Author: Dr. Eric Cole
As more and more information becomes available and is stored in electronic form, the logical consequence is that APT actors will focus on breaching networks and systems on which it can be found.
The goal of these attacks is simple, but the techniques the attackers use and the speed and determination with which they come up with new ones are enough to demoralize many infosec experts. This book aims to change their prospective and the rules by which the defense is playing.
About the author
Dr. Eric Cole is a industry-recognized security expert, technology visionary and computer scientist, with over 20 years of hands-on experience. He is the inventor of over 20 patents, a researcher, writer, and speaker for SANS Institute, and the author of several books.
Inside the book
In today’s threat landscape, there is hardly a more interesting topic than the concept and the reality of the Advanced Persistent Threat. The label has become a synonym for state-sponsored attacks, but can also include those executed by criminal organizations that have enough money and time to dedicate to breaching many different targets that have information worth stealing, selling or using.
The author starts with a chapter that introduces the current APT landscape, the types of attacks, and explains what organizations do wrong when trying (unsuccessfully) to protect themselves against these persistent actors. He advocates defense in depth (layered), points out the good things about the current approach and tries to jumpstart a new way of thinking about the problem. He shares current top security trends, and advises on how to sell security to executives.
APT actors know that the simplest way to gain a foothold in an organization if they focus on the human, while many organizations are still focused on protecting the server. And, unfortunately, securing the human is much harder.
Chapter three offers an insightful peek in the many ways that APT attacker gain and keep a foothold in a network, while the next one shortly explains how to take a risk-based approach to security.
The book tackles the ins and outs of breach detection and prevention, but also incident response if the breach has already happened, along with the technologies that are crucial for it (and those that once did the job well, but are no longer adequate).
With a short nod to how the cloud and BYOD affect the threat landscape, the author finishes strong with chapters dedicated to proactive security, focusing on the right options, and the implementation of adaptive security.
This part of the book could easily be a standalone booklet – a condensed guide on how to start change the way you think about APTs and, consequently, the way you approach prevention.
This book should come in handy to anyone who’s tasked with protecting an organization’s networks. You won’t miss much by skipping the first few chapters and sailing fast through the middle of the book, but the last part is definitely worth it, as it is clear, concise, and thought provoking.