Advanced Persistent Threats Can Be Eradicated From Networks
Tips on getting rid of APTs from large networks.
In an article on Info World, Security Advisor Roger Grimes offers tips on getting rid of APTs from large networks. Although difficult to remove from your network without severely disrupting revenue-generating operations, advanced persistent threats are easy to detect. Grimes suggests careful and stealthy planning will help find, eliminate or reduce APT attacks, while not alerting attackers to your efforts.
"If you're an IT admin, communicate the known extent of the problem and initial plans for dealing with the advanced persistent threat to IT senior management. This will often morph into presentations to overall senior management, likely to the board of directors, regulators, partners, vendors, and so on. Let senior management dictate who gets to know what and when. The first major technical response should be to implement more detection across your network; you need to find out the severity of the APT problem. Which computers are owned? Are passwords known? What tools and malware are being used? Is email compromised? Where is the data flowing to, both internally and externally? At a minimum, detecting APT usually means implementing host and network intrusion detection software if it is not already in use."