The true dangers of advancedpersistent threats (APTs) are rapidlyestablishing themselves. Using anattack doctrine that relies on sophisticatedtools and precision targeting, they areextremely likely to succeed. User identitiesare the target because criminals need tocontrol legitimate user accounts, providinga veil of authenticity to proceed undetected.

A wide variety of techniques are deployedto steal users identities, including spearphishing, zero-day key loggers, rainbowtables for brute force cracking, sloppypassword reuse, and untrustworthy insiders.Passwords are the biggest risk because theyare easily stolen or cracked. Staticpasswords are an inadequate defenceagainst APTs, but are still extensively usedfor Windows log-in, server access, andcloud-based applications.

Attackers have become more selective;they know a broadcast attack on thousandsof organisations produces a low yield. Incontrast, APTs may attempt hundreds ofattack techniques on a single company,persevering until they find success.

Using information found on LinkedIn,Facebook and IT department job postings,attackers increase the odds andcompromise a machine through a targetedattack. Users are careful of openingsuspicious e-mail attachments, but cybercriminals are more sophisticated and nolonger target masses of users; instead, theytake the time to research and targetindividuals. E-mail spam is becoming moredifficult to detect as credibility has improvedwith the inclusion of a credible subject lineand style of attachment.

To mitigate this new risk, users' identitiesmust be reliably authenticated prior toaccessing important resources. Establishingtrust means implementing an identityassurance solution that validates users'identities, authenticates credentials, andgrants access based on proper validation.

The benefits of the smart card, oneelement of an identity assurance solution,include:
- Multi-layered strong authentication forthe virtual private network (VPN),Windows log-in, server access, andcloud applications
-Strong (military-strength), two-factor authentication offering greater convenience than one-time password (OTP) tokens and complex passwords
- Easier compliance with statutory and regulatory standards
- Ubiquitous authentication for legacy and cloud-based applications, by integrating with enterprise single-sign-on solutions or Security Assertion Markup    Language (SAML)
- A base of transactional data to aid auditability, accountability, and forensic investigation.

Smart cards are perceived as highlyeffective, but adoption rates remain low.Smart card management technology hasevolved and unlike their predecessors, newcard management appliances can rapidlyand automatically handle complexfunctions.

Perimeter defence alone is inadequate.But other measures must be cost-effective,easy to manage, and flexible, so that theydeliver real business value. When correctlydeployed, strong authentication can inhibitand frustrate APT breaches.

When using a Windows log-in, the smartcard's digital-certificate-based strongauthentication, ensures that insiders, keyloggers, phishing or password reuse havenot compromised a user's credentials.Moving on to access server-basedresources inside the corporate firewall, thesame smart card can be used for Windowsand provide safe access to other networkresources. Crucially, this inhibits legitimateusers from sharing log-in credentials.

When using a VPN, a smart card cannatively enable the VPN to use digitalcertificates ensuring proper authenticationbefore admission. Cloud-basedapplications can benefit from smart-cardswhether inside or outside of the firewall andwith a SAML-enabled authentication server,strong levels of authentication are uniformlyapplied across cloud-based applications.

A multi-layered strong authenticationsolution is vital in establishing a secure,trusted online environment. Compromisinga password becomes order of magnitudemore difficult, even impossible. Worstcase, should a breach happen, multilayeredstrong authentication inhibits anattacker's progress, delivering control tothe IT team. NC