How XDR can defend SMBs against APT attacks

Next story

Small to midsize businesses are a hot target for threat actors. Why? The simple answer is that SMBs usually can't spend a fortune to build a vigorous security castle for their IT environment, making them an easy target for cybercriminals. At the topmost, Advanced Persistent Threats (APT) are a nightmare for SMBs as they can easily penetrate the SMB's network stealthily and remain there for a long haul.

Luckily, security solutions like Extended detection and response (XDR) can effectively secure SMBs from APT attacks. XDR offers cutting-edge detection and response capabilities, threat intelligence, and detailed network visibility, which SMBs can use to achieve APT cyber security.

Let's investigate how XDR can help protect SMBs from APT attacks.


Why APTs attacks are a concern for businesses

APTs, as the name implies, are highly advanced attacks designed to fly under the radar and "persist" in the victim's environment for as long as possible. Highly skilled cybercriminals (including state-sponsored ones) typically plan these attacks for a specific target and to achieve a set goal. 

APTs proceed with the following steps:

  • Compromise an environment 
  • Stay hidden for as long as possible
  • Carry out its goals (which could vary from disrupting operations, stealing data, committing fraud, extorting money or performing political espionage)

APTs compromise environments by exploiting zero-day vulnerabilities for which no patch or control is present. Once they have a foothold in their environment, the "dwell time," or when the attack remains undetected, causes the most damage to the business. During this time, an attacker can perform lateral movements, compromise other systems and even leave vulnerabilities that will allow him to come back and compromise the business again later. 


A recent example

A successful APT attack can devastate a business, resulting in financial and reputational loss. That is not even considering the ongoing costs of security investigations, forensics, or regulatory fines. Let's take the example of one of the most recent successful APT attacks in recent memory: the SolarWinds compromise. 

The famous IT management company was compromised in 2020 with an APT that infected its popular Orian software update. This allowed the APT to subsequently compromise a massive number of companies, significantly increasing the "blast radius" of this attack. The attack was severe enough for the White House to issue a statement regarding how many federal agencies and private sector companies were compromised. 

Moreover, this breach cost $18 million to SolarWinds in the first three months of the compromise. Furthermore, Solarwinds is not considered an SMB and is worth about $1.4 billion. However, you can understand and compare how deadly APT attacks can be for SMBs.


Is there any solution to combat an APT attack?

APTs extend their dwell time through numerous sophisticated techniques that are undetected by most security systems. They know traditional security controls like anti-malware, network monitoring, and hardening security tools. They are smart enough not to carry out activities that will raise alarms. 

It is essential to realize that no silver bullet or magic solution can protect against APTs completely. What can make a big difference is a defense-in-depth strategy based on controls at multiple layers. Employees must be trained on what types of social engineering attacks facilitate APTs. Technical controls/hardening must be present at all infrastructure layers. 

One of the critical technical controls that help in fighting against APTs is XDR or Extended Detection and Response. 


XDR is a supportive hand against advanced persistent threats 

XDR is an integral part of the technical controls that protect against APT attacks. It does this by providing a proactive way of responding to the progressive nature of APT attacks. 

APTs are smart enough to evade perimeter controls, firewalls, and anti-malware due to their high skills and resources. XDRs, on the other hand, do not rely on standard methods and instead use robust analytics and techniques like machine learning to identify activity indicative of an APT on the network. XDRs collect information from multiple sources, such as the perimeter, network, endpoints, and cloud, to build a baseline of regular activity within the network.  

APTs are smart enough to refrain from carrying out actions that will get flagged by traditional security controls. However, suspicious activities of APTs can be detected with the use of modern XDR, like ESET Inspect.

XDRs provide the following security benefits to SMBs for APT cyber security

● It has advanced analytical capabilities which allow the detection of threats, invisible to traditional security controls. XDRs are powered by machine learning algorithms, making the solution more intelligent the more data it gathers. 

● Improved incident response as XDRs typically can respond automatically in addition to detection. It can isolate affected systems and implement security controls, decreasing the APTs' dwell time within a network. 

● Threat intelligence is vital in combating APT attacks. XDRs can automatically integrate the threat intelligence feeds from an additional source of paid service or tools. These insights can be used to implement proactive improvements before an APT can compromise an environment.

● Enhanced threat hunting as instead of sifting through vast amounts of indicators of compromise (IOCs) to identify attacks, XDRs can automate the entire process end to end. It can also consolidate data from multiple sources allowing the security teams to investigate from one dashboard. 


Key takeaways 

APTs can devastate SMBs, including financial loss, reputation loss, operational disruption, and regulations misconduct. SMBs are struggling businesses and can't afford the successful hit from the APT attack. Therefore, prevention is always better than cure, and XDR is the best prevention SMBs can have against advanced persistent threats. Although XDR is not the only solution that will complete all security needs, it covers a massive attack surface. It is always recommended not to rely on a single security solution; implementing XDR with other security solutions or frameworks will offer SMBs excellent APT cyber security.