1. Secure Critical Systems and Intellectual Property Against APT
How to protect yourself from being boarded and raided by cyber privateers.
Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© Info-Tech Research Group

2. Introduction
Defending against Advanced Persistent Threats (APTs) is not optional; you’re likely already being hacked and simply don’t know it.
This Research Is Designed For:
This Research Will Help You:
CISOs or CSOs with the responsibility of securing their organization’s valuable data.
CEOs who are concerned with their data security and who must ensure this task is performed.
Information security professionals seeking insight into procedures to defend against APTs.
Understand the challenges and business impact surrounding APTs.
Understand your organization’s likelihood of being attacked.
Identify the gap between current security measures and what is needed to properly defend your systems and intellectual property.
Prioritize these high-risk areas to focus resources and effort.
Develop a layered security system to prepare for and defend against APTs.
Develop a structure to respond to, recover from, investigate, and govern APTs for optimal security levels.

3. Executive Summary
APTs are a specific threat. You must understand if you require APT security measures if there is a strong likelihood of an attack being carried out on your organization. This is considered your risk profile.
The necessary measures to defend against APTs can be considered advanced measures requiring strong foundational security to build from. Identify if other security concerns should take current precedent.
An organization will have some measures currently in place that can defend against specific phases or tactics. Assess and grade your current security systems and their ability to defend against APTs.
Once you have evaluated your current state, identify the gaps that must be bridged to fully and properly secure your organization from APTs.
A security gap is not necessarily equal to another. Various factors must be considered to properly prioritize your gaps.
A strong defense system with all the necessary preparations is often the first and major way in which an organization protects itself.
Response tactics to an attack will ensure chaos does not overwhelm your organization when an attack does occur.
Investigative capabilities allows learning and education from attacks in order to evolve defenses and stay well equipped against APTs.
A strong governance plan ensures that the implemented measures will remain successful and continual value will be created.

4. Introduction
The business, the employees, the network or the data: it’s all at risk.
Advanced Persistent Threats (APTs) are becoming more prevalent and the targets are moving from mostly government organizations to enterprises across industries and size. Many organizations do not know how to secure themselves from such complex and highly developed cyber threats. The breach of vital systems and network or loss of IP can result in losing a competitive advantage, destruction of brand value, and associated recovery and legal costs – not to mention the potential failure of a major IT service.
Project Description
This blueprint will determine your enterprise’s risk for an APT, identify what is needed, and create an action plan to build an effective APT security system.
This blueprint is an opportunity for organizations to thoroughly secure their vital systems and IP to remain competitive.
For organizations that have already experienced an APT, this blueprint is the solution of how to build defenses to stop APT intrusions and theft.
Upon completion of this blueprint, your organization will have a customized action plan on how to implement various measures in order to secure your enterprise’s critical systems and IP.
Project Outputs
Develop proper risk assessment to know why you’re at risk and when there is a threat.
Provide visibility into what is really happening on your network.
Enable proper detection capabilities for your network.
Build proper preventative defenses to block out attacks.
Remediation plans for when an attack does occur.
Continual improvement and upkeep to provide you with sustainable security.

5. Workshop Topic Coverage
Assess and Grade Current APT Security Measures
Identify existing APT security measures in place
Champion a senior executive
Assess and grade security maturity and capability levels
Determine overall enterprise risk to an APT
Gap Analysis and Prioritization
Evaluate identified gaps
Perform gap analysis
Understand and implement an enterprise risk tolerance
Develop importance and achievability levels for each gap
Prioritize your APT security gaps
Build the Defenses and prepare
Educate employees
Improve threat intelligence
Control access
Implement strong security infrastructure
Build ad hoc attack processes
Create a CIRT team
Develop your incident management plan
Understand digital forensics
Develop intrusion reconstruction techniques
Validate your risk posture
Build active monitoring
Allocate responsibility and ownership
Create strong sustainable governance structure

6. Two Day Schedule and Deliverables
Name
Goal
List of Deliverables
Day 1 Morning
Day 1 Afternoon
Assess and Grade Current APT Security Measures
Validate your identified risk posture and likelihood for an APT attack
Comprehensively grade your current security system
Identified risk posture for an APT
Graded current APT security measures
Gap Analysis and Prioritization
Identify the current security gaps that must be bridged from existing security measures to the target state
Evaluate these gaps
Prioritize gaps
Prioritized list of your APT security gaps

7. Two Day Schedule and Deliverables
Name
Goal
List of Deliverables
Day 2 Morning
Day 2 Afternoon
Build the Defenses and Prepare
Build a strong end-user education and training plan
Improve threat intelligence
Limit and control user access
Implement strong security infrastructure
Develop active monitoring capabilities
End-user training plan
Threat intelligence roadmap
Access control action plan
Infrastructure action plan
Monitoring action plan
Build Ad Hoc Attack Processes
Develop response capabilities to an attack
Develop investigative capabilities
Create sustainable APT security
CIRT team
Incident management plan
Digital forensic understanding
Intrusion reconstruction ability
Responsibility and ownership allocation

8. Guided implementation points in the securing IP and critical systems against APT project
Book a Guided Implementation Today: Info-Tech is just a phone call away and can assist you with your project. Our expert Analysts can guide you to successful project completion.
Here are the suggested Guided Implementation points in the APT Security project:
Section 1: Risk Posture
Identifying and understanding your risk posture: Discuss your valuable or sensitive data, your lateral organizational ties, APT targeting nature, and how you should understand your IP. Review your risk posture identification.
Section 1: Security Foundations
Interpret and understand other security issues: Discuss any missing foundational security measures that should be in place, determine an action plan for securing your organization, understand how to properly implement foundational measures, and communicate with stakeholders.
Section 2: Current Security Assessment
Interpret and act on your results from the assessment of your current APT security measures: Discuss and review your assessment and grading of your current APT security measures as well as your consequent enterprise total risk. Review the Current APT Security Measures Assessment Tool.
Section 3: Gap Analysis
Understand and act on the results from your gap prioritization: Discuss and review the results from the gap identification and prioritization from the Current APT Security Measures Assessment Tool. Discuss your enterprise’s most important, actionable, and logical steps for securing your IP and critical systems.
This symbol signifies when you’ve reached a Guided Implementation point in your project.
To enroll, send an to or call and ask for the Guided Implementation Coordinator.

9. Section 1: Determine your need
Understand APTs and the attackers’ mindset.
Identify if your enterprise is a target and create a risk posture.
Determine your capability to build APT security measures.
Identify other major security areas requiring focus.
Decide if you have the capability to build APT security.
Determine your need
Current assessment
Gap analysis and prioritization
Build defenses and prepare
Establish a response plan
Develop investigative capabilities
Develop a governance plan

10. What is an APT?
A methodology where an adversary or a group of adversaries are attempting in essence to win without fighting: to capture trade or company secrets instead of developing their own.
The term “Advanced Persistent Threat” (APT) was first coined by the US Air Force in 2006 to describe the complex (i.e. “Advanced”) cyber-attacks against specific targets over a longer period of time (i.e. “Persistent”).
Advanced: Sophisticated complex capabilities: the adversary is well-funded and well-organized. The adversary can operate in the full spectrum of computer intrusion.
Persistent: Multiple attacks over a long term. Constant stream of attacks (unabated) over months or years. The adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. They maintain the level of interaction needed to execute their objectives.
Threat: Motivation and ability: the threat to information assets in the digital age is real. The adversary is not a piece of mindless code. It is a sophisticated, well-armed, and unwavering group of attackers.

11. APTs today can be categorized into three groups
Cyber Crime: technique for stealing
Adversaries define a target that they are determined to steal, most likely for political, economic, or financial gain.
For example:
The Aurora/Google attack was after source code.
The Sony attack was after Personal Identify Information (PII).
The RSA attack was after Intellectual Property Rights (IPR).
Cyber Espionage: technique for monitoring
Characteristically involves nations with dedicated groups for cyber espionage, a component of cyber warfare.
APT is an efficient cyber warfare tool that is moving to replace many functions of conventional espionage techniques that employ expensive physical spying or monitoring tactics.
Cyber Sabotage: technique for breaking or degrading a target
Using APT techniques for delivering advanced malware to destroy or degrade some target, a component of cyber warfare.
Capability to shut down or damage critical infrastructure of an enemy state or a market competitor.
Most famous case: virus Stuxnet that destroyed Iran’s nuclear enrichment centrifuges.
Persistent: Not a one-time event but maintained over a longer period.
Evasive: Can easily camouflage itself against even some of the most advanced security products.
Complex: Comprises a complex mix of attack methods targeting multiple vulnerabilities across multiple vectors.
Advanced: Uses customized code that enters a target system by taking advantage of one of its vulnerabilities.
Overview:

12. Info-Tech Research Group Helps IT Professionals To:
Quickly get up to speed with new technologies
Make the right technology purchasing decisions – fast
Deliver critical IT projects, on time and within budget
Manage business expectations
Justify IT spending and prove the value of IT
Train IT staff and effectively manage an IT department
Sign up for free trial membership to get practical
solutions for your IT challenges
“Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment.
- ARCS Commercial Mortgage Co., LP
Toll Free: