How effective are today’s APT detection and prevention tools?

APT is a suspected attacker that intends to perform attacks against high profile targets to compromise and control over them secretly. The APT attackers mostly rely on new malwares, so that they cannot be recognized by anti-virus softwares. There are a number of solutions being introduced to the market lately to provide solutions to this concern. Of course these tools are important and useful but it is very challenging if you really want to ascertain their effectiveness.

So it is challenging to find out how effective the given tool is. This requires testing them with some new, malware samples. In fact there may arise a need to develop test samples and these can only be developed by professionals with special experience and expertise in this area. They perform rigorous analysis and develop the testing methods using advanced targeted malwares.

Although there have been great deal of efforts to find out the methods that may be able to measure the effectiveness of your tool, but a definite solution is still not in place. This is because there are differences between the products with respect to their detection capabilities. While a few of the products can detect the samples but others may bypass the tests. In fact these testing samples cannot also reveal which products can perform better. Yet they may be helpful in testing APT tools and scanning the safety of your networks.

Technically, most of the defense tools today cannot provide a 100 percent protection against the apt threats. The product you choose must be updated and layered to stand against the apt threat and to deploy the most effective APT defense technologies. Your product must aim at:

  1. detecting even those attacks that gets evaded from other protections
  2. rapidly analyze deviations made to the machines by the attackers
  3. remedy the complete damage
  4. provide daily security audits
  5. assess the health of security products
  6. provide real-time search capabilities and
  7. creating remedial filters

Here is probably a sigh of relief for the users of APT detection and prevention tools. Various APT campaigns are on a high and they rely on tools not detected by a usual antivirus product. A lot of companies have come up with special solutions to locate and block such apt threat. There are independent testing firms and labs that conduct tests and compares solutions.  They also work with the IT security research companies to work on efficacy and assurance of the tools.

So we suggest that you conduct proper APT testing, in-house or from another provider to judge the products.