Advanced persistent threats (APTs) are complicated and well disguised malware infecting internal systems and have become the coin phrase of late, due to there being no better way to describe the capabilities of this more recently observed sophisticated malware. The anti-virus software companies have done a good job at eradicating the most common malware such as the "I Love You" virus and others. What has not been easy to eradicate are the malware types that use complicated zero-day vulnerabilities, multi-encoded malicious payloads, encryption, obfuscation, and clever masquerading techniques that are infecting networks at an all-time high.

The approach taken by APT mitigation solutions is providing a safe environment; usually virtualized instances or sandboxes of operating systems, such as Microsoft Windows, are employed, where malicious software can run and infect the operating system. The tool then analyzes everything the malicious software did, and decodes the payload to identify the threat and create a "signature" to mitigate further exploitation. Some tools are appliance-based. This decoding and analysis happens on the box and some vendors provide the service in the cloud. Some other capabilities of these tools include tracking infections and detecting whether a connection has a successful callback to the malware host.

Technology in this space is new and it is unknown at this point in time how today's solutions will ultimately advance in the future. A significant consideration when assessing products in this area of technology is what skillsets are required to effectively maintain the solution and gain the most benefit of its use. They do a lot of the work for the IT security staff, but some level of malware analysis knowledge and techniques may be required to use the solutions. Leveraging a cloud solution may be better for less experienced teams or simply to reduce the operational overhead of using an advanced technology that analyzes some of the most complicated application code today.

Several manufacturers in the IDS/IPS and NGFW technology areas have made significant progress in providing APT detection and mitigation, both on the box and in the cloud. The benefit of leveraging one of these technologies would be that the devices are already inline and the feature is usually a software component of the solution. This keeps the management interface consistent and can provide operational efficiencies not afforded by many specialized appliances.