What is an Advanced Persistent Threat?

Status
Not open for further replies.

scook9_

Honorable
Oct 27, 2013
1
0
10,510
Your comments are amusing, as someone who worked at RSA and learned about as much as there is to know about APTs (including their breach).

Your competent IT staff, what would they do about a zero-day exploit in a flash embedded object stored in a normal microsoft office attachment? Blocking flash in the browser - that wont do it. Scan for malware in attachments - it is a zero-day so good luck detecting it. Block attachments in email - lol. Train users on good security awareness and practices - good idea but what if that malware came in an email from a trusted partner who was compromised and doesn't know it and who regularly emails your employees. Fishing emails are not always obvious - just targeted.

The only true way to protect against an APT is to detect it as early as possible (because they WILL get in) and shut it down and be ready to do it all over again. This detection takes multiple things - typically a minimum of analyzing logs and recording network history to see what is leaving your network is necessary. It also takes a human looking at all this data as the intelligence to connect the dots is normally well beyond what can be programmed into an IDS.
 
Status
Not open for further replies.