What are the most effective strategies for detecting advanced persistent threats (APTs) in a large, decentralized network, and how do you balance false positives and false negatives in your detection algorithms?

451 viewscircle icon3 Comments
Sort by:
Information Security Managera year ago

Threat intelligence helps inform APTs relevant to your region, sector and organisation enabling you to understand relevant TPPs and priorities for detection, threat hunting and preventative controls. 

To minimise false positives focus on critical assets and understand normal behaviour. AI/ML enable anomaly detection at scale. 

Information Security Managera year ago

Threat hunting is an active information security process and strategy used by security analysts. It consists of searching iteratively through network, cloud, and endpoint system logs to detect indicators of compromise (IoCs); threat actor tactics, techniques, and procedures (TTPs); and threats such as advanced persistent threats (APTs) that are evading your existing security system. 

Tools include:
-End Detection and Response (EDR): Is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

-Network-based Intrusion Detection System (NIDS): Helps monitor cloud, on-premise and hybrid environments for suspicious events leading to a compromise.

-Host-based Intrusion Detection System (HIDS): Is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.

IT Managera year ago

I recommend using advanced technologies such as behavior-based analysis, monitoring (SIEM, EDR, Network Traffic Analysis) and utilizing threat intelligence to stay updated with the latest security news.

Additionally, it's important to have well-defined policies and procedures in place. This includes determining approved software and hardware and establishing standard procedures. Doing so will help reduce the number of false positives. A change management policy will help identify changes in the environment and differences in abnormal change. 

Content you might like

No action taken7%

Extra training required by user 94%

Permissions revoked5%

Disciplinary action taken against user2%

View Results

Enforce Corporate licensed deployed and supported solution44%

Provide Recommendation without enforcement over awareness sessions24%

Allow BYO Password Manager to secure credentials16%

Accelerate Password-less initiatives16%

No Idea how to handle this one

View Results