2021-10-18T05:38:00Z

What is your recommended cost-effective solution to detect and prevent APT attacks?

Hi community members,

I'm working as a Cloud Security Architect at a Tech Services Company with 10000+ employees.

I'm looking for a security solution to detect and prevent APT attacks. 

Can anyone suggest a good and cost-effective solution? Please explain why would you choose this particular tool or solution.

Thank you!

SS
Cloud Security Architect at Kyndryl
  • 6
  • 442
5
PeerSpot user
5 Answers
reviewer1331706 - PeerSpot reviewer
I&T Design & Execution Reliability Engineering Leader at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2021-10-26T11:00:50Z
Oct 26, 2021

APT attacks are tough. And as already mentioned, there is no single solution for it. To me, there are two areas that are important to consider protecting. 


1) Attacks from Outside to Inside: An APT attack that is launched and maybe focused on like a DDOS attack to just deny your service.  For this type of attack, you have DDOS solutions, like intrusion detection systems, etc. These systems focus on patterns, that signify unexpected behavior, or traffic. to avoid, firewalls, etc. can block IP addresses. And/or try to change your public IP address and, deflect attacks to different websites. 

2) Attacks from inside: These are attacks, where malware has been installed on computers, servers, etc. within your organization, and essentially open a bridge to an outside. These are more difficult to protect and to find. Since malware can lay dormant for some time before they become active.  Most relevant to prevent these attacks are malware/virus scanners. on systems and on in and outgoing emails. Since a lot of this malware is using default protocols, like HTTP and HTTPS. They are hard to detect between the other normal HTTP traffic. Protecting your laptops, phones, servers inside also requires educating your users, on what to do, and what not to do. 


Cost-effective solutions:


- I am sure there are cheap intrusion detection, firewall, etc. products out their, that you can use. And if get up to date, they might protect you for at least 80%.  The same goes for internal virus scanners and malware scanners. again, some open-source tools, are quite useful. 


However, in the case of an APT, you have to realize that this will normally be a targeted attack, which is planned. Where a hacker or group has analyzed your security for some time. And probably have found a way to attack.  As such, open-source tools will normally not help you enough to be able to mitigate or resolve when such an attack occurs. This will require adaptive tools, to recognize the attack, and run countermeasures. In this case more advanced/commercial software/systems will be necessary. 


You will also need to consider, that besides the tool or software, you will need the resources and knowledge to be able to operate these tools/software. And then there is the maintenance and keeping the systems up to date, which is another requirement to stay ahead of an APT.


So to be cost-effective depends on the budget, knowledge, amount of threat.


The higher the threat, the higher the investment to be protected. 


If budget and knowledge are constrained, or sparse. I would recommend looking at either host your public services/websites, with a cloud provider, that has the necessary security already setup. 


For protecting your office environment. I would recommend checking specialized service companies like Akamai, to have them analyze and advise you on a cost-effective solution to protect you. These types of companies, are security-focused and keep their security systems up to date, and you as a customer informed. To me, if you are a small-sized company are the 2 most effective solutions. 


If you are small enough and the threat and risk are not that high then I would recommend building the expertise, and strat with opensource, default protection tools. E.g for home I have standard opensource IDS deployed, which protects my home fairly well. But then my home has a low threat for an APT type of attacks. 


I hope this helps you.

Search for a product comparison in Network Monitoring Software
Eric Rise - PeerSpot reviewer
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
Top 5
2021-10-25T15:35:58Z
Oct 25, 2021

@Satish Singh,


Thank you for your question it's one that requires deeper thought and understanding of the impacted environment.


Several things you can do is to have an up-to-date IRP (Incident Response Plan) - This plan includes all layers of your organization from top to bottom. Is a living document subject to review and change as needed and everyone involved has a part to play and needs to understand what their part is should an incident happen.


Use products like DNS twist to review third-party run domains that are close to your own domain name. Work with the ISP's/ DNS authorities to remove bunk domains known to attack yours.


Make sure to have a proper email security application or gateway in place. I prefer products like Avanan or Proof Point.


User education is key here. Make sure your user base understands what phishing emails are and how to handle/ report them.


If you need help on the security side of things, partner with an MSP and have access to a NOC or SOC 24/7 that can monitor for threats and respond on your behalf if needed.


Make sure to adopt a least privileged model for user access to PCs, servers, etc... Give users access only to what they need to perform their work.


Split up your networks if possible. Avoid using a flat network where you're unable to lock down a network should malware get inside your network.


Use a strong EDR solution like SentinelOne.

BG
Sr.Customer Engineer- Projects at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
2021-10-25T13:47:29Z
Oct 25, 2021

When you are considering cost-effectiveness

Hardening perimeter defenses such as firewalls and antivirus are pivot points of preventing APT malware from being installed on your computer systems.


Not sharing account details, recognizing phishing attempts at the first stage, safe web browsing at work.


As per me, no clear-cut solution is effective... it's a mixture of solutions / tools you may use when you are tackling the aftermath... There are solutions like Trend Micro XDR which can trace back but not so cost-effective. 


APT attacks use cutting-edge technology and hacking methods to sneak into a company’s system, So the best thing is Prevention...

    Sergiy Ustenko - PeerSpot reviewer
    Marketing Manager at Idealsoft
    Real User
    Top 5
    2021-10-26T10:26:12Z
    Oct 26, 2021

    Hi, from my side the Deceptive Bytes solution has checked.  My preliminary opinion is -the solution can prevent APT with high efficiency

    Shibu Babuchandran - PeerSpot reviewer
    Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
    Real User
    ExpertModerator
    2021-10-25T03:49:16Z
    Oct 25, 2021

    Hi @Satish Singh,


    No single solution will 100% protect the environment.


    You need multiple layers of security working together, all the time, in addition to constant network monitoring.


    With that said, there are multiple ways to protect against advanced persistent threats.


    Install a Firewall


    Choosing a firewall is an essential first layer of defense against APT attacks.


    Software firewalls, hardware firewalls, and cloud firewalls are the 3 most common types of firewalls used – any of which will help you prevent advanced persistent threats.


    Enable a Web Application Firewall


    A web application firewall is a useful tool for defeating APT attacks because it can detect and prevent attacks coming from web applications by inspecting HTTP traffic.


    Install an Antivirus


    Up-to-date antivirus programs can detect and prevent a wide range of malware, trojans, and viruses, which APT hackers will use to exploit your system.


    Make sure that your antivirus can access real-time data and detect the newest threats, instead of only being able to recognize well-known malware.


    Implement Intrusion Prevention Systems


    Intrusion prevention systems (IPS) are an essential IT security service that monitors your network for any strange behavior or malicious code and alerts you if any is found.


    This is a powerful tool for recognizing network compromises before they can be exploited.


    Create a Sandboxing Environment


    A sandbox is a secure, virtual environment that allows you to open and run untrusted programs or codes without risking harm to your operating system.


    If a file is found to be infected, you isolate it, remove it, and prevent future infections.


    Install a VPN


    Remote access risks such as an insecure WiFi hotspot, present an easy opportunity for APT hackers to gain initial access to your company’s network.


    A virtual private network (VPN) provides an encrypted “tunnel” that you and your employees can use to access your network without cybercriminals snooping on your activity or gathering your data.


    Enable Email Protection


    Email is one of the most-used and most-effective forms of infiltration.


    Advanced persistent threat protection relies on good software as much as it does on good end-user behavior.


    Enable spam and malware protection for your email applications, and educate your employees on how to identify potentially malicious emails.

    Learn what your peers think about Auvik. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
    734,156 professionals have used our research since 2012.
    Related Questions
    US
    Editor at PeerSpot
    Aug 16, 2023
    Hi community, Why is Network Monitoring Software important for companies? Share your thoughts with the rest of the community.
    See 2 answers
    US
    Editor at PeerSpot
    Jul 25, 2023
    Network Monitoring Software is important for companies because: -It helps ensure the smooth functioning of the company's network infrastructure. -It allows companies to proactively identify and resolve network issues before they impact business operations. -It helps in optimizing network performance and improving overall efficiency. -It provides real-time visibility into network traffic, allowing companies to monitor and analyze network usage patterns. -It helps detect and prevent security breaches and unauthorized access to the network. -It enables companies to track and manage network devices, such as routers, switches, and servers. -It assists in capacity planning by monitoring network bandwidth and identifying potential bottlenecks. -It helps comply with industry regulations and maintain data privacy and security. -It provides valuable insights and analytics for making informed decisions regarding network upgrades and investments. -It helps reduce network downtime and minimizes the impact of network outages on business operations.
    Harish (Kumar) - PeerSpot reviewer
    Cyber Security and IT Head at Aeren
    Aug 16, 2023
    Let me describe with Example: E-commerce Website A network monitoring software is crucial for an e-commerce company: 1. Detecting Issues: It alerts IT about slow website response or errors, so they fix them before customers notice. 2. Optimizing Performance: By tracking popular products and traffic patterns, the company ensures smooth browsing even during high demand. 3. Enhancing Security: Unusual traffic patterns trigger alerts, helping stop unauthorized access attempts and safeguard customer data. 4. Planning for Growth: Monitoring predicts resource needs as the company expands, ensuring smooth scaling. 5. Allocating Resources: It identifies resource-hungry sections, enabling balanced resource distribution for consistent performance. 6. Troubleshooting: Detailed logs aid in identifying and fixing downtime causes quickly. 7. Meeting SLAs: Historical data ensures the company fulfills uptime and performance promises in customer agreements. In all, the software maintains a secure, high-performing, and reliable online shopping experience, fostering customer trust and business growth.
    US
    Editor at PeerSpot
    Jul 25, 2023
    Hi community, When evaluating Network Monitoring Software solutions, what aspect do you think is the most important to look for? Share your thoughts with the rest of the community.
    See 1 answer
    US
    Editor at PeerSpot
    Jul 25, 2023
    The most important aspects to look for when evaluating Network Monitoring Software solutions are: -Comprehensive monitoring capabilities: The software should provide a wide range of monitoring features to track network performance, including real-time monitoring, bandwidth usage, device health, application performance, and security monitoring. -Scalability: The solution should be able to handle the size and complexity of your network, whether it is a small office or a large enterprise network. -Ease of use: The software should have a user-friendly interface and intuitive navigation, allowing network administrators to configure and manage the monitoring system easily. -Alerting and notification system: The software should have robust alerting capabilities to notify administrators of network issues or anomalies via email, SMS, or other communication channels. -Customization and flexibility: The solution should offer customization options to tailor the monitoring system to your specific network requirements and allow integration with other tools or systems. -Reporting and analytics: The software should provide detailed reports and analytics on network performance, allowing administrators to identify trends, troubleshoot issues, and make informed decisions. -Compatibility and integration: The solution should be compatible with a wide range of network devices, protocols, and operating systems and offer integration with other IT management tools. -Security features: The software should have built-in security measures to protect sensitive network data and provide features like user authentication, access controls, and encryption. -Vendor support and community: It is essential to consider the reputation and support provided by the software vendor, including documentation, training resources, and an active user community for troubleshooting and knowledge sharing.
    Related Articles
    Ariel Lindenfeld - PeerSpot reviewer
    Director of Community at PeerSpot
    Aug 21, 2022
    We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
    AS
    Director, Middle East, East India & SAARC at DMX Technologies
    Aug 26, 2022
    Modern-day servers are robust enough to accommodate as many applications and processes as possible. Still, there is a limit to how much load a server can handle. If your business does not heed the server constraints in time, you are bound to suffer from operational loss due to server downtimes. To closely monitor your server health, you must track specific metrics regularly. Here are some s...
    See 1 comment
    AW
    Marketing & PR Specialist at AdRem Software
    Aug 26, 2022
    Collecting as many metrics, statuses, and logs about the servers is indeed the first step, you never know what data you will need to solve a particular problem. The second step is to process and correctly pinpoint where the network performance/behavior differs from the expected range/baseline.  Can your network monitoring software automate the obvious (execute remote corrective actions in response to alerts) and notify the IT person about only critical situations where the human needs to make a decision about the resolution options? We expect the network monitoring software today to do just that.  I would say NetCrunch can do it, but do you have any experience with other monitoring products that provide a similar type of monitoring experience for IT teams?
    NC
    Content Manager at PeerSpot (formerly IT Central Station)
    May 2, 2022
    PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Network Monitoring Software Tools ...
    Related Articles
    Ariel Lindenfeld - PeerSpot reviewer
    Director of Community at PeerSpot
    Aug 21, 2022
    PeerSpot User's Choice Award 2022
    We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
    AS
    Director, Middle East, East India & SAARC at DMX Technologies
    Aug 26, 2022
    7 Most Important Metrics of Server Monitoring Software
    Modern-day servers are robust enough to accommodate as many applications and processes as possibl...
    Download Free Report
    Download our free Auvik Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
    DOWNLOAD NOW
    734,156 professionals have used our research since 2012.