An Advanced Persistent Threat (APT) is a sophisticated, long-term network attack in which the attacker infiltrates a system undetected, steals data and remains undetected for as long as possible.
These attacks follow a specific sequence of steps, starting with strategy development, gaining access, infiltration and probing, through to stealing the data. Typical signs of an APT in a company are unusual logins, backdoor Trojans, unexplained data flows and other suspicious facts. Defense requires a combination of different technologies and measures such as up-to-date device management, SIEM, endpoint protection, monitoring, employee training and security awareness.
Countermeasures are divided into three phases: Identification of affected systems (analysis and damage assessment), intensive network monitoring (blocking access, preventing data outflow) and the development and implementation of a new security concept. This process takes weeks to months, which is why the early involvement of external experts is often recommended.