Detection and Response about APT&Co.

L

LabZero

Guest
#1
Hello everyone.

When we talk about cyber attacks, APT and advanced attacks, quite often there is confusion because, for antivirus manufacturers, the main goal seems to be to neutralize malware, It doesn't matter how advanced.

But behind such an attack there are humans, not bits.

Therefore, the goal should be to focus on attackers and NOT malware! It's only a tool, that although neutralized is quickly replaced by another.

Because there is a strategy of attack.

The attitude of many security departments against a compromise continues to be:
  • Alarm infected machine.
  • Identifying the infected machine.
  • Attempt disinfection machine.
But ... it is possible that the malware is still on your PC ... waiting for the moment to infect the machine again and simultaneously stealing personal data.

This is a scenario that may occur.

Well, in my opinion it's necessary to reflect on the need to focus on the context, not the malware, on the attack strategy and not about the used tools (malware).

Only in this way it becomes possible to understand what is happening and response planning.
Planning that considers the analysis incident, understanding of tactics and action to neutralize the entire attack by preventing data theft.

In two words: detection and response.
 

jamescv7

Level 61
Verified
Joined
Mar 15, 2011
Messages
12,638
OS
Windows 10
Antivirus
Microsoft
#5
Prevention, that's the number one concept at all since you will prohibit any types of attacks within lesser hassle as possible rather cure.

Numerous seminars are gathered all around the world to encourage awareness regarding in attacks, Honeypot is a part of table contents which normally tackle by speakers so therefore you can formulate more type of protection on possible multiple attacks.
 
Likes: LabZero