Anti-virus is not enough to defeat APT groups

February 8, 2013

In last week's story about the New York Times breach, you read that the best-selling anti-virus system failed entirely. Every organization that has gone through a targeted attack learns that same lesson and - too late - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.

http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results

Related Content

Digital Forensics and Incident Response

August 13, 2020

SANS Data Incident 2020 – Indicators of Compromise

On Tuesday, August 11, 2020, SANS disclosed a security breach which was the result of a successful phishing campaign. As described in the disclosure f

Digital Forensics and Incident Response

Making the Most Out of WLAN Event Log Artifacts

If you have taken FOR500 (Windows Forensic Analysis) or utilize the FOR500 “Evidence of…” poster, you are probably familiar with the WLAN Event Log listed under the Network Activity/Physical Location section of the poster. This Windows event log (Microsoft-Windows-WLAN-AutoConfig/Operational)...

Christian Vrescak

Digital Forensics and Incident Response

August 10, 2012

Advanced Persistent Threats Can Be Beaten

Advanced persistent threats can be beaten, says expert Detection is key, but how you respond to APTs is equally important Officially, advanced persistent threats (APTs) from China are not even happening. But everybody in information security, especially those trying to protect enterprises from...