L
LabZero
Thread author
Hello everyone.
When we talk about cyber attacks, APT and advanced attacks, quite often there is confusion because, for antivirus manufacturers, the main goal seems to be to neutralize malware, It doesn't matter how advanced.
But behind such an attack there are humans, not bits.
Therefore, the goal should be to focus on attackers and NOT malware! It's only a tool, that although neutralized is quickly replaced by another.
Because there is a strategy of attack.
The attitude of many security departments against a compromise continues to be:
This is a scenario that may occur.
Well, in my opinion it's necessary to reflect on the need to focus on the context, not the malware, on the attack strategy and not about the used tools (malware).
Only in this way it becomes possible to understand what is happening and response planning.
Planning that considers the analysis incident, understanding of tactics and action to neutralize the entire attack by preventing data theft.
In two words: detection and response.
When we talk about cyber attacks, APT and advanced attacks, quite often there is confusion because, for antivirus manufacturers, the main goal seems to be to neutralize malware, It doesn't matter how advanced.
But behind such an attack there are humans, not bits.
Therefore, the goal should be to focus on attackers and NOT malware! It's only a tool, that although neutralized is quickly replaced by another.
Because there is a strategy of attack.
The attitude of many security departments against a compromise continues to be:
- Alarm infected machine.
- Identifying the infected machine.
- Attempt disinfection machine.
This is a scenario that may occur.
Well, in my opinion it's necessary to reflect on the need to focus on the context, not the malware, on the attack strategy and not about the used tools (malware).
Only in this way it becomes possible to understand what is happening and response planning.
Planning that considers the analysis incident, understanding of tactics and action to neutralize the entire attack by preventing data theft.
In two words: detection and response.