Advanced Persistent "Threat"? Or an "in-progress attack"?

Posted by John Worrall    Apr 12, 2012 3:10:00 PM

William Jackson's recent article in Government Computer News, "The Untimely Death of The Advanced Persistent Threat?" is an interesting read.  Apparently RSA and Mandiant no longer like the term "Advanced Persistent Threat."  (Aren't they the ones who defined it in the first place?). I share the concern they have with the term, but for a very different, more obvious reason.

Let me ask you a question.  When does a "threat" become an "attack?"  

It seems to me that a "threat" represents a potential attack.  If a burglar is inside your house looking under the sofa for the sterling silver, is there a "threat" of a robbery? Seems a bit more urgent than that. If a well-armed enemy soldier is found wandering around a military base, wouldn't that be considered an attack?

That's my issue with the term "advanced persistent threat." The attacker is inside your network, actively trying to evade detection and steal your data.  Seems like you've moved well beyond a "threat."  You are under attack. So let's call it what it is.  "Active Attack" or "in-progress attack" are more accurate descriptions, don't you think?

 

Topics: Cyber Security, APT, Detecting in-progress attack

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates