The Inconvenient Threat – part 1

Today’s threat landscape are generally pointing to terms Advanced Persistent Threats (APTs) and Advanced Targeted Attacks (ATAs). In reality there is a lot of overlap in the meaning of both terms so we call them Advanced Threats.

Advanced threats are a more sophisticated and concentrated effort, usually focusing on a single target, where the goal is to obtain sensitive and valuable information for financial reasons or corporate espionage. The trend is that Advanced Threats are targeting end users by preference.

These attacks often use previously unknown vulnerabilities, such as zero day attacks. They often develop over time and take months to unfold, while the attackers continuously monitor and extract data. In contradiction to other threats and attacks, Advanced Threats are usually performed by well-funded and good organized professionals.

How Do they work

Advanced Threats are carefully planned and meticulously executed. They typically break down into four phases: incursion, discovery, capture, and exfiltration.

During the incursion phase, attackers often use a mix of social engineering, zero-day vulnerabilities and targeted malware to gain initial access to the organization’s network. Access is often gained through a lower priority system or one deemed to be of lesser importance than the final target.

Another frequently used attack vector is a spear phishing attack, which is an email attack designed to gather sensitive information and targeted at specific individuals within a company.

Once initial access is gained, the attackers seek to map out the organization’s systems and discover any vulnerabilities, credentials, or other possible access methods to the organization’s confidential and valuable data.

Once the systems have been mapped out and an attack vector identified, attackers move on to the capture phase. During this phase they access unprotected systems and capture information about the system over an extended period of time. They may also install malware in preparation for the next phase of attack.

During the final phase, exfiltration, attackers have seized control of the targeted systems and proceed with the theft of confidential and valuable data. Once the attackers have the data they can then proceed to further analyze and exploit it.

How to defend

Since Advanced Threats are multi-vector attacks, performed over a long period of time and are typically very stealthy, our defense needs to be sophisticated, thorough and well organized covering Protection, Detection and Response. Strategy and vision, supported by Security Intelligence, are needed to form the base how to address the risks organizations are facing today and tomorrow over Process, People and Technology. Preparation is the key word here: proactive security is absolutely necessary! If you don’t, the damage may be beyond any imagination. Examples of companies who went bankrupt after a successful cyber-attack are a realistic picture!

It is not a matter of íf they are coming, we knów they are coming, and we’d better be prepared for them!


ARAMA TECH biedt Managed Services voor de bekroonde Symantec Endpoint Protection (SEP) voor Windows desktops, laptops en servers voor MKB organisaties die hun gebruikers willen beveiligen maar die niet de vereiste security afdeling hebben om deze oplossingen zelf te beheren en monitoren.

Zaken doen en klanten tevreden houden is al moeilijk genoeg zonder zich ook nog eens zorgen te moeten maken over online bedreigingen. Maar virussen, malware en andere bedreigingen blijven een realiteit en ze worden bijna dagelijks steeds talrijker en geavanceerder. Nog sterker, cyber criminelen richten hun pijlen voornamelijk op de kleinere bedrijven om toegang trachten te krijgen tot de grotere organisaties. In 2014 was 60% van alle cyberaanvallen gericht op de eindgebruikers van kleine en middel-grote organisaties. Daarom is het belangrijker dan ooit om te zorgen dat uw belangrijkste bezit beschermd wordt. Online bescherming van uw bedrijf moet krachtig en gemakkelijk in het gebruik zijn zonder special hardware of technische expertise. Het moet ook uw laptops, desktops en servers beschermen zonder ze langzamer te maken of de eindgebruiker te belemmeren in zijn productiviteit.


  • Zorgeloze Services: ARAMA TECH biedt meer dan 15 jaar ervaring in het veld, expertise en security kennis;
  • Flexibele Managed services welke dynamisch mee veranderen met de wensen en eisen van klanten;
  • Zeer snelle inzet van de bekroonde Symantec technologie zonder enige aanvullende hardware of software investeringen;
  • Geen speciale IT staf of training noodzakelijk;
  • Snelle bescherming van laptops, desktops en servers in minuten;
  • Flexibel licentie model gefaciliteerd door cloud-based uitrol.

The New Arcsight Express 6.9.0 SIEM solution is here!

The all-in-one SIEM appliance combines the best of log management and security event management. This SIEM appliance gives you the insight and tools to identify and prioritize threats so that you can enhance your incident response and improve the security of systems.

Identify and prioritize security threats. HP Arcsight event correlation engine analyzes logs from multiple devices and links events so organizations can detect threats and allocate resources.
Become productive immediately and learn as you go. Take advantage of the same full-featured dashboards for compliance monitoring and compliance reporting that most security groups use.
Identify suspicious behavior by monitoring for insider threats, compromised credentials, and exfiltration of data to high-risk locations, all within a single SIEM appliance.
  • All-in-one appliance DL 380 Gen 9 box
  • Store up to 2.5 TB (Compressed)
  • Ease of management with new SIEM software (based on ESM codebase)
  • Broadest set of data collection capability in the market (275 SmartConnector, 100 CEF partners, FlexConnectors)
  • Up to 2500 EPS sustained
  • New apps delivered through ArcSight Marketplace
  • Simplified pricing (base and add-on SKUs)

ArcSight Express can give you complete visibility into the who, what, and where of a security event. Visit for more information. Read more about what it can do for you in this data sheet:


Ongeëvenaarde optimalisatie van uw SIEM implementatie door HP & Blue Coat.

Ongeëvenaarde optimalisatie van uw SIEM implementatie door HP Arcsight & Blue Coat Analytics Platform.

HP ARCSIGHT is de industry-leidende Security Information Event Monitoring (SIEM) oplossing die moderne IT security bedreigingen en risico’s adresseert over alle organisaties heen, van enterprises tot midden- en klein bedrijf! Het HP ArcSight platform is het enige unieke en schaalbare platform voor het monitoren van bedreigingen en risico’s in een omgeving van niet-omgrensde netwerken, persistente bedreigingen en enterprise risico’s.

Het Blue Coat Security Analytics Platform en Global Intelligence Network het corporate risico helpt bij het reduceren door het bieden van volledige netwerk zichtbaarheid, geavanceerde netwerk forensics en realtime threat detectie voor alle netwerk activiteiten. Dit stelt de organisatie in staat om geavanceerde malware die over het netwerk gaat te identificeren en zero-day aanvallen en geavanceerde gerichte aanvallen in te perken. Een opname van alle netwerk activiteiten faciliteert een zeer snel forensisch onderzoek, proactief incident response en het oplossen van inbraken in een fractie van de tijd. Analytics Platform integreert met alle grote SIEM oplossingen.

Door de integratie van beide Best-in-Class producten wordt een business solution gecreëerd waar onder andere met full packets capture en sessie “rebuild & play-back” mogelijkheden tot dreiging-analyse en forensische analyse maken dat de security teams ongeëvenaard efficiënt en effectief hun taak om inzicht, grip en controle over het reduceren van risico’s voor de organisatie kunnen uitvoeren. Naast de unieke compleetheid en diepgang van de analyses, is reductie in tijd voor root cause analyses met betrekking tot aanvallen en security incidenten tot 85% realiseerbaar!

Daarmee biedt de combinatie HP Arcsight – Blue Coat Analytics Platform klanten de optie om óf bij dezelfde scope van monitoring de teams efficiënter te laten werken waardoor het team gereduceerd kan worden (kosten besparing), óf de optie om de scope van monitoring te vergroten en meer use cases te implementeren of meer bronnen te monitoren waardoor het risico voor de organisatie verder verlaagd kan worden.

ARAMA TECH levert als partner van HP Enterprise Security en Blue Coat beide oplossingen, alsmede de Professional Services voor implementatie, training en Hybrid Managed Services.


HP Atalla & HP Security Voltage collaboration


HP Atalla and HP Security Voltage drive leadership in data-centric security and encryption solutions. With over 80 patents and 51 years of expertise, we protect the world’s largest brands and neutralize breach impact by securing sensitive data-at-rest, in use, and in motion. Our solutions provide advanced encryption, tokenization, and key management that protect sensitive data across enterprise applications, data processing infrastructure, cloud, payment ecosystems, mission-critical transactions, storage, and Big Data platforms. HP Atalla and HP Security Voltage solve one of the industry’s biggest challenges: simplifying the protection of sensitive data in even the most complex data security use cases.


