Incident Response, TDR

Study: AV, anti-malware most used controls for APT defense

A global poll revealed that AV and anti-malware technologies were employed at nearly all enterprises as a line of defense against APT attacks, while security pros used other key security controls far less.

On Tuesday, ISACA, an association with over 115,000 constituents which focuses on IT governance, risk and privacy concerns, released its second annual Advanced Persistent Threat (APT) Awareness report.

The study, which polled 1,220 security professionals tracked the industry's understanding of APT threats, as well as what measures practitioners used to identity and respond to such attacks.

When asked what specific controls their enterprises used to protect sensitive data from APT actors, 96 percent of respondents choose AV and anti-malware technologies.

While participants used a “variety of preventive, detective and investigative controls to help reduce the likelihood of a successful breach,” the study found that solutions, like mobile security gateways, sandboxes and remote access technologies, were utilized in a much lower incidence, the report said.

Only 60 percent of security pros said that they used remote access technologies as a line of defense against APT attacks, while even fewer employed mobile security gateways and sandboxing technologies – about 40 percent and 30 percent, respectively.

In the report, advanced persistent threats were defined as prolonged, stealthy attacks “aimed at the theft of intellectual property (espionage) as opposed to achieving immediate financial gain.”

Rob Stroud, international president of ISACA, told SCMagazine.com in a Tuesday interview that security professionals have been “very good at installing those types of technologies,” (referencing AV and anti-malware), and that doing so was “almost a part of our DNA," as an industry.

Still, “anti-virus alone is not enough,” he said, and overlooked controls, such as those protecting mobile entry points, can become an attack vector for APT groups.

“If you are not aware of these potential exposures, then you are not dealing with it,” Stroud added.

The report, which did highlight that more people were aware of  APT threats and taking steps to improve their security posture as a result, also concluded that enterprises still had work to do in changing the ways they respond to evolving APTs.

“The technical controls most often identified as being used to prevent APTs are network perimeter technologies, such as firewalls and access lists within routers, as well as anti-malware and anti-virus,” the report said.

“While these controls are proficient for defending against traditional attacks, they are probably not as well suited for preventing APTs for a number of reasons,” such as zero-day threats and use of spear phishing attacks, the report continued. “This indicates that additional controls – and perhaps an increased focus on email security and user education – could be beneficial.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.