Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization
Format: PDF / Kindle (mobi) / ePub
The newest threat to security has been categorized as the Advanced Persistent Threat or APT. The APT bypasses most of an organization’s current security devices, and is typically carried out by an organized group, such as a foreign nation state or rogue group with both the capability and the intent to persistently and effectively target a specific entity and wreak havoc. Most organizations do not understand how to deal with it and what is needed to protect their network from compromise. In Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization Eric Cole discusses the critical information that readers need to know about APT and how to avoid being a victim.
Advanced Persistent Threat is the first comprehensive manual that discusses how attackers are breaking into systems and what to do to protect and defend against these intrusions.
Advanced Persistent Threat covers what you need to know including:
• How and why organizations are being attacked
• How to develop a "Risk based Approach to Security"
• Tools for protecting data and preventing attacks
• Critical information on how to respond and recover from an intrusion
• The emerging threat to Cloud based networks
off of the network, rebuild it, and put it back online. The justification is that we are rebuilding the system from a secure build, therefore the system will be secure. The problem is that the system was originally built off of a secure build and the attacker found a way in. Therefore if you rebuild the system back to the original build that was compromised, what do you think is going to happen—they are going to break back into the system again. Maybe an organizations secure build is not as
Smart grid is a good example of items 9 and 10 combined together. The Critical Controls One of the questions that often gets asked is where should an organization get started and what are the areas that will give the best overall return on the security investment? The correct answer is that it should be based off of the high risk areas to an organization’s most critical assets. While that is the proper way of approaching security, it is not actionable and organizations need a roadmap to
would move on to its next target. Most of the security we have in place is prepared to handle this level of threat not the APT. While some of the APT attacks are automated, we are dealing with a sophisticated attacker who performs some of the attack with manual intervention. Since a human is involved with planning and potentially executing the attack, the adversary can adapt and utilize human intelligence to extract information from a target. Organizations View on Security Over the years,
recognize the fact that they are going to be compromised. It is also safe to conclude that any critical systems that are connected to a network and ultimately connected to the Internet have already been compromised. As a society we must make the paradigm shift that the threat has advanced to the point where no system is safe. One of the key themes that will be echoed throughout this book is Prevention is Ideal but Detection is a Must. While an organization should hope and pray that they do not
is the secrecy of the ciphertext is based on the secrecy of the key not the secrecy of the algorithm. While encryption is important, as important if not more important is key management. If you do not control and manage the key, all of the encryption in the world is not going to protect you. To assess the effectiveness of your encryption, ask three questions: 1. Where is the key? 2. Who has access to the key? 3. How is the key protected and managed? One of the big problems many