Advanced Persistent Threats
Watching for Unknown Threats From Advanced Persistent Attackers
Advanced persistent threats, along with targeted attacks and the malware they leave behind, are among the biggest security challenges faced by enterprises, industry verticals and government agencies. By using statistical analysis and the ability to baseline activities to find abnormal behavior, Splunk products can help you defend against these highly targeted attacks across your IT infrastructure that go undetected by point solutions. Splunk software can help you:
- Focus security resources and efforts on your company's most important assets
- Use data analytics to protect against threats across your infrastructure
- Search, find and dissect attack patterns for a proactive security approach
Discovering malware left behind by determined, persistent and highly skilled attackers is not possible with signature and rule based systems reporting data to a SIEM. These systems look for abnormal behaviors and covert attacks—not abnormal behavior occurring across your IT infrastructure. Finding malware designed to hide in normal activity requires a platform that can ingest large amounts system data, find context through data analytics, and point out the differences between normal machine and human behaviors verses malware.
Today's malware is stealthy, persistent and often looks like a normal service or application that starts at boot-up time. It's built to spread across systems so that if an instance is found and removed, an attacker can perform their own post mortem and activate another instance that will continue to collect data. Splunk can collect and index any data without regard to format or size and perform automated searches across petabytes of data. A robust analytics command language facilitates a security intelligence approach that enables analysts to ask threat scenario-based questions of your data. This unique approach lets you proactively find these persistent threats by examining data patterns in normal activities.