December 5, 2013

The APT attack kill chain: seven stages, five strategies, one solution


Kill ChainOriginally, the term advanced persistent threat (APT) was used to describe nation-state cyberattacks designed to achieve strategic advantage. Today, the term has broadened to encompass a wide variety of attacks targeted at businesses for monetary gain. Cybercriminals have elevated the sophistication of their attacks and have become adept at stealing intellectual property.

Seven Stages

APTs consist of seven customary attack stages used by cybercriminals to enhance their theft success rate. Click here to download a whitepaper detailing the stages of an advanced attack, including: recon, lure, redirect, exploit kit, dropper file, call-home and data theft.

It's important for security professionals to be aware of this shift and recognize that traditional defenses are no longer effective. Antivirus, firewall and IDS/IPS products do not have the technology to address today's advanced threats. Organizations require a heightened level of protection to meet cybercriminals head-on and thwart inbound and outbound data theft attempts.

Five Strategies

APTs typically play out in multiple phases. In some cases, they may take months or even years to fully execute and successfully extract data from a network. To sufficiently prepare your organization for these vicious and effective cybercrime techniques, we have prepared the following five strategies:

  1. Real-Time Threat Analysis-To combat against spear-phishing, exploit kits, dynamic redirects and other types of APT attacks, organizations must employ more than traditional defenses. Real-time analysis provides security teams with a constant stream of data, which can be used to make vital and immediate decisions about an organization's security posture.
  2. Global Threat Awareness-Simply put, organizations benefit from large threat detection networks. The larger the network, the greater the threat awareness.
  3. DLP Capabilities-A fully contextually aware DLP solution must be deployed to protect sensitive data against exfiltration.
  4. Sandboxing-Effective analysis and reporting has become crucial for security professionals to make informed decisions about their organization's security posture.
  5. Forensic and Behavioral Reporting-A successful security deployment will include forensic and behavioral analysis and yield actionable reports. The more actionable the report, the more valuable it is to the organization.

One Solution

Due to increasingly complex attack and evasion techniques being used by bad actors, organizations need to have a dynamic approach to security. APTs and other targeted attacks are becoming more prevalent, but there are security solutions available to stop them. Be sure to choose a security solution that monitors inbound and outbound traffic for malicious behavior and provides real-time forensic reports. Identifying the threat in the early stages will help mitigate data loss, save countless man-hours and save your security team many sleepless nights.

Are you relying on dated security and/or point solutions to protect your organization from APTs? We'd love to hear the challenges your company might be facing and in return, offer advice on how you can better secure your data.

For more information on APTs and the seven stages of an advanced attack, please visit:


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.