Advanced Persistent Threats
What if a homeowner took a month to notice that a burglar was living in the extra bedroom? That seems unlikely, and yet, essentially that is often what happens when an advanced persistent threat (APT) infiltrates an enterprise. A 2018 Ponemon Institute study revealed that U.S. companies took an average of 197 days to detect an APT intrusion.1 Intel IT is committed to improving our ability to rapidly identify, contain, and remediate APTs—network attacks characterized by stealthy, unique malware designed specifically for the target environment. APTs constitute a small but highly destructive percentage of the information security threats that are continuously monitored. Our approach to APTs is characterized by two important concepts. First, we are shifting from actively watching for negative events to operationalizing the containment of such events through the use of intelligent software agents. We are building an information security architecture that we can trust to successfully contain 99 percent of the attacks that occur. Second, operationalizing the containment of 99 percent of threats frees us to hunt for and address the one percent of them that make it through our defenses. We are using groundbreaking technology, such as machine learning algorithms for anomaly detection and pattern analysis, to identify APTs in our environment. A typical goal of APTs is to steal data, which is one of Intel’s most valuable assets. Our approach to information security is designed to protect that data to the best of our ability and in the most efficient way possible.