In “Strategies for Dealing with Advanced Targeted Attacks,” Gartner Research Directors Jeremy D’Hoinne and Lawrence Orans note, “Targeted attacks, often called APTs, penetrate existing security controls, causing significant business damage. Enterprises need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats.”
APTs and ATAs probe networks and users for vulnerabilities, utilise zero-day exploits for infection, establish botnets and maintain communication with command and control servers before exfiltrating data or sabotaging systems – all while evading traditional security and detection solutions.
“Many security vendors have overhyped APTs, blurring its definition to distract the market from the fact that their solutions are simple features that should be included in a greater platform,” said Michael Sutton, vice president of security research, Zscaler. “Advanced threats are more than just social engineering, zero-day attacks or data exfiltration; they are the sum of these parts and more, requiring a comprehensive solution to address each individual attack surface as a whole.”
The advanced threat protection lifecycle includes protection, detection and remediation; however, the first generation of APT solutions, such as behavioral analysis, has been limited in addressing the entire lifecycle. Behavioral analysis is an important feature for identifying advanced threats, but it is not a complete solution on its own. The results from behavioral analysis must be combined with other preventative and detective controls to ensure comprehensive protection.
Delivered from the world’s largest and most scalable global direct-to-cloud network, Zscaler for APTs breaks new ground in the fight against the most difficult and pervasive cyber threats, providing multiple layers of advanced security protection and utilising the broadest range of inspection technologies and techniques. Only Zscaler for APTs consolidates the commoditized features of existing point appliances to provide a comprehensive security platform that addresses all major phases of APT defense:
· Protection – Zscaler for APTs delivers proactive and real-time protection from potentially malicious code, enhancing its static anti-virus and vulnerability shielding with its newly-introduced dynamic behavioral analysis engine to block initial infections.
· Detection – Zscaler for APTs bolsters its bi-directional, in-line traffic scanning with its newly-introduced DNS analysis to detect suspicious traffic patterns indicative of botnet callbacks to minimise dwell time of APTs, identifying botnets before they can take root.
· Remediation – Zscaler for APTs augments its advanced “big data” security analytics with its newly-introduced integration into leading security information event management (SIEM) solutions, providing information security teams with the real-time global visibility into network, payload and endpoint traffic required to isolate botnets and remove infection.
Zscaler for APTs is delivered from the Zscaler Direct-to-Cloud Network, the world’s largest and most scalable global security cloud, which leverages community threat intelligence from its more than 10 million deployed users – an install base ten times greater than any other community defense platform – to provide on-going visibility and protection from emerging threats, regardless of device or location. The Zscaler Direct-to-Cloud Network enables enterprises to eliminate traditional security appliances, streamlining management and vastly reducing network infrastructure costs by securing users as they travel “direct-to-cloud.”
“It seems a single day cannot pass without some interesting new botnet emerging in the news,” said Tony Fergusson, IT architect, MAN Diesel & Turbo. “It is reassuring to know that Zscaler for APTs leverages the depth of its behavioral analysis with the breadth of its Direct-to-Cloud Network visibility to deliver a uniquely comprehensive solution.”