"Few organizations view their incident responders as the front line in their defensive posture," said Tom Cross, director of security research for Lancope.
"However, the intelligence gathered from investigating breaches is the vital ingredient that enables an organization to thwart subsequent attacks; so in a very real sense, the incident response team should become the heart of everything an organization does to protect its network."
The Lancope report examines the rise of the Advanced Persistent Threat (APT) all the way from the coining of the term in the early 2000s and Operation Aurora in 2010, to the most recent attacks on the Wall Street Journal and New York Times.
Third-party reports from Mandiant, Cisco and others are also referenced.
"According to the Enterprise Strategy Group (ESG), nearly three-quarters of organizations expect to be the target of APTs in the near future," said Amrit Williams, CTO of Lancope. "Organizations need to realize that they are either compromised or will be soon and that traditional techniques need to be augmented with newer methods to provide visibility and control into all aspects of the internal environment."
The report also discusses how NetFlow collection and analysis can help fill in the gaps in conventional security strategies for improved incident response.
Using the recently uncovered "APT1" attacks as an example, Lancope demonstrates how technical indicators of an attack can be fed into a flow-based monitoring system to gather actionable security intelligence for preventing future attacks.
By combining flow-based behavioral analysis and in-depth security context, Lancope's StealthWatch® System provides a comprehensive view of network activity to keep organizations a step ahead of sophisticated attackers. Lancope's security capabilities are continuously enhanced with research from the StealthWatch Labs Intelligence Center (SLIC).
"When you are living with an advanced threat, you are playing a nonstop game of cat and mouse on your computer network," adds Cross. "The need to collect and analyze intelligence isn't a one-time requirement that occurs as the result of a single incident. It needs to be an ongoing part of any organization's defensive operation."
Learn how to properly equip and empower your incident response team to fend off APTs and reduce enterprise risk. Access the full Lancope report, "APTs and Incident Response: The Next Frontier of Cyber Security," here:
Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today's top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope's StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope's security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.