If you are still wondering what APT is, head over to my essay on demystifying APT. Richard from the TaoSecurity wrote an article on the July issue of the Information Security magazine on the same subject.
The Mandiant talk involved some of the APT cases they handled over the years and discussed common problems they saw at client sites. They also provided remediation solutions and associated implementation challenges.
Here are some of the notes on the remediation steps from that talk:
• Limit DynDNS providers (more than 70% of investigations involved that)
• Provide appropriate training for information security staff
• Segment internal network
• Patch 3rd party applications
• Use password management tools for controlling privileged users
• HIPS, put them in block mode
• Train users to handle unsophisticated attacks like regular social engineering attacks
No comments:
Post a Comment