|By Sven Hammar||
|October 17, 2012 09:00 AM EDT||
I’ve written before about how capacity planning and load testing tools can help companies prepare for a Distributed Denial of Service (DDoS) attack, but we’ve begun to see a new class of attacks emerge, called Advanced Persistent Threats (APT), whose aim is much more sinister than a slow response time or “page not found” error.
What is an Advanced Persistent Threat?
The intentions behind APT are all about espionage — not just state-sponsored espionage but also extensive and well-organized industrial espionage. APT is not about any particular technology or technique. The actual attack can range from social engineering, viruses and trojans, network sniffing, and even brute-force attacks. What makes an APT attack new and different is that it is perpetrated by well-financed organizations that have a specific goal to achieve. While the ordinary hacker will simply look for the softest target, an APT will often target a specific company and try every means necessary to achieve its goal. The attacks are advanced, they are persistent, and they are definitely threats.
If DDoS is like having picketers standing in front of your building, preventing people from conducting normal business, then APT is more like having ninjas slip into your CEO’s office to steal the plans for a hot new product so they can sell it to your competitors.
What Can You Do to Stop It?
As with DDoS, companies should have contingency plans in place for detecting and dealing with an APT attack. As ComputerWeekly reported (emphasis mine):
RSA’s OTMS group has seen evidence that no organisation can consider itself immune from advanced cyber attacks. All organisations should assume their networks are infected and have a well-tested plan in place to follow when systems are breached.
I used to be on the IT side, so I know from personal experience the difference between having a technology or a process in place and knowing how it will work under real-world conditions. It is important not only to be able to detect an attack, but to also have a contingency plan in place for responding to an attack.
Load testing technology enables you to reproduce some of the threats you face and target certain areas to make sure that your systems can manage those kinds of attacks. This is similar to what we’re capable of doing in simulating a DDoS attack, but it’s also very specific because we can script for specific users and have them do specific functions.
For example, imagine that one APT attack might be, instead of sending a million users at one time as with a DDoS attack, sending a million users over a course of a few days, attempting to log in with a million different accounts. With load testing, you have the ability to do just that: launch a million users from around the world, all attempting to log in to your site using just a series of user names and passwords. Can your system detect such an attempt and recognize it as a coordinated attack? Run the numbers to see whether you were able to detect the attack and what sort of contingency plan, if any, took effect during the attack.
However, a word of warning: There is no secret formula to prevent APT attacks from happening. Trust us, if we come up with one you will be the first to know! But, like regular fire drills, advanced planning and testing can help prevent or reduce the damage that such an attack can cause.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Dec. 9, 2016 08:00 PM EST Reads: 1,006
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
Dec. 9, 2016 07:45 PM EST Reads: 679
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
Dec. 9, 2016 06:45 PM EST Reads: 5,135
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
Dec. 9, 2016 06:15 PM EST Reads: 1,760
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Dec. 9, 2016 05:30 PM EST Reads: 2,363
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
Dec. 9, 2016 05:30 PM EST Reads: 463
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Dec. 9, 2016 05:15 PM EST Reads: 1,460
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Dec. 9, 2016 05:15 PM EST Reads: 1,884
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Dec. 9, 2016 04:45 PM EST Reads: 1,294
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Dec. 9, 2016 04:45 PM EST Reads: 1,862
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 9, 2016 03:30 PM EST Reads: 1,235
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Dec. 9, 2016 03:15 PM EST Reads: 982
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 9, 2016 03:15 PM EST Reads: 870
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
Dec. 9, 2016 02:45 PM EST Reads: 639
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Dec. 9, 2016 02:45 PM EST Reads: 1,043
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
Dec. 9, 2016 02:42 PM EST Reads: 257
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 9, 2016 02:15 PM EST Reads: 822
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Dec. 9, 2016 02:15 PM EST Reads: 1,785
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Dec. 9, 2016 11:45 AM EST Reads: 2,381
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
Dec. 9, 2016 11:45 AM EST Reads: 7,384