Why I Make Fun of Advanced Persistent Threat (APT)

If you follow this blog, you may have noticed that I made fun of Advanced Persistent Threat on several occasions. I published APT haiku (thanks to all who contributed) and a series of APT cartoons. I established the Certified APT Nerd (CAPTN) professional credential with an exam. I also launched the APT Merchandise Store, where the most popular item is the "My APT Can Beat Up Your APT" t-shirt.

Why do I make fun of this serious topic? Because I care.

Many computer security incidents result from mass-scale attacks. Some incidents result from targeted attacks. A subset of targeted attacks, affecting relatively few organizations, is being called APT. (This is a form of malicious market segmentation.)

APT attackers are highly-skilled, determined and have a long-term perspective on their mission. As the result, it is difficult to detect and respond to such incidents, with the IR process spanning months or even years. Dealing with APT is expensive. The impact of the data loss resulting from an APT incident is costly, too.

The media's attention to high-profile APT incidents has turned APT into a marketing buzzword. It is simply too convenient for security product and service vendors to use APT as part of sales and marketing efforts, even though the majority of these offerings don't directly deal with APT.

I make fun of APT in the hopes that this will make it harder to use APT as a generic marketing buzzword or a boogeyman du jour. I also make fun of it because FUD-based marketing techniques, when taken to an extreme, can be quite humorous, and the job of an information security professional is too hard if it is always taken seriously.

And with that in mind, I present to you APT cartoon #6: APT Goes Mainstream on TV.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more