Advanced Persistent Threats (APTs) represent the most critical threat to modern organizations. Unlike broad-based automated attacks, APTs are human-driven infiltrations, perpetrated over long periods of time, customized to the targeted organization after some intelligence analysis, possibly on open sources, and can even exploit unknown exploits to infiltrate vulnerable systems. The economic cost for an organization victim of an APT can reach millions of dollars and its reputation could be compromised. As large enterprise networks continue to increase in traffic and number of connected devices, designing and implementing advanced network monitoring systems and security analytic algorithms that can rapidly detect APT attacks presents a daunting research challenge. Traditional pattern-matching security solutions work well at detecting known attacks, but are unable to identify APTs because attackers typically exploit unknown vulnerabilities and use standard protocols and encrypted communications (e.g. HTTPS) to evade detection . Additionally, existing traffic analyzers can detect common types of attacks (e.g., distributed denial of service and worms), but are inadequate at identifying APTs because a skilled attacker mimics normal behavior and compromises a limited number of hosts specific, thus avoiding the spread of infections such as Another problem of current detection systems installed in large architectures is represented by the enormous number of alarms generated, at least in the order of thousands per day. Such an environment would require either a large number of dedicated security analysts. more likely, the need to ignore most alarms. As a further observation, our focus on traffic logs reflects a realistic business scenario where host-based logs (e.g., system calls) would be extremely expensive to collect and analyze. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Advanced persistent threats (APTs) have attracted increasing attention from researchers, primarily from the industrial security sector. APTs are cyberattacks carried out by sophisticated, well-resourced adversaries that target specific information in high-profile companies and governments, usually in a long-term campaign involving several phases. To a significant extent, the academic community has overlooked the specificity of these threats and therefore lacks an objective approach to the APT issue. In recent years APTs have often made global headlines and many believe this term is overkill, as different people refer to it as different things. Because there are so many different opinions in the commercial market about what constitutes an APT, a clear definition is needed. In this article we adopt the definition given by the US National Institute of Standards and Technology (NIST), according to which an APT is: “An adversary that possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives using multiple attack vectors (e.g., cyber, physical, and deceptive). These objectives typically include establishing and extending footholds within the cyber infrastructure of targeted organizations for the purpose of extracting information, weakening, or impeding critical aspects of a mission, programor organization; or position yourself to achieve these goals in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over a prolonged period of time; (ii) adapts to defenders' efforts to resist him; and (iii) is determined to maintain the level of interaction necessary to achieve its objectives.” This definition provides a good basis for distinguishing between traditional and APT threats. The defining characteristics of APTs are: Specific objectives and clear objectives; Highly organized and well-resourced attackers; A long-term campaign with repeated attempts; Stealth and evasive attack techniques. Below is an elaborate description of these characteristics. Specific objectives and clear objectives: APT attacks are highly targeted attacks, always have a clear objective. The targets are typically governments or organizations that possess significant intellectual property value. Based on the number of APT attacks discovered by FireEye in 2013, the top ten industry verticals are education, finance, high-tech, government, consulting, energy, chemical, telecommunications, healthcare and aerospace. While traditional attacks propagate as widely as possible to increase the chances of success and maximize harvest, an APT attack focuses only on its predefined targets, limiting the attack's scope. Regarding attack targets, APTs typically seek digital assets that bring competitive advantage or strategic advantages, such as national security data, intellectual property, trade secrets, etc., while traditional threats primarily seek personal information such as data credit cards or general information valuable information that facilitates financial gain. Highly organized and well-resourced attackers: The actors behind APTs are typically a group of experienced hackers, working in a coordinated manner. They may work in government/military cyber units or be hired as cyber mercenaries by governments and private companies. They have sufficient resources both financially and technically. This gives them the ability to work for the long term and have access (via development or procurement) to zero-day vulnerabilities and attack tools. When state-sponsored, they may also operate with support from the military or state intelligence. A long-term campaign with repeated attempts: An APT attack is typically a long-term campaign, which can remain undetected in the target's network for several months or years. APT actors persistently attack their goals and repeatedly adapt their efforts to complete the job when a previous attempt fails. These are several additional threats, as traditional attackers often target a wide range of victims and will move straight to something less secure if they fail to penetrate the initial target. Stealthy and Evasive Techniques: APT attacks are stealthy, possessing the ability to remain undetected, hiding in corporate network traffic and interacting just enough to achieve their defined objectives. For example, APT authors can use zero-day exploits to avoid signature-based detection and encryption to obfuscate network traffic. This is different from traditional attacks, where attackers typically use "smash and grab" tactics that alert defenders. Many security professionals view the term "advanced persistent threat" (APT) primarily as a marketing term and do not recognize that advanced threat attacks exist that have bypassed traditional security protection techniques and resideunnoticed on their systems. Organizations are faced with an evolving threat landscape that they are not prepared to address. They must respond to these threats with the appropriate techniques and technologies. This research will help security professionals understand the new threats they face and the best practices they can adopt to reduce the risk of compromise against advanced adversaries directly targeting their organizations. Advanced Persistent Threat is a concept that has changed the essence of cyber threats. As the world is becoming completely dependent on digital functions, it is time to understand the current state of the threat around us. Furthermore, organizations are increasingly forced to invest more and more in cybersecurity. Therefore, based on the most recent literature, it appears to be unclear where to invest. Traditional security measures focus on creating layers of security between the Internet and the organizational network. While this approach is still relevant and should be maintained, as such it is not sufficient to ensure security against current threats. While it is impossible to achieve complete security, the ideology of security must be changed by understanding how modern attackers behave, what kind of resources they are using, and what they are actually looking for. This is the only way to maintain confidentiality, integrity and availability in order to mitigate harm. The main objective of the thesis is to propose mitigation solutions against modern threats in a proactive way. Unlike traditional defensive measures, the proposed solution assumes that the attacker is already within the organization's network. Therefore, the main components are segmenting the data to avoid losing valuable information and allocating resources towards high-power detection. This research includes an extensive literature review that introduces the concept of Advanced Persistent Threat and its relationship to organizational security. Therefore, current proactive mitigation solutions are synthesized by understanding the nature of APT, integrating carefully chosen related solutions, and using previously identified best practices as a basis. This study has become crucial due to the dangerously evolving nature of APT in modern society. Both individuals and organizations around the world are already losing resources due to their ignorance of the sophisticated methods applied by APT attackers. Common intrusion detection methods cannot detect such advanced persistent threats, commonly referred to as advanced threats. A new approach is needed that takes into account the graduated characteristics of these types of threats and links analysis methods to attack characteristics. Existing research on APTs comes primarily from the industrial security community. Traditional security vendors (e.g., McAfee, Symantec) and emerging APT-focused companies (e.g., FireEye, Mandiant) regularly publish technical reports documenting cases of APT attacks. In, Thonnard et al. conducted an in-depth analysis of email attacks identified as targeted attacks by Symantec and, through the analysis, demonstrated that a targeted attack is typically a long-running campaign that is highly focused on a limited number of organizations. What is an Advanced Persistent Threat and how has the term changed? The term "advanced persistent threat" is often used by mainstream media and security technology vendors, and has become a trendy new marketing phrase for selling products and services. The meaning of.