Dubai, UAE – June 5, 2013 – Security professionals agree that the safe approach to examining potential APTs is with high-performance on-board and cloud-based sandboxing capabilities as part of a unified security strategy. But how are these potential zero-day exploits identified?
Fortinet has compiled the following list of the top five initial exploit and exfiltration behaviors most likely to result in a potential APT attack.
1. Random generation of IP addresses. Some APT payloads include code that randomly generates strings of IP addresses. They do this to aid propagation.
2. Command and control connection attempts. Once infiltrated, APTs may elect to connect with a command and control server in order to exfiltrate data or to signal further attack resources i.e. via a botnet. Detection is based on control signatures and rendezvous detection.
3. Host mimicry. An APT may begin to mimic the behavior of its host device or application in an attempt to evade detection.
5. Encrypted traffic. The trend toward encrypted malware within APT payloads renders all encrypted traffic at elevated risk.
Enterprises wary of Zero-Day IT security attacks can now benefit from the ultimate in advanced threat protection from Fortinet's new operating system – FortiOS 5.
Released at the end of 2012, FortiOS 5 includes over 150 enhanced capabilities designed to support the current and evolving security challenges of organizations grappling with more mobile devices and applications. Within its arsenal against Advanced Persistent Threats, Fortinet has added on-board and cloud-based sandboxing capabilities for executing unknown malware, complementing its unique ‘Compact Pattern Recognition Language' processor, which enables single signatures to cover well over 50,000 different viruses including zero-day variants.
Bashar Bashaireh, Regional Director, Fortinet Middle East, said: “Network security continues to be one of the most pressing concerns of businesses in the Middle East. Enterprises are constantly forced to review their security strategies and add new layers of defense as Advanced Persistent Threats become more sophisticated and hard to detect. The release of FortiOS 5 is an important breakthrough in providing comprehensive protection against today's evolving network security threats. The new operating system delivers superior performance and provides comprehensive protection against APT attacks. Moreover, FortiOS 5 is also a strong reaffirmation of Fortinet's commitment to deliver powerful network security solutions that cater to the specific needs of enterprises in the Middle East and other global markets.”