Welcome!

XML Authors: Jayaram Krishnaswamy, David Weinberger, Jason Bloomberg, Michael Nir, David Smith

Related Topics: SOA & WOA, XML, Web 2.0, Security

SOA & WOA: Blog Feed Post

Load Testing to Detect Advanced Persistent Threats

What is an Advanced Persistent Threat?

I’ve written before about how capacity planning and load testing tools can help companies prepare for a Distributed Denial of Service (DDoS) attack, but we’ve begun to see a new class of attacks emerge, called Advanced Persistent Threats (APT), whose aim is much more sinister than a slow response time or “page not found” error.

What is an Advanced Persistent Threat?
The intentions behind APT are all about espionage — not just state-sponsored espionage but also extensive and well-organized industrial espionage. APT is not about any particular technology or technique. The actual attack can range from social engineering, viruses and trojans, network sniffing, and even brute-force attacks. What makes an APT attack new and different is that it is perpetrated by well-financed organizations that have a specific goal to achieve. While the ordinary hacker will simply look for the softest target, an APT will often target a specific company and try every means necessary to achieve its goal. The attacks are advanced, they are persistent, and they are definitely threats.

If DDoS is like having picketers standing in front of your building, preventing people from conducting normal business, then APT is more like having ninjas slip into your CEO’s office to steal the plans for a hot new product so they can sell it to your competitors.

What Can You Do to Stop It?

As with DDoS, companies should have contingency plans in place for detecting and dealing with an APT attack. As ComputerWeekly reported (emphasis mine):

RSA’s OTMS group has seen evidence that no organisation can consider itself immune from advanced cyber attacks. All organisations should assume their networks are infected and have a well-tested plan in place to follow when systems are breached.

I used to be on the IT side, so I know from personal experience the difference between having a technology or a process in place and knowing how it will work under real-world conditions. It is important not only to be able to detect an attack, but to also have a contingency plan in place for responding to an attack.

Load testing technology enables you to reproduce some of the threats you face and target certain areas to make sure that your systems can manage those kinds of attacks. This is similar to what we’re capable of doing in simulating a DDoS attack, but it’s also very specific because we can script for specific users and have them do specific functions.

For example, imagine that one APT attack might be, instead of sending a million users at one time as with a DDoS attack, sending a million users over a course of a few days, attempting to log in with a million different accounts. With load testing, you have the ability to do just that: launch a million users from around the world, all attempting to log in to your site using just a series of user names and passwords. Can your system detect such an attempt and recognize it as a coordinated attack? Run the numbers to see whether you were able to detect the attack and what sort of contingency plan, if any, took effect during the attack.

However, a word of warning: There is no secret formula to prevent APT attacks from happening. Trust us, if we come up with one you will be the first to know! But, like regular fire drills, advanced planning and testing can help prevent or reduce the damage that such an attack can cause.

Read the original blog entry...

More Stories By Sven Hammar

Sven Hammar is Co-Founder and CEO of Apica. In 2005, he had the vision of starting a new SaaS company focused on application testing and performance. Today, that concept is Apica, the third IT company I’ve helped found in my career.

Before Apica, he co-founded and launched Celo Commuication, a security company built around PKI (e-ID) solutions. He served as CEO for three years and helped grow the company from five people to 85 people in two years. Right before co-founding Apica, he served as the Vice President of Marketing Bank and Finance at the security company Gemplus (GEMP).

Sven received his masters of science in industrial economics from the Institute of Technology (LitH) at Linköping University. When not working, you can find Sven golfing, working out, or with family and friends.