Baseline Hardening The Best Defense Against Advanced Persistent Threats

Baseline Hardening: The Best Defense Against Advanced Persistent Threats

What business should do to protect against APTs

  • By Brad Thies
  • Jun 25, 2018

According to a number of sources, Reaper, a hacking group linked to North Korea, has now become sophisticated enough to be labeled an advanced persistent threat (APT) — a type of cyber threat with the capability and intent to get ongoing, long-term access to a system. With its recent exploitation of a zero-day vulnerability present in Adobe Flash Player, the group demonstrated the ability to infiltrate high-value corporations. Past targets include companies in Japan, the Middle East, and Vietnam, and the group is mainly focused on industry verticals such as manufacturing, aerospace, chemicals, and electronics.

The attack on Adobe represents a high level of sophistication; this is not your everyday smash-and-grab cyberattack. An APT that is able to exploit a zero-day vulnerability is more like an "Ocean’s 11"-style heist: It takes long-term planning and continuous stealth.

Because APTs take more time for hackers to put in place, they tend to target high-value organizations with a lot of data, such as cloud service providers. In the case of the Equifax job, hackers were looking to augment a database they already had. APTs will also go after valuable intellectual property or even military strategies. While there are some loosely affiliated hacker collectives, such as Anonymous, that are capable of APT attacks, most of these groups are state-sponsored; governments are well-suited to provide the ongoing resources required by the hacker for yearslong operations.

The Best Defense

The first thing a business should do to protect itself against APTs is make sure its system meets up-to-date industry security standards — this process is called a baseline hardening initiative. The speed at which applications and servers are deployed and the sheer volume of system builds make it impossible to produce safe, resilient systems unless there are baseline security standards every step of the way. The Center for Internet Security (CIS) has effective benchmarks that should be considered in any environment, as they can sometimes prevent significant damage from APTs.

The first step in baseline hardening is defining the standards you will use (such as the CIS benchmarks) and measuring your current environment against them. Then, commit to an immutable infrastructure (one in which you are not just making small tweaks to the same servers over time) so your standards are automatically rebuilt with every change made. That will help you avoid “configuration drift.”

Immutable infrastructures take time to build, so while this process is underway, you should make sure to segment your network, which will limit an attacker's mobility within your system and limit the damage.

Expect an Attack

Those first lines of defense are critically important, but it is equally important for large corporations to be realistic. Assume you will get hacked, and assume you will be breached. The best thing you can do is develop an action plan for when it happens.

Each person on your team should have a specific job when responding to a breach. Assign people responsibility for handling interactions with the security, legal, and forensic teams, as well as outside law enforcement, including the FBI and federal regulators. Have other parties get in touch with any cybersecurity partners you use to develop a plan moving forward. Have your PR team organize media communications. In broad strokes, the NIST framework is an excellent method to follow when creating a cybersecurity response plan: identify, protect, detect, respond, and recover.

In a crisis, it is important to have a core group of experts running the show. This is where a business needs to lean on its IT staff. There are many tools available to help your developers create a secure environment, so turn your DevOps team into a DevSecOps team. This transformation will maintain consistent security while improving processes and enabling a higher velocity of system changes. A thorough security strategy will also include a security operations center that can monitor for suspicious network activity.

Protecting your company from APTs takes a big commitment. Hackers will exploit any vulnerability you give them, so cutting corners does you no good. You will need to have the tools, people, and processes in place that allow you to take action if — or when — the time comes.

Featured

  • 5 Tips to Improve Your Password Security

    Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now

  • Enhancing Port Security

    DP World Yarimca, one of the largest container terminals of the Gulf of İzmit and Turkey, is a strong proponent of using industry-leading technology to deliver unrivaled value to its customers and partners. As the port is growing, DP World Yarimca needs to continue to provide uninterrupted operations and a high level of security.To address these challenges, DP World Yarimca has embraced innovative technological products, including FLIR's comprehensive portfolio of security monitoring solutions. Read Now

  • Hot AI Chatbot DeepSeek Comes Loaded With Privacy, Data Security Concerns

    In the artificial intelligence race powered by American companies like OpenAI and Google, a new Chinese rival is upending the market—even with the possible privacy and data security issues. Read Now

  • Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

    Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025. In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.