EXAMPLES OF APT ATTACKSThe Combination of Attack Elements Are Complex and Evolving Every Day

Watering hole attack + Encrypted data + Target’s

intellectual property (IP) = APT

Zero-day network exploit + Stolen or fraudulent digital signatures + OS

privilege escalation = APT

WHAT CAN CATCH APTsAND WHAT CANNOT

WATCHGUARD APT BLOCKER

© 2014 WatchGuard Technologies. All rights reserved.

www.WatchGuard.com/APTBlocker

*Malwise—An E�ective and E�cient Classi�cation System for Packed and Polymorphic Malware, Deakin University, Victoria, June 2013

ADVANCED PERSISTENT THREATS

Real-time Threat Visibility and Protection in Minutes, Not Hours.

Bringing APT Out From The Shadows

The Evolution of

APT no longer targets huge corporationsand nation-states. Now all companies

are vulnerable, regardless of size.

Operation AuroraTarget: Google Result: Stole source code

January

2010

StuxnetTarget: IranResult: A�ected nuclear-plant operations

June

2010

RSA/LockheedTarget: RSA and Lockheed Martin Result: Stole SecureIDs

March

2011

Duqu Target: Iran, Sudan, Syria, and Cuba Result: Stole digital certi�cations

September

2011

FlameTarget: Countries in Middle EastResult: Data gathering and ex�ltration

May

2012

New York TimesTarget: NY Times Result: Stole data, corporate passwords

January

2013

Adobe BreachTarget: AdobeResult: Stole customer information and data

October

2013

Target BreachTarget: Target Result: Stole customer credit card data

December

2013

EVOLUTION OF APT

ADVANCED PERSISTENT THREATS

Cannot Catch CAN CatchLayered defense,

log analytics and visibility tools, signature-less

detection technologies (next-generation

sandboxing, virtual execution, real-time

reputation)

STANDALONE ANTIVIRUS

ANTISPAM

LEGACY FIREWALLS IPS

APPLICATION

CONTROL

WatchGuard APT Blocker - Available Today On WatchGuard’s Uni�ed Threat Management Platforms.

TargetedAn individual organization, nation state or even speci�c technology is the focus. In�ltration is not accidental.

Persistent It doesn't stop. It keeps phishing, plugging and probing until it �nds a way in to serve malware.

AdvancedAn unknown, zero day attack that has malware payloads and uses kernel rootkits and evasion-detection technologies.

WHAT IS AN ADVANCED PERSISTENT THREAT?

Spear phishing + Kernel rootkit + Custom malware = APT

OF TODAY’S MALWARE can morph to avoid detection by

signature-based antivirus solutions.*88%NEARLY