Anti-virus is not enough to defeat APT groups

February 8, 2013

In last week's story about the New York Times breach, you read that the best-selling anti-virus system failed entirely. Every organization that has gone through a targeted attack learns that same lesson and - too late - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.

http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results

Related Content

Incident Response & Threat Hunting, Digital Forensics and Incident Response

January 23, 2023

A Visual Summary of SANS CTI Summit 2023

Check out these graphic recordings created in real-time throughout the event for SANS Cyber Threat Intelligence Summit 2023

Digital Forensics and Incident Response

September 22, 2022

NEW SANS DFIR COURSE IN DEVELOPMENT | FOR577: LINUX Incident Response & Analysis

FOR577: Linux Incident Response & Analysis course teaches how Linux systems work and how to respond and investigate attacks effectively.

Digital Forensics and Incident Response, Cybersecurity and IT Essentials, Industrial Control Systems Security, Purple Team, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming, Cyber Defense, Cloud Security, Security Management, Legal, and Audit

December 8, 2021

Good News: SANS Virtual Summits Will Remain FREE for the Community in 2022

They’re virtual. They’re global. They’re free.