Who's selling APT today?

Oh the shame. I used APT in my blog. I USED A BUZZ WORD! How can I look myself in the mirror?

Who cares?

The fact is that one half of the info sec community is sick of hearing about APT and the other half is doing everything they can to sell themselves with "Advanced Persistent Threat". We have all these companies and pontificating "read my book" "super-star" security bloggers pushing their products, their services, their thoughts, their speeches, their dead-trees, etc.. etc.. etc.. Until I am tired hearing their BS as well. I mean honestly, do I need to be told to read your F'ing book every time something happens? It was written five years ago. Get new material.

What matters most is that APT is real, it may not directly impact everyone in information security, but it does impact every indirectly at least.

It doesn't matter if Google was full of crap with half their statements about what they will do to China next. It doesn't matter that APT uses off the shelf products as much as home brew and every idiotic inexperienced moron with an Anti-Virus setup will claim that the "enemy is at the gates" or inside for that matter.

No what matters is that it has peoples attention and they start treating things like they should. Even if it's for a little while it's more than what you had before. The worst it can do is make your job harder. Let's face it, if your job is harder are you not still employed? I can go down to the next ISSA meeting and find someone who will trade you positions if you feel like bitching about your job. Up to you.

There is no magic IDS system that will find APT. Even though it's claimed that you can scan all your months worth of traffic in just a few minutes, I highly doubt you will need to worry then. Most times they are not after the local software developer with 4 people on staff. The attackers will steal your stuff from a bigger source anyway.

There is no single firewall that will keep them out. You have to have holes to let stuff in and out. The attackers know how to find your holes and they know how to exploit them. If you think a firewall will save you, then you need to go back to 1998.

Your AV system will not always find them and clean them out. What if you are using the same tools? What if they popped a box that was out of the network, dumped your password and then crashed the hard drive? Would you even see the logs or malware that was left there? Then they have access to your network without using malware.

Scanning your logs alone will do nothing, but hurt your eyes. Can you identify every single login in your network? If you can then you probably are not a target. Can you identify every single time a user logs in and not a script? Can you identify every system the user has permission to log into? Do you have a single server that the user is assigned to? So if that user has to check out a file from another server, do they ask a local administrator to do it? We all know those local admins will NEVER elevate someones permissions to save time.

Then there is training. How many of your users know not to open every PDF they come across? Or how about those links that get sent in? That awesome flash video demonstrating the effectiveness of the military's new weapons? Who's responsible for checking it? Do you want that job or should we just send the link to the "super star" security guy? He will solve all your problems.

It takes an effort of all these things and more. It's going to take an investment of time, money, people and effort. It's not going to come out of reading one guys blog, book or sales material. It's going to take new innovative ideas. The bad guys are thinking up new ideas all the time. They can stockpile 0 days. If joe snuffy finds a 0 day do the higher ups shrug him off as inexperienced moron? But I'm sure some of you have blown off or intimidated some lower person in the food chain regarding an idea. Maybe they told you and you dismissed it or maybe they were to scared to tell you. Either way you may have lost out. YOU may be a "super star", but you don't know everything and he may not have read your book. Listen and learn.

No environment is the same as another, but if you are not looking at what you have and wondering how to make it more secure: just shut off your firewall, shut off your computers, and ship the harddrives to China/Russia/Korean/Where ever.

You don't have the money for gear is your excuse: you have systems already. Virtualize. Do what you have to.

You don't have money for software. BS! there is plenty of free stuff and if not there are plenty of scripting languages to learn that can help you.

You don't have the experience. How the hell did you get that job to begin with? Pick up some books, ask some friends, join some social network sites. Don't put your company info out there, but absorb everything you can.