Since the phrase "Advanced Persistent Threat" (APT) was coined nearly ten years ago, it has been the subject of extensive discussion and debate in the IT security community, attracting terabytes-worth of media buzz. The spotlight on APT's has been critical of bringing the reality of today's threats to light, but the surrounding hype has sometimes generated more fear than it has practical approaches to solving the actual problems. There is a broad tendency for security programs and regulations to be shaped by the most recent cyber incidents, focused mainly on the tactics and procedures of the attackers. While understanding attacker methodology is critical, it doesn't necessarily enable pre-emptive responses.
This presentation will begin with a detailed look at threat-actor motivations as the basis for pre-emptive capabilities. It will present a taxonomy of the underground ecosystem, provide an overview of tactics and procedures behind today's APT's, and highlight current "advanced" threat trends. Against this groundwork, several important practical issues will be discussed:
- What aspects of APT's and other advanced attacks are really new?
- How are advanced cybercrime groups and other actors leveraging this evolving ecosystem?
- What are the limits of security monitoring? Do we need new tools and technologies, or do we need to make better use of what we have in place already?
- What benefits can we expect from intelligence automation versus human intelligence?
Attendees will take from the session a refreshing view of the landscape and will be reminded that effective response to advanced threats does not necessarily require an ever-expanding security budget, and the adversaries are not always as advanced as we fear.