Combating APTs

images (2)Yes, this article is fully buzzword compliant but it makes some great points for security professionals to think about and organizations to grow towards. About the only thing it is missing is “cloud.” Anyway, the six key take-aways (along with my non-buzzword compliant interpretations) include the following:

  1. Use big data for analysis/detection (i.e., use a SIEM with advanced correlation capabilities to collect and analyze everything)
  2. Share information with the right people (i.e., join one of the ISACs, DIB, or similar organizations and contribute what you find and learn from what others discover)
  3. Understand the “kill chain” (i.e., as Lockheed says … after an incident don’t just re-image and move on; map the bad guy’s attack from an offensive perspective to better understand their methods)
  4. Look for indicators of compromise (IOCs) (i.e., now it’s Mandiant’s turn … take what you learn in the kill chain and other sources and look for it elsewhere on your network)
  5. Test your network (i.e., run the bad stuff to learn more about it and hack your own network)
  6. Support more training for APT hunters (i.e., we need not only more training but specific analysis education to more easily connect the dots to find those covert bad guys)


Based on news reports and multiple statements from U.S. officials, hackers from China breach the systems of all kinds of U.S. businesses, from major newspapers to defense contractors and cutting-edge technology companies, and remain undetected long enough to make off with billions in intellectual property and sophisticated weapon designs.

Defense Secretary Chuck Hagel and officials from the National Security Agency and the Department of Homeland Security have called the power of APTs the security challenge of the modern era.

“Cyber is one of those quiet, deadly, insidious unknowns you can’t see,” Hagel told U.S. troops in Hawaii. “It’s in the ether — it’s not one big navy sailing into a port, or one big army crossing a border, or squadrons of fighter planes … This is a very difficult, but real and dangerous, threat. There is no higher priority for our country than this issue.”

APTs are also no longer solely the domain of nation-states with vast resources, nor are they focused only on espionage or attacks against military and other government entities. They are “living” on networks in IT, energy, news, telecom, manufacturing and other sectors of the economy.

Continued here.


Today’s post pic is from

4 comments for “Combating APTs

  1. February 27, 2014 at 4:02 am

    Combating APTs

  2. February 27, 2014 at 4:07 am

    Combating APTs

  3. February 27, 2014 at 4:42 am

    #NOVABLOGGER: Combating APTs

  4. February 27, 2014 at 2:01 pm

    “Fully buzzword compliant”. @grecs on six tips to fight APTs

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.