Advanced Persistent Threats (APT) is a threat in the form of a highly skilled motivated attacker with determined objectives to cause Intellectual property, reputation and financial and data loss for the targeted organization. To pursue its objective APT operates over an extensive period of time on the targeted organizations environment by resisting its sophisticated security mechanisms.
Isecurion’s APT Assessment helps in identifying, containing and eradicating these sophisticated threats from your environment. We also help organizations in identifying the missing controls and provide them support to build necessary defensive controls and expertise against such attacks in future.
- Helps organizations access their preparedness against APT attacks.
- Quick response in proactively identifying and containing such attacks.
- Identifies existing vulnerabilities and control gaps that can be used for APT attacks.
- Assurance to client and business partners that your environment is secure against APT attacks.
- Get comprehensive report of findings and recommendations for clients and business partners.
- Enhancing your existing policies, processes and standards and match them against Industry best practices.
We use a methodical approach in analyzing the APT lifecycle and conducting a series of analysis in each phase to identify, contain and eradicate the APT.
The methodology covers the following categories detailing the APT lifecycle phases and necessary analysis conducted by our team.
In this phase the attacker usually uses spear phishing or watering hole attacks through zero-day exploits and malwares for initial compromise.
Isecurion’s security team helps in investigating such attacks and identifying potential breach due to such attacks .We also provide support in verifying the effectiveness of email and web content filtering systems which are first level of defense against such attacks.
In this phase the attacker basically establishes backdoor or covert channel to outside network for getting additional payloads and C2C operations. Isecurion’s security team helps in identifying such covert channels .We also provide support in verifying the effectiveness of additional security controls for defense against such attacks.
In this phase the attacker basically tries to elevate its privileges using 0-day or unpatched exploits. Isecurion’s security team helps in identifying potential indicators of privilege escalation and tests the effectiveness of additional security controls like SIEM and change monitoring controls for defense against such attacks.
In this phase the attacker does information gathering for high value targets and critical data flow in the Network. Isecurion’s security team helps in identifying potential indicators of compromise and tests the effectiveness of security controls for defense against such attacks.
In this phase the attacker expands its control on high value targets and critical data and begins data harvesting Isecurion’s security team helps in identifying potential indicators of compromise through data movement to unauthorized mediums and correlate events to identify the potential threat.
In this phase the attacker configures it control to maintain access on the compromised systems for extensive control on the network over long periods of time. Isecurion’s security team helps in identifying the compromised systems and eradicating the threats.
In is one of the important phases in which the attacker begins exfiltration of the data through covert mechanism, bypassing the security controls. Isecurion’s security team helps in identifying these covert channels and cleaning them. We also provide support in establishing stronger control to mitigate such attacks in future.
The effectiveness of defending against any APT attacks is mainly dependent on clients own Information Security, Data Protection, SIEM & Security Incident Management training and awareness Programs.