A case study simulated to represent the benefits and the effectiveness of a new framework to limit or reduce the APT. The aim of this project is to determine whether using a complex multistage framework solution will limit or reduce the damage of the cyber attack and, to ask, if will it help the incident response team to detect the APT or not. The components of the framework are logging modules, SIEM, indicators, attack tree, Kill chain, and sandbox. The logs of the previous component of layer 1 will be used by SIEM in layer 2 to show different alerts and warnings. The new framework includes layer 1, which has antivirus, NIDS/HIDS, firewall, etc.
The multistage framework can be described as a multi-layer security and components. This dissertation proposed framework allows the incident response team to detect APTs more efficiently and improve the knowledge of the incident response team about the phases of the attack by identifying and detecting various indicators of the adversary’s attack. The term APT has been overloaded and means different things to different people - for example, some people refer to attacks from China, and others consider all attacks as part of the APT. A new class of threat called Advanced Persistent Threat (APT) has emerged and is described as cyber intrusions against military organisations. These incidents happen for different industries as well.
The long-term and sophisticated attacks target companies, governments and political activists. The game of security cannot be successful without understanding the rules of engagement.
0 kommentar(er)
