Advanced Persistent Threat: Detection and Defence

TL;DR

This paper reviews current research on APT detection and defense strategies, emphasizing the importance of advanced techniques for large organizations to mitigate risks like data breaches and system infections.

Contribution

It provides a comprehensive analysis of APT detection and defense methods, combining literature review with expert insights to suggest mitigation strategies.

Findings

Higher-tier detection strategies are crucial for large organizations.

Successful APTs can lead to data exfiltration and system infections.

Effective defenses require advanced, tailored solutions.

Abstract

The critical assessment presented within this paper explores existing research pertaining to the Advanced Persistent Threat (APT) branch of cyber security, applying the knowledge extracted from this research to discuss, evaluate and opinionate upon the areas of discussion as well as involving personal experiences and knowledge within this field. The synthesis of current literature delves into detection capabilities and techniques as well as defensive solutions for organisations with respect to APTs. Higher-tier detection and defensive strategies bear greater importance with larger organisations; especially government departments or organisations whose work impacts the public on a large scale. Successful APT attacks can result in the exfiltration of sensitive data, network down time and the infection of machines which allow for remote access from Command-and-control (C2) servers. This paper presents a well-rounded analysis of the Advanced Persistent Threat problem and provides well-reasoned conclusions of how to mitigate the security risk.