Evaluating Advanced Persistent Threats Mitigation Effects: A Review

Abstract

Advanced Persistent Threat (APT) is a targeted attack method used by a sophisticated, determined and skilled adversary to maintain undetected access over an extended period for exfiltration of valuable data. APT poses high threat levels to organizations especially government organizations. 60% of the problem is the inability to detect penetration using traditional mitigation methods. Numerous researches indicate that vulnerabilities exists in most organizations and when exploited will have major fininacial implications and also affect the organizations reputation. Traditional methods for mitigating threats to information systems have proved ineffective. This paper aims at evaluating the utilization and effectiveness of Advanced Persistent Threat Mitigation techniques using existing literature and thereby providing a synopsis of APT. A method-based approach is adopted, reviewing the researches and a comparative analysis of the methods used in the mitigation of APT. The study compares 25 researches, which proposed methods in mitigating the threat. The research articles are filtered, separating mitigation methods from review articles, identifying the threats etc. from a wide range of research reports between 2011 and 2017. These 25 researches were analysed to show the effectiveness of 12 mitigation methods utilized by the researchers. In mitigating APT multiple methods are employed by 72% of the researchers. The major methods used in mitigating APT are Traffic/data analysis (30%), Pattern recognition (21%) and anomaly Detection (16%). These three methods work inline with providing effective internal audit, risk management and cooperate governance as highlighted in COBIT5 an IT management and governance framework by ISACA.