Secure Critical Systems and Intellectual Property Against APT

Protect yourself from being boarded and raided by cyber privateers.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Advanced persistent threats (APTs) are becoming more and more prevalent, targeting any and all organizations that have some valuable intellectual property or are laterally connected to a target organization.
  • Companies need to know how to protect themselves from an attack, track and quantify an attack, respond to an attack, and ensure maintenance.
  • Enterprise users need to know what a spear phishing attack looks like and what they should watch for in order to mitigate against their manipulation.

Our Advice

Critical Insight

  • APTs are a real risk to most organizations, regardless of size, and most don’t properly know how to defend against one.
  • A multi-layered defence approach is needed with specific tracking and monitoring capabilities.

Impact and Result

  • Identify your risk posture that identifies the likelihood an advanced persistent threat would be carried out against your organization.
  • Prioritize your security gaps based on the importance and achievability of each measure to ensure you are successful in your role.
  • Build the necessary layered security to defend, respond, and investigate an attack to ensure when an attack does occur you are covered across all aspects.

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

  1. Identify and understand the organization’s risk position

    Identify if the organization is a target, and create a risk posture.

  2. Assess current security measures and identify and prioritize gaps

    Identify specific APT measures already in place and assess and grade security maturity and capability levels.

  3. Prepare for an APT attack and build the necessary defenses

    Stop or degrade any attack against the organization.

  4. Implement a response plan and investigate capabilities

    Respond to an attack and learn from it to actively evolve the security systems.

  5. Estimate the costs to develop and implement the organization’s governance plans for APT security

    Get the most effective security system against the best APTs that will have senior buy-in.

Guided Implementation icon Guided Implementation

This guided implementation is a four call advisory process.

  • Call #1: Risk posture

    Discuss your valuable or sensitive data, your lateral organizational ties, APT targeting nature and how you should understand your IP. Review your risk posture identification.

  • Call #2: Security foundations

    Discuss any missing foundational security measures that should be in place, determine an action plan for securing your organization, understand how to properly implement foundational measures and communicate with stakeholders.

  • Call #3: Current security assessment

    Discuss and review your assessment and grading of your current APT security measures as well as your consequent enterprise total risk. Review the Current APT Security Measures Assessment Tool.

  • Call #4: Gap analysis

    Discuss and review the results from the gap identification and prioritization from the Current APT Security Measures Assessment Tool. Discuss your enterprise's most important, actionable, and logical steps for securing your IP and critical systems.

Onsite Workshop

Module 1: Assess and Grade Current APT Security Measures

The Purpose

  • Validate your identified risk posture and likelihood for an APT attack.
  • Comprehensively grade your current security system.

Key Benefits Achieved

  • Identified risk posture for an APT
  • Graded current APT security measures

Activities: Outputs:
1.1 Validate your risk posture
1.2 Identify existing APT security measures in place
  • Identified risk posture
1.3 Assess and grade security maturity and capability levels
  • Graded APT security measures
1.4 Determine overall enterprise risk to an APT

Module 2: Perform Gap Analysis and Prioritization

The Purpose

  • Identify the current security gaps that must be bridged from existing security measures to the target state
  • Evaluate these gaps
  • Prioritize gaps

Key Benefits Achieved

  • Prioritized list of your APT security gaps

Activities: Outputs:
2.1 Perform gap analysis
2.2 Evaluate identified gaps
2.3 Understand and implement an enterprise risk tolerance
2.4 Develop importance and achievability levels for each gap
2.5 Prioritize your APT security gaps
  • Prioritized list of your APT security gaps

Module 3: Build the Defenses and Prepare

The Purpose

  • Build a strong end-user education and training plan
  • Improve threat intelligence
  • Limit and control user access
  • Implement strong security infrastructure
  • Develop active monitoring capabilities

Key Benefits Achieved

  • End-user training plan
  • Threat intelligence roadmap
  • Access control action plan
  • Infrastructure action plan
  • Monitoring action plan

Activities: Outputs:
3.1 Educate employees
  • End-user training plan
3.2 Improve threat intelligence
  • Threat intelligence roadmap
3.3 Control access
  • Access control action plan
3.4 Implement strong security infrastructure
  • Infrastructure action plan
3.5 Build active monitoring
  • Monitoring action plan

Module 4: Build Ad Hoc Attack Processes

The Purpose

  • Develop response capabilities to an attack
  • Develop investigative capabilities
  • Create sustainable APT security

Key Benefits Achieved

  • CIRT team
  • Incident management plan
  • Digital forensic understanding
  • Intrusion reconstruction ability
  • Responsibility and ownership allocation

Activities: Outputs:
4.1 Create a CIRT team
  • CIRT team
4.2 Develop an incident management plan
  • Incident management plan
4.3 Understand digital forensics
  • Digital forensic understanding
4.4 Develop intrusion reconstruction techniques
  • Intrusion reconstruction ability
4.5 Allocate responsibility and ownership
  • Responsibility and ownership allocation

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
×
VL Methodology