To that end, companies should look for suspicious patterns, and they should look for signs that communications are being directed to unauthorized domain name system servers. If the logs show unexplained, atypical, or unauthorized communications to and from China, for example, that should be a red flag.
Spotting anomalies can be difficult. Internet communications can be masked to appear legitimate, explains Sartin. But newer tools, such as inference engines, are making it possible to better pinpoint malicious activity.
Such tools take a snapshot of individual hosts and operating systems, including which ports they tend to use when connecting to the Internet. They then test such systems’ communications over time and conduct vulnerability assessments specifically geared to each host.
End-user education is another key component of APT protection, says Oltsik. That’s because many APT attacks begin with phishing attacks in which attackers use e-mails to trick end-users into downloading malware.
Employees need to be taught what to look out for. They also should be told what type of data or information an attacker may be most likely to target in one’s organization, says Ling. A company that sells advanced high-tech devices, for example, might consider paying particular attention to suspicious activity surrounding the details of a forthcoming or new product.
The bottom line is that companies can expect APTs to be as persistent as their name indicates. And business executives must be equally vigilant in fighting against them with a multilayered defensive process.