What are the most effective strategies for detecting advanced persistent threats (APTs) in a large, decentralized network, and how do you balance false positives and false negatives in your detection algorithms?

454 views3 Comments

Sort by:

Information Security Managera year ago

Threat intelligence helps inform APTs relevant to your region, sector and organisation enabling you to understand relevant TPPs and priorities for detection, threat hunting and preventative controls.

To minimise false positives focus on critical assets and understand normal behaviour. AI/ML enable anomaly detection at scale.

Information Security Managera year ago

Threat hunting is an active information security process and strategy used by security analysts. It consists of searching iteratively through network, cloud, and endpoint system logs to detect indicators of compromise (IoCs); threat actor tactics, techniques, and procedures (TTPs); and threats such as advanced persistent threats (APTs) that are evading your existing security system.

Tools include:
-End Detection and Response (EDR): Is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

-Network-based Intrusion Detection System (NIDS): Helps monitor cloud, on-premise and hybrid environments for suspicious events leading to a compromise.

-Host-based Intrusion Detection System (HIDS): Is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

IT Managera year ago

I recommend using advanced technologies such as behavior-based analysis, monitoring (SIEM, EDR, Network Traffic Analysis) and utilizing threat intelligence to stay updated with the latest security news.

Additionally, it's important to have well-defined policies and procedures in place. This includes determining approved software and hardware and establishing standard procedures. Doing so will help reduce the number of false positives. A change management policy will help identify changes in the environment and differences in abnormal change.

Content you might like

It's time for 2024 predictions: Note that these are just ideas or off-the-wall predictions. However, choose the one you think is most likely to come about December 29th, 2024.

The First Human (Universal Translator) will be created using AI10%

Generative AI, will be added to children's Toys and be the hottest toy in 202435%

AGI (Artificial General Intelligence) will be created (Denial, Scared, and Hope) may come out of this. 15%

AI and GenAI will be able to communicate with (an animal species) in 2024. -There is work going on now to do this. 12%

Lawmakers will force AI Platforms to provide extensive lists of what information is in use, or being used within any AI model. If the company or entity cannot provide such information there will be fines. (This will force AI Models to be built on known data or purchased data)16%

Employment concerns spike in 2024. Concerns with companies asking for 10+ years, no job training, people let go and AI hired on, Schooling not keeping up with the innovation of this new technological innovation. 11%

View Results

Is there a tool to efficiently manage DNS across all of them as we use multiple DNS providers?

What action do you take when a user fails a simulated phishing test?

No action taken7%

Extra training required by user 95%

Permissions revoked5%

Disciplinary action taken against user3%

View Results

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?