Security firm Lumension acquires CoreTrace to beef up APT prevention products

Critical infrastructure firms hunker down in face of APTs

There is growing concern among IT departments about advanced persistent threats (APTs) that target enterprises involved with critical infrastructure such as electricity, oil and gas, financial services, defense, chemicals and even large Web firms such as Google.

According to a survey by IBM (NYSE: IBM) cited in its X-Force 2012 Mid-Year Trend and Risk Report, 59 percent of enterprises stated they believe it is "highly likely" or "likely" that they have been APT targets. Moreover, 30 percent believe they are "very vulnerable" or "vulnerable" to a future APT attack.

An APT, not surprisingly, is advanced, persistent and threatening. It is advanced because it employs stealth and multiple attack methods to compromise the target, often a high-value corporate or government resource. The attack is difficult to detect, remove and attribute. Once the target is breached, back doors are often created to enable continual access to the company's network.

An APT is persistent because the attacker can spend months gathering intelligence about the target and use that intelligence to launch multiple attacks over an extended period of time. Last, it is threatening because perpetrators are often after highly sensitive information, such as the layout of nuclear power plants or codes to break through U.S. defense contractors' security.

A recent example of an APT was an attack this summer on large oil firm Saudi Aramco that erased data on 75 percent of the company's PCs, replacing the data with an image of a burning American flag, according to a report by the New York Times. After the attack, Aramco was forced to shut down the company's internal network to stop the virus from spreading, disabling employees' e-mail and Internet access, the newspaper noted.

"This was a massive attack that was extremely destructive in terms of loss of data and technology within a cornerstone that keeps the globe running--that is, critical infrastructure," Pat Clawson, chairman and CEO of endpoint security firm Lumension, told FierceEnterpriseCommunications.

To beef up its APT prevention capabilities, Lumension this week completed the acquisition of CoreTrace, an Austin, Tex.-based application control software provider, for an undisclosed consideration.

Lumension said the acquisition of CoreTrace will enhance its application whitelisting capabilities, portfolio of patents and other intellectual property. The security firm plans to integrate key aspects of CoreTrace technology into its application control product, which is part of the Lumension Endpoint Management and Security Suite.

The rise of APTs and weaponized malware has resulted in a new generation of widely distributed malware. "The whole concept of application control or application whitelisting is about stemming the flow of advanced persistent threats," Clawson said.

"One of the things this technology does is to stop an APT in its tracks. When you stop trying to guess about what malware is out there… and instead say, 'Here is the whitelisted image of what is allowed to run on this device. We don't care what you are trying to add to it or change, it can't run,'" Clawson explained.

In a recent report, Gartner projected that by 2015 more than 50 percent of enterprises will institute "default deny" policies that restrict what applications users can install.

"Security-conscious companies are already switching over to 'default deny' policies, using application control solutions that limit the code that can execute on a particular machine to a known set of approved applications… The major benefit of this type of system is that polymorphic, targeted and new threats are blocked because they are unknown," Gartner explained in the report.

Critical infrastructure firms will continue to confront APTs, which can cause severe damage to the corporate network and IT infrastructure and result in data theft or worse. Many firms are deploying application whitelisting products to thwart these attacks. Security vendors should take note: The bad guys are not going away.

For more:
- see the IBM survey (sub. req.)
- read the New York Times article
- see the Lumension release
- check out the Gartner report (sub. req.)

Related articles:
U.S. firms flood House panel with calls about suspicious network activity
Huawei, ZTE probed on possible Chinese government ties, business in Iran