Anti-virus is not enough to defeat APT groups

February 8, 2013

In last week's story about the New York Times breach, you read that the best-selling anti-virus system failed entirely. Every organization that has gone through a targeted attack learns that same lesson and - too late - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.

http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results

Related Content

Digital Forensics and Incident Response

September 26, 2022

NEW DFIR COURSE IN DEVELOPMENT | FOR548: eDiscovery: Tactics for Conquering the Data Minefield

FOR548 teaches how to govern the eDiscovery process, where and how the data is stored and how to satisfy data collection requirements.

Digital Forensics and Incident Response

September 22, 2022

NEW SANS DFIR COURSE IN DEVELOPMENT | FOR577: LINUX Incident Response & Analysis

FOR577: Linux Incident Response & Analysis course teaches how Linux systems work and how to respond and investigate attacks effectively.

Digital Forensics and Incident Response, Cybersecurity and IT Essentials, Industrial Control Systems Security, Purple Team, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming, Cyber Defense, Cloud Security, Security Management, Legal, and Audit

December 8, 2021

Good News: SANS Virtual Summits Will Remain FREE for the Community in 2022

They’re virtual. They’re global. They’re free.