Protecting Your Enterprise from APTs

Thales e-Security can help protect your organization from APTs through its Vormetric Data Protection Platform.

Advanced Persistent Threats (APTs)

In its 2013 Advanced Threat Report, FireEye defined advanced persistent threat (APT) attacks as:

The use of distinct TTPs [techniques, tactics and procedures] that appear to be employed directly or indirectly by a nation-state or professional criminal organization. The goals of such attacks range from short-term cyber espionage to long-term subversion of targeted networks.

Thales e-Security can help your organization protect itself from APTs.

APT Commonalities

While these TTPs continually change in what Mandiant likens to “a game of cat and mouse,” some things about APTs remain the same:

  1. APTs target a specific entity (usually a government organization or business).
  2. They are orchestrated by humans who use social engineering and/or malware to exploit the target system.
  3. They are difficult to detect and persist in the targeted system over a long period of time.
  4. They generally employ an external command and control system that continuously monitors and extracts data.
  5. Once the APT is inside a target system, it exploits other vulnerabilities to move laterally through the system and gain access to potentially the entire system.
Motives for Advanced Persistent Threats (APTs)

What the APT does varies on the intent of the attack. Mandiant’s M-Trends® 2015 Report offers the following motives:

  1. Nuisance (access and propagation)
  2. Data theft (economic, political advantage)
  3. Cyber crime (financial gain)
  4. Hacktivism (defamation, press and policy)
  5. Destructive attack (disrupt operations, delete data)
The Growing Number of Doors to Data Access

According to the 2016 Vormetric Data Threat Report:

Many of the most pernicious attacks we’ve seen in the recent past have come … from an assortment of external actors—including cybercriminals, nation-states, hacktivists and cyberterrorists—that frequently masquerade as insiders by using stolen or compromised credentials to access all types of valuable data, including personally identifiable information (PII), personal health information (PHI), financial data and intellectual property. In addition to “bad guys” acting like insiders, firms are also relying on a growing list of third-parties to handle both non-core and increasingly core business functions. … Traditional outsourcing relationships, public cloud services, big-data applications and the emerging Internet of Things (IoT) have collectively expanded the data supply chain and contributed to an exponential increase in the number of external parties with some level of access to our networks and sensitive data. Prior work by 451 Research has indicated that, in the case of some large global firms, the number of third-party data relationships can easily number in the tens of thousands. Thus, … the line between insider and outsider continues to blur....

APTs

Protect the Data

Because those who want to steal your data have so many ways to get to it, Thales e-Security's approach is to protect the data itself through Vormetric Transparent Encryption with integrated Key Management for data at rest, Application Encryption, Tokenization with Dynamic Masking and more. These techniques make the data meaningless and worthless without the tools to decrypt it.

Limit Access to the Data

However, encryption would fall short when defending against APTs, if cyber criminals were to gain access to the tools for decrypting the data. So the next step is to tightly control user access.

  • Separation of privileged access users and sensitive user data. With the Vormetric Data Security Platform from Thales e-Security, administrators can create a strong separation of duties between privileged administrators and data owners. The Vormetric Data Security Platform encrypts files, while leaving their metadata in the clear. In this way, IT administrators—including hypervisor, cloud, storage, and server administrators—can perform their system administration tasks, without being able to gain privileged access to the sensitive data residing on the systems they manage.
  • Separation of administrative duties. Strong separation-of-duties policies can be enforced to ensure one administrator does not have complete control over data security activities, encryption keys, or administration. In addition, the Vormetric Data Security Manager supports two-factor authentication for administrative access.
  • Granular privileged access controls. Thales e-Security’s solution can enforce very granular, least-privileged user access management policies, enabling protection of data from misuse by privileged users and APT attacks. Granular privileged user access management policies can be applied by user, process, file type, time of day, and other parameters. Enforcement options are very granular; they can be used to control not only permission to access clear-text data, but what file-system commands are available to a user.
Monitor Access to the Data

Thales e-Security enables the enterprise to monitor and identify extraordinary data access. Vormetric Security Intelligence provides detailed management logs that specify which processes and users have accessed protected data. The detailed management logs specify when users and processes accessed data, under which policies, and if access requests were allowed or denied. The management logs will even expose when a privileged user submits a command like 'switch users' in order to attempt to imitate, and potentially exploit, the credentials of another user. Sharing these logs with a security information and event management (SIEM) platform helps uncover anomalous patterns in processes and user access, which can prompt further investigation. For example, an administrator or process may suddenly access much larger volumes of data than normal, or attempt to do an unauthorized download of files. These events could point to an APT attack or malicious insider activities.

Quick and Easy to Install No Matter what your OS

Thales e-Security can work with you to install Vormetric Data Security solutions in weeks rather than months. Thales e-Security solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).

Easy to Use

Vormetric solutions from Thales e-Security make it simple to solve security and compliance concerns by simultaneously defending data in databases, files and Big Data nodes across public, private, hybrid clouds and traditional infrastructures. Central management of the entire data security platform makes it easy to extend data security protection and satisfy compliance requirements across the entire enterprise, growing as required, without adding new hardware or increasing operational burdens. Thales e-Security today is helping a major retail bank protect 10,000 servers and a major retailer protect over 15,000 servers.

Won’t Hurt System Performance

Customers typically report no perceptible impact to end-user experience when using Vormetric solutions from Thales e-Security. They perform encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.

White Paper : Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications

By Securosis analysts and industry experts, Rich Mogull, CEO and Adrian Lane, CTO. This paper cuts through the confusion to help you pick the best encryption and tokenization options for your projects. The focus is on encrypting in the data center: applications, servers, databases, and storage. It also covers cloud computing (IaaS: Infrastructure as a Service).

Download

White Paper : Encryption as an Enterprise Strategy

By Dave Shackleford, IANS Faculty Member and SANS analyst This report is a survey and offers analysts on creating an enterprise-wide encryption strategy and explores the growing “encrypt everything” philosophy.

Download

Video : 2015 Frost & Sullivan Global New Product Innovation Award

Frost and Sullivan analyst discusses why Thales e-Security was honored as the recipient of the prestigious 2015 Frost & Sullivan Innovation Award

Play

Related Solutions

The Vormetric Data Security Platform

The Vormetric Data Security Platform products from Thales e-Security make it efficient to manage data-at-rest security across your entire organization.

Learn More

Vormetric Transparent Data encryption

Vormetric Transparent Data Encryption from Thales e-Security provides enterprise encryption and key management to secure any file, any database, and application in physical, virtual and cloud environments.

Learn More

The Vormetric Data Security Manager

Vormetric Data Security Manager from Thales e-Security is a data security appliance which enables centralized policy and encryption key management via its data security management console.

Learn More
It’s very apparent that Vormetric is major steps in front of the competition. Sabastian High Senior manager for Product Development Standards and Innovation, McKesson, Inc.
Vormetric is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Vormetric. Damian McDonald Vice President of Global Information Security, Becton, Dickinson and Company
There is absolutely no noticeable impact on the performance or usability of applications. I am very excited at how easy the solution is to deploy and it has always performed flawlessly. Christian Muus Director of Security for Teleperformance EMEA
Implementing Vormetric has given our own clients an added level of confidence in the relationship they have with us; they know we’re serious about taking care of their data. Audley Dean senior director of Information Security,
BMC Software
Vormetric’s approach of coupling access control with encryption is a very powerful combination. We use it to demonstrate to clients our commitment to preserving the security and integrity of their test cases, data and designs. David Vargas Information Security Architect
Cadence Design Systems
My concern with encryption was the overhead on user and application performance. With Vormetric, people have no idea it’s even running. Karl Mudra CIO
Delta Dental of Missouri
The Vormetric solution not only solved all of our encryption needs but alleviated any fears of the complexity and overhead of managing the environment once it was in place. Joseph Johnson, chief information security officer CHS

As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We… Joe Majka, Chief Security Officer

Thales provided the expertise needed to design and implement a tailored, secure VoIP solution The Thales team helped us to develop and implement a process that protects our customers’ calls and our company from counterfeiting. Marek Dutkiewicz, Director of Product Management
image description

2017 Thales Data Threat Report

Read More
View All Resources
인터랙티브 동영상 시청하기 자세히 보기
라이브 데모 예약하기 예약하기
전문가와 상담하기 연락하기