5 steps to counter Advanced Persistent Threat as a company

5 steps to counter Advanced Persistent Threat as a company

Especially with APTs, so-called Advanced Persistent Threats, the complexity and sophistication that are associated with these cyber attacks, is rarely apparent at first sight. Focused on the objective, these attacks are carried out over a period of several weeks, months or even years, with the goal always being the same: espionage.   Meanwhile, it is no longer just a matter of spying on state information, as it was originally the case. An Advanced Persistent Threat is increasingly posing a risk to companies. Economic and industrial espionage are no longer just encountered in blockbusters from the 70s and 80s. In fact, this threat is a part of the daily routine of small, medium, but also large companies.  

Advanced Persistent Threat – A successive type of attack

  An Advanced Persistent Threat is based on very sophisticated (advanced) techniques of attacking, and the criminal activity continues for a long period of time (persistent). It‘s a long-term undetected spy attack.   The progressive infiltration of a company on a digital and personal level is associated with a great deal of effort from the cyber criminals. A background check of the victim is carried out initially. The next step involves initial approaches of a more subtle nature. It is therefore not uncommon for the attacker to appear in the form of a potential business partner or employee.   If the attacker has a regular opportunity to enter and leave the company, it is only a matter of time before he can implement his tools on individual computers or the entire network in order, for example, to steal sensitive data of a company or even a group in the final phase. Welcome to the Age of Economic Espionage 2.0 by the Advanced Persistent Threat. Conventional security concepts, such as antivirus, firewalls and so on, are by far no longer sufficient to deal with Advanced Persistent Threats. The same applies to the monitoring of data traffic, for example via intrusion detection. Again, further protective measures must be taken into account, which need to be much more complex.   In the following, Hornetsecurity will show you 5 concrete steps to protect your company from an Advanced Persistent Threat:    

1. Realtime Monitoring

In order to defend yourself from exploits, targeted phishing attacks or special forms of Advanced Persistent Threat, you should perform a comprehensive analysis at all times in your organization. Only in this way you will have the opportunity to recognize suspicious technical processes at an early stage and counteract them in a timely and effective manner.    

2. Stay up-to-date

Central databases that collect and analyze cybercrime activities worldwide can help you keep an eye on current threats, which are caused by Advanced Persistent Threats.    

3. Data Leak Prevention

An employee tries to open files for which he has no authorization? Recognize and prevent first irregularities before it is too late and the company’s internal data reach the hands of third parties by electronic means.    

4. Creating Isolated Company Environments

The magic word for this form of protection is “sandbox”. What is meant in principle is a test environment, which is disconnected from the main system, so that files which represent a potential risk can be opened in an isolated area without causing sensational damage. Advanced Persistent Threats can also be contained in this way.    

5. Pattern Recognition

It is of particular relevance that you use applications, which reliably monitor your network traffic, but at the same time can also limit the network if any abnormalities occur. This applies to unauthorized access, but also for the detection of malicious software, which is usually not used in companies. In this way you, as a business, can already rely on a solid foundation to protect yourself against Advanced Persistent Threats.
Emailing from the cloud – the smart alternative for SMBs

Emailing from the cloud – the smart alternative for SMBs

Digitization turns our working world and existing IT structures upside down. Products turn into services; fixed service packages turn into tailored solutions that can be customized in a modular manner to suit the changing requirements and IT budget of companies. The cloud makes this possible.   Small and medium-sized enterprises (SMBs) in particular have had difficulty keeping up with the rapid IT developments in recent years. The result: aging infrastructure and applications that are no longer on the cutting edge. This in turn lead to slower business processes. Media inconsistencies have often hampered the continuous flow of processes.   In addition to classic office or business applications, this also affected and continues to affect email traffic. Outdated solutions are still in use. Not least because many companies lack the necessary expertise – people use what they are familiar with and tend to shy away from innovations. Cloud solutions in particular can be a way of avoiding this dilemma for many SMEs. Professional cloud providers enable these companies to benefit from modern infrastructure and sufficient IT know-how that helps them make use of modern solutions.   Hornetsecurity provides its customers secure and convenient email traffic with Hosted Exchange. Companies that do not have a professional IT department particularly benefit from such a service, which provides a professional email landscape at attractive prices. Operating the solution is a breeze, as only some basic information is required to set it up. For the customer, this means “out of the box” emailing, i.e. getting started quickly and easily without a long installation process. The provider also takes care of maintaining the solution. Users no longer have to worry about updates, as hardware and software are always state-of-the-art.   Security is Hornetsecurity’s core competence. Spam and virus protection is thus a self-evident component of Hosted Exchange. The service also includes encrypted data traffic via TLS and the ability to recover deleted messages if necessary.   Individual service variants   Customer focus and service quality are key features of Hosted Exchange, which is offered in two versions. The service is generally aimed at users who either don’t want to or can’t operate their own email server. Hosted Exchange allows such companies the flexible use of a professional email infrastructure. The service offer includes 25 gigabytes of storage capacity and Microsoft Exchange, which Hornetsecurity uses as a platform for the service.   Hosted Exchange Enterprise Plus is based on the basic version of the service, while extending it to include additional options. This variant thus enables you to store your entire email traffic for three months. This is a particularly important criterion for critical business processes, as accidentally deleted messages can be recovered without any problems. Hosted Exchange Enterprise Plus also provides encryption mechanisms that allow emails to be signed and encrypted using the latest technologies.   With solutions such as Hornetsecurity Hosted Exchange, SMEs in particular should see the digital transformation as an opportunity rather than as a risk. Digital processes and services from the cloud increase flexibility, provide transparency and reduce IT costs, thus making SMEs fit for global competition.
Executable file interceptor – the Content Filter

Executable file interceptor – the Content Filter

  A central promise of our Managed Spam Filter Services is to protect our customers from malicious mails. Especially the automatic detection of spam and malicious software has rapidly gained importance in recent months – Locky, Tesla, Petya and co. send their regards! The Content Filter is an additional, customizable protection. Customers can use it to independently control the handling of attachments contained in incoming and outgoing emails. The maximum file size for attachments can thus be set – although the Content Filter’s ability to detect certain types of file extensions is much more important. This allows administrators to define specific file extensions, thus preventing the delivery of an email with the relevant attachment.  


The content filter can be quickly activated and customized in the control panel

Specifically, this means: If an IT manager wants to prevent their email users from receiving attachments with the .exe extension, they need only enable the Content Filter (if not already activated) and enter .exe into the open field. As a special service and for ease of use, we have set up several group extensions to provide improved protection in all the default settings: .executable, .mediafile, .xlsmacro and .docmacro. If, for example, “.executable” is specified, the Content Filter automatically blocks 58 extensions of executable files. This group extension is continuously maintained and kept up to date in order to always ensure the highest possible protection. The extension .mediafile, for example, can be used to filter out files with the extensions .wav, .mp3, .mid. mpg and several others. The two other collective terms are specifically designed to retain macros in Excel and Word files, which often transmit links to blackmailer viruses. The Content Filter can incidentally be configured for the entire domain as well as for specific groups within a domain.   If not already enabled, we thus urgently advise all customers and partners of Hornetsecurity to activate the Content Filter free of charge and add the file extension “.executable” to their list of files to be blocked. They can ramp up their protection another notch by doing so. The screenshot shows how this is done.   Note: This blog post was first published in April 2015 and has now been updated and adapted to the new ransomware threats.
Always up to date thanks to cloud storage

Always up to date thanks to cloud storage

  A central feature of Hornetdrive is the smooth, quick exchange of files between users. The company GROHE found an interesting use for the centralized control and distribution of its marketing materials to showrooms and sales representatives.   INITIAL SITUATION Druck GROHE, a leading German manufacturer of sanitary fittings, equips several showrooms with an iPad as part of a project. In addition to marketing videos and product information, it also provides selling points to guide the staff working in the showrooms. Several sales representatives also own iPads for their professional activities. Marketing materials had traditionally been provided via an enterprise application on the mobile devices. The problem: This software required an Apple license that had to be renewed annually and could only be installed by GROHE itself. The company thus had to collect all the iPads once a year to install a new version of the materials and the app and then send them back to the showrooms. It was thus impossible to make spontaneous changes to the product information. To put an end to this complicated and time-consuming procedure, GROHE looked for an alternative.   SOLUTION With Hornetdrive, digital content can be distributed within seconds – to computers and mobile devices anywhere in the world with an internet connection. The user first loads all the files to be distributed onto the Hornetdrive cloud, from where they are then automatically synchronized with all access-authorized devices. For people who are not members of the respective drives and therefore do not have permission to access the data, the files are useless because they are encrypted locally before uploading. Multi-rights management can be used to assign users different permissions, facilitating easy control of the content’s usage and editing. The German company Hornetsecurity – the provider of Hornetdrive – operates the service exclusively in German data centers and in compliance with the German Data Protection Act.   RESULT In Hornetdrive, GROHE found a service that allowed the company to distribute its marketing information to the iPads of its showrooms quickly and easily, without the bothersome annual recall of iPads. All showrooms with internet access can now install Hornetdrive, and then GROHE invites them to use the drives in which the content is found. At the same time, they are given a “read only” authorization, so that they cannot change or delete content and GROHE thus keep the control over product videos, data sheets, and so on. The company can also control updating of the materials from a central location – it simply inserts a new file into the drive and the iPads are immediately synchronized and brought up to date. And GROHE was satisfied with Hornetsecurity as a German provider because the data is fully encrypted and this is done in Germany.