, July 13, 2012 @ 09:07 AM gHale


By Nicholas Sheble
“APTs (advanced persistent threats) are not a ‘what,’ but a ‘who,’” said Daniel Teal the chief technology officer at CoreTrace. It’s particular people who are after you, your products, or what you know, your information.”

“They have resources, expertise, and the time to get you.” APTs have delivered the famous cyber attacks that are familiar in the mainstream like Stuxnet, Aurora, Night Dragon, and others.

RELATED STORIES
APT: Attackers get What They Want
Focused Effort: Securing Against APTs
Securing SCADA Systems from APTs
Stuxnet Warfare: The Gloves are Off
Breaking Down Flame’s Roots

An advanced persistent threat (APT) is a cyber threat or cyber attack where the hacker has the ability to evade detection and the capability to gain and maintain access to well-protected networks and the sensitive information in them.

The hacker is adaptive and well resourced. The persistent nature of the threat makes it difficult to prevent access to one’s computer network and, once the threat actor has successfully gained access to one’s network, very difficult to remove.

The hacker has not only the intent but also the capability to gain access to sensitive information stored electronically. ISSSource has reported before on APTs and the website contains an informative white paper on them.

Beyond discussing the objectives of APTs, Teal spoke Thursday during a company webinar entitled “Combating Advanced Persistent Threats: The Case for Application Whitelisting-based Solutions,” about potential targets, what the primary weapons include (like memory attacks), and the best solutions to stave off such attacks.

One of those methods includes a compelling case for application whitelisting-based advanced threat protection platforms.

Application whitelisting is a concept whereby only authorized applications can run on the network and its nodes. So rather than searching out malware using antivirus software, the system blocks everything — except those functions that the user designates to run.

The anti-malware applications of this technique suppose that malware never gets on the whitelist. As long as the whitelist remains malware-free then malware cannot run. Teal said whitelisting can stop all APTs.

Nicholas Sheble (nsheble@isssource.com) is an engineering writer and technical editor in Raleigh, NC.



Leave a Reply

You must be logged in to post a comment.