What are advanced persistent threats?

Advanced persistent threat (APT) attacks are some of the most difficult to detect and defend against and pose the greatest risk to an organization. These attacks are typically perpetrated by highly capable, well-equipped threat actors — commonly, nation states or state-sponsored groups — through specific, targeted actions. While threats of all shapes and sizes can cause concern for an organization, responding to advanced threats typically involves more resources, technology and time.

How do APT actors infiltrate your network?

APT actors are well-trained, well-funded and highly motivated. Advanced, targeted attackers choose their victims carefully and map out their attack plan well before launching an attack. They conduct in‐depth reconnaissance to learn what defenses are in place and make calculated moves to avoid them. Once the attackers are in — and they can always get in — they operate low and slow to gradually gain persistence without setting off any alarms. To detect these highly sophisticated and stealthy attacks before the damage is done, security analysts need the ability to piece together several seemingly low-risk events in order to find the one extremely high-risk cyber attack underway.

Security operation center

How to uncover well‐hidden advanced persistent threats within your network

The IBM QRadar® Security Intelligence Platform is designed to detect well‐orchestrated, stealthy attacks as they are occurring and immediately set off the alarms — before any data is lost. By correlating current and historical security information, the solution is able to identify indicators of advanced threats that would otherwise go unnoticed until it’s too late. Events related to the same incident are automatically chained together, providing security teams with a single view into the broader threat.

With IBM QRadar, security analysts can discover advanced attacks earlier in the attack cycle, easily view all relevant events in one place, and quickly and accurately formulate a response plan to block advanced attackers before damage is done. To further accelerate incident response processes, analysts can leverage cognitive intelligence to dramatically speed up investigation times and, through integration with IBM Resilient®, begin activating automated incident response processes.

Related offerings

QRadar UBA

Gain visibility into behavioral anomalies that may signal an active insider threat.


Intelligent security analytics for actionable insight into the most critical threats.

QRadar Network Insights

Enable attack prediction through real-time network traffic analysis.