What are the most effective strategies for detecting advanced persistent threats (APTs) in a large, decentralized network, and how do you balance false positives and false negatives in your detection algorithms?

Security Strategy & Roadmap
454 viewscircle icon3 Comments
Sort by:
Information Security Managera year ago

Threat intelligence helps inform APTs relevant to your region, sector and organisation enabling you to understand relevant TPPs and priorities for detection, threat hunting and preventative controls. 

To minimise false positives focus on critical assets and understand normal behaviour. AI/ML enable anomaly detection at scale. 

Information Security Managera year ago

Threat hunting is an active information security process and strategy used by security analysts. It consists of searching iteratively through network, cloud, and endpoint system logs to detect indicators of compromise (IoCs); threat actor tactics, techniques, and procedures (TTPs); and threats such as advanced persistent threats (APTs) that are evading your existing security system. 

Tools include:
-End Detection and Response (EDR): Is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

-Network-based Intrusion Detection System (NIDS): Helps monitor cloud, on-premise and hybrid environments for suspicious events leading to a compromise.

-Host-based Intrusion Detection System (HIDS): Is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

IT Managera year ago

I recommend using advanced technologies such as behavior-based analysis, monitoring (SIEM, EDR, Network Traffic Analysis) and utilizing threat intelligence to stay updated with the latest security news.

Additionally, it's important to have well-defined policies and procedures in place. This includes determining approved software and hardware and establishing standard procedures. Doing so will help reduce the number of false positives. A change management policy will help identify changes in the environment and differences in abnormal change. 

Content you might like

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 95%

Permissions revoked5%

Disciplinary action taken against user3%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

What's your corporate policy for Passwords Managers?

Enforce Corporate licensed deployed and supported solution43%

Provide Recommendation without enforcement over awareness sessions25%

Allow BYO Password Manager to secure credentials18%

Accelerate Password-less initiatives14%

No Idea how to handle this one

View Results

With Gartner highlighting the urgency of post-quantum cryptography (PQC), I would like to know if there are other members of the group already involved in the discussion or in the planning to face the threat of attacks like 'harvest-now, decrypt-later'?