Security officers of organizations face a new set of challenges in today’s world – particularly those that result from advanced persistent threats (APTs). APTs are able to thwart traditional perimeter security schemes by working patiently over long periods of time to compromise defenses and to manipulate employees to click on familiar looking but malicious websites and emails. Attackers infiltrate corporate networks and discover areas where sensitive data is located, vulnerable areas where confidential data is easiest to steal, which employees are most likely to handle such data, and how sensitive data routinely moves about the organization. For example, attackers can employ “low and slow” techniques of copying a few sensitive files per day over a long period of time once they discover a level of activity that keeps them below the organization’s monitoring thresholds.
In the past it was sufficient to guard the organization’s IT perimeter with tools such as firewalls, intrusion detection, and data loss prevention (DLP), these techniques are no longer effective by themselves against APTs, other sophisticated attacks and insider threats.