The group started out discussing different approaches to tackling APTS, but eventually came back to the main question, “Will we ever win?” The general consensus was no. Every time we get a little smarter, they also get a little smarter, ensuring the battle against APTs continues. This then lead into a conversation about how do organizations make it harder for attackers who use APTs. It’s not a winnable situation, but it is possible to make yourself a harder target to attack.
Understanding what’s normal versus what’s not was also a key point of conversation. Examining your data and determine what blips on the radar are the problem is a concern. The group also talked about vendors’ roles in this issue and what they can do in order to help cover the gamut of APTs and attack types that organizations are facing. Persistence is also key. You might think you’ve cleaned up an APT, but there still exists the potential for sleeper programs that might not have activated during the initial assault on your enterprise. Finding ways to deal with user related errors through user awareness training was also discussed.