Example ATP Detection
What is apt detection?
An Advanced Persistent Threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for a period of time. The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organization.
The Barac platform will use the behaviour on the 200 indicators that we use for detection for instance:
- Detect any abnormal configuration or session based on the 200 indicators
- We understand the behavior of the encryption for the last 3 weeks to create a baseline
- This allows for correlation and comparison of any new setups
- The ETV looks for changes in connection parameters to detect abnormalities.
- If a user client is using particular TLS connection parameters and we detect any change
- In the cipher proposed or the size of the handshake, then the models will categorize this as an abnormality