Apr 12, 2012
Strategy: How Did They Get In? A Guide to Tracking Down the Source of APTs
Advanced persistent threats are just what their name implies—sophisticated and stubborn. It is difficult to identify that your organization's systems and data are under an APT attack, let alone uncover all of the attack's component parts, find out the source of attack, determine the scope of infiltration and damage, and identify the attacker (with the latter being the most difficult task of all).
To get at the root of the problem, security professionals must leverage a great many tools and employ in-depth (and often manual) analysis of log files, network traffic and program code. Logging and monitoring, behavioral analysis and training are important components of any efforts to identify and dissect APTs. Indeed, many organizations will find that they cannot go it alone. Combining the experience, knowledge base and resources of the business and security communities will be a critical factor in mitigating—and ultimately eliminating—APTs. (S4740412)