What is APT?
APT is one of the hottest topic in IT security marker. APT is abbreviation of Attack Persistent Threat, a vicious type of attack indeed. APT attack means to use high end hacking methods such as zero day attack, spear phishing, watering hole and others in order to accomplish successful hacking. Most of the APT attack is done via email and web, especially exploiting web vulnerability (drive by download) to inject malware code and extort information.
How can APT be defended?
The main reason why APT is so hard to detect is because APT happens to bypass security system. Attackers keep low profile until they reach their target by avoiding or neutralizing security systems. Sandbox technology is known for its effectiveness against APT attack, but there are variety of ways of avoid sandbox. Sandbox solution has been and still is evolving to detect APT attack by supplementing sophisticated defense mechanism, but hackers seems to evolve a little bit faster. The fundamental limit of sandbox has to be dealt with another defense technology. Sandbox is deployed out-of-band instead of inline due to its consecutive service, which makes it impossible to detect original attack. Regression analysis technology can solve this issue by tracing the original attack and track back the network/endpoint which is effected.
APT defense system linking Email & Web security
MONITORAPP prepared two lineups for APT defense. First item is AISWG. AISWG(APPLICATION INSIGHT SECURE WEB GATEWAY) is powerful security web gateway to provide the flexibility in business requirements, and protect internal web users of the corporation to assure secure web usage environment from the threat of various web attacks. Second item is AISEG. AISEG(APPLICATION INSIGHT SECURE EMAIL GATEWAY) is an exclusive appliance based security email gateway that blocks APT attacks, spear phishing attacks, etc. by blocking malicious files and URLs via email, and prevents exfiltration of internal critical information(DLP).
MONITORAPP presents URL/Malware management tool MUD(Malicious URL Detection) and MAD(Malicious All-file Detection) linked with the above two product to defend against APT attack. MUD will detect any threat prior to the actual user contact to website. Threat detected website will be blocked by AISWG; MAD will detect mail attachment for malware which then be blocked by AISEG. MONITORAPP proxy engines provides MUD and MAD with no additional hardware installation, enabling latest sandboxing and signature tracking technology. Find out more about AISWG and AISEG