ATP - Persistent
• They are persistent
because of their methods
• Tenaciously calculated
• Long term gain
• Financially lucrative
• Focuses on short
• Sloppy with their
• Usually detected
ATP - Threat
It’s a threat because the
• Motivation to succeed
• Financial gain is great
• Sizeable financial blow
to their competitors
Advanced Persistent Threats
APT is characterized as:
“slow and low” cyber attacks
against servers containing
valuable intellectual property.
• Unauthorized software
• Dormant and undetected
• Information is sent remotely to
Value of data
retrieved by APTs
• Avoid costly research
• Procure sensitive
The threats are real
because these hackers
are just that…
Should we be concerned? Does it apply to me?
APT - Advanced
Not Hackers – Black hat
APT Life Cycle
Advanced persistent threats create a growing and
changing risk to organizations‟ financial assets, intellectual
property, and reputation by following a continuous
Gain foothold in
Deploy tools to
Verizon Report 2011/2012
• Verizon Data Breach 97% of
attacks were avoidable
through simple or
• Over 60% of attacks were
targets of opportunity, not
Verizon Case Study 97% - Ignorance is Bliss
• On average, it takes months for a company to become aware that they have been
• 92% of the incidents were discovered by a third party.
• In most cases, evidence of the intrusion was clearly present in the company's log
The Real Threat
• Company Technology or
• Awareness is key
• Repetition is necessary
So What is REALITY?
• We have a lot of work to do
• New skills
• New vectors
• Focus on the 97% -basics
What is the 3% APT
• Real Advance Persistent threats only
entailed 3% of all the hacks according to
the Verizon report
• Example: Sophisticated Malware Attack
• Remote access backdoors
• Persistent reputation
What happens when you are attacked?
Locate the system or systems under
Find and preserve all log files.
Purge and clean the infected network.
Test the entire network for potential
If needed, implement new security
What Should You Do Overall?
Verizon Data Breach Report states that we
• Eliminate unnecessary data; keep tabs on
• Ensure essential controls are met
• Assess remote access services
• Test and review web applications
• Audit user accounts and monitor privileged
• Monitor event logs
• Examine Payment Mediums / Devices of
• Educate- Personal
Countermeasure: User Education
It is extremely important to inform end-users about the
dangers of running software obtained from untrusted
Instead of having users simply read and sign-off on the
company computer usage policy, actually discuss computer
security issues (picking strong passwords, malicious
software, etc) in a face-to-face meeting.
Remember, there is no „patch‟ for stupidity!
Effective Security is
Most attacks are
Design, develop, and
Count on Mile2
Mile2 will help you:
• Protect your company, network and system from attacks.
• Protect your intellectual property.
• Enforce acceptable use policies and investigate offenders.
• Learn how to plan, implement, build & maintain a complete
• Stay abreast of the most current information and methods
relating to IT Security.
• Gain CPE credits: mile2 classes can be submitted to other
certification organizations for continuing professional
education (CPE) credits.
What Makes Mile2 Superior?
• Mile2's famous penetration testing and IT Security
training classes have become the de facto standard
for the US Military; US Air Force, Marines, Army and
• Mile2 has also taught personnel from the United
Nations, DND, DOD, NATO, NASA foreign Military
and Government personnel and a large number of
fortune 100 companies.
• Traditionally, student participation has also come
from a wide spectrum ranging from
charities, banking, insurance, health, communication
s, transport, and law enforcement.
• We practice what we preach!
• Mile2 is a certification
governing body with
certifications not only
known globally but
also well respected.
• With a Mile2 Cyber
name, you will be
• You will have
to do your job
Income range: $45,000 - $131,000