APT Strategy Guide

APT Strategy Guide Navigating the APT Strategy Series

Continuous monitoring is an important part of an organization’s cyber security efforts. But without establishing an effective security framework first, those efforts may be misspent.

APT Strategy Guide

Strengthening IT infrastructure begins with establishing a sound cyber security threat and risk management governance process. Next, organizations must manage the complexity of their IT infrastructures by using enterprise architecture to consolidate, standardize and optimize the current inventory of IT assets as well as developing “threat aware” mission and business processes.

Organizations must also develop and integrate into their enterprise architecture a security architecture that guides the effective allocation of security controls to their information systems. And finally, organizations must initiate continuous monitoring of all of the above activities to ensure ongoing effectiveness of cyber security and risk management governance, mission/business processes, enterprise and security architectures, and security controls deployed within the enterprise.

APT Strategy Guide

This blog provides an overview to the site to facilitate navigation as well as place the various topic threads in context. The following APT Strategy Guide Map graphic provides an at-a-glance simplified summary of the blogs to help understand how they fit together to form a building block picture.

APT Strategy Maps

APT Strategy Guide Map

APT Strategy Framework

APT Response Strategy

Adaptive Response Strategy

How do you implement a Plan C? Organizations are starting to recognize the ever increasing importance of rapid and well orchestrated incident response capabilities as a key component in their defense-in-depth strategy.

Increased complexity and frequency of attacks, combined with reduced effectiveness of preventative security controls, elevate the need for enterprise-scale security incident response. The APT Response Strategy (aka APT-IR) series of blogs discuss the development and evolution of an effective rapid incident response program, a call to action.

APT Red Teams

APT Red Teams

How do you prevent an APT? The APT Red Teams blog defines core components used by successful red teams and proposes an approach for categorizing and implementing red teams to enable continuous improvement and optimization from counter-intuitive sources and help mitigate advanced threats.

Advanced Persistent Threats (APTs) initiated by an ever growing population of highly capable cyber criminals who are focused, determined and, stealthy are an ever increasing risk. While many organizations have the basic tenets of security in place and regularly test their industry standard best-practice procedures, they are caught off guard by exposed vulnerabilities, risks and threats not previously identified and formally escalated to resolution.

A Red Team approach provides a proven method of risk analysis which uncovers risks and quickly adapts to real world approaches taken by adversaries.

APT Threat Analytics

APT Threat Analytics 1

How can you predict emerging threats? Threat intelligence and analytics continues to dominate the headlines and attention of organizations seeking viable options in their escalating battle against advanced threat actors.

Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging threat to assets. It is used to inform decisions regarding response in terms of prevention enhancements with mitigating controls or detection adjustments (rules or triggers).

This blog discusses best practices to identify internal and external data sources as well as help overcome many operationalization challenges to take an emerging program to the next level as a strategic component.

APT Detection Indicators

APT Detection Indicators

In a world where organizations need to be watching or monitoring their networks continuously knowing what to look out for is critical. In this blog we discuss how to detect incidents early by identifying “attack precursors” and other leading indicators that help protect your organization from compromise and can stop an attack in its tracks.

Advanced Persistent Threats (APT) typically exhibit recognizable attributes and patterns that can be monitored by readily available, open source tools. These tools can enable early detection of APT behavior, especially by monitoring unusual inter-zone or outbound traffic.

APT Detection Framework

APT Detection Framework Logo 2

The last decade has seen a lot of research on intrusion detection with intelligent data analysis and its implementation in commercial products but there are still some challenges remaining. Effectiveness, accuracy and scalability are key considerations in the technical design, implementation, and operations of an IDS.

This blog presents a proposed APT Detection Framework that can be used both for advanced multistep threat scenario analysis as well as detection system design – to identify an organizations gaps based on new threats and/or indicators of compromise and make iterative improvements.

Defensible Security Posture

Defensible Posture - Part 2

The purveyors of Fear, Uncertainty and Doubt (FUD) assert that preventing today’s advanced threats is unrealistic, internal compromise is inevitable and – that FUD factor is reinforced by more and more reports of malware and advanced attacks penetrating insufficient security controls. However, it’s not all doom and gloom. Although the experts concede that stopping 100% of attacks is a technical impossibility, there are ways for organizations to avoid becoming the next devastated victim.

The basic idea of a Defensible Security Posture is that you aren’t striving for an absolute, but rather for a position (or posture) that is able to be defended even when it’s infiltrated

Adaptive Zone Defense

Zone Defense

Limiting and intelligently managing communications between services and systems on an organizations network helps contain an infection or compromise to keep malware or a persistent threat from running rampant. In addition, business needs, regulations and other compliance requirements impact security architecture and design and thus may impose mandated separation or additional boundary controls.

This blog offers guidance to organizations seeking to develop a modular and scalable network segmentation design.

There is a lot of hype and yet no silver bullet. However there is much an organization can do to extend and evolve their defense-in-depth strategy, to improve their detection and containment capability and, to gain key visibility to rapidly respond to a compromise or attempt. There is also a win-win in that many best-practices, controls and, detection techniques needed for APT also help address the Insider Threat.

Thanks for your interest!

Nige the Security Guy.

Advertisements

About secureadvisor
Security Guy

6 Responses to APT Strategy Guide

  1. Pingback: Signing Off Signatures – Putting Trust In A Signature-Author

  2. Pingback: NG-OPS Strategy Guide | Nige the Security Guy

  3. Pingback: vCISO Smart Practices – Part 1 | Nige the Security Guy

  4. Pingback: NG-OPS Advanced Defense – Part 1 | Nige the Security Guy

  5. Pingback: Prepare a Policy to Combat Advanced Persistent Threats | Rush Prime Essays

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: