TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES presented at BlackHat USA 2012

by Jim Aldridge,

Tags: Defence Advanced Persistent Threat

Summary : Successfully remediating a targeted, persistent intrusion generally requires a different approach from that applied to non-targeted threats. Regardless of the remediation actions enacted by victim organizations, experience has shown that such threats will continue to target certain organizations. In order to be successful against these types of threats, organizations must change the way they think about remediation. This presentation outlines a model to guide tactical and strategic security planning by focusing efforts on the following three goals:
Inhibit attacker's activities.
Enhance visibility to detect indicators of compromise.
Enhance the security team's ability to effectively and rapidly respond to intrusions.
Jim Aldridge is a Manager in Mandiant's Washington, D.C. office and is responsible for Mandiant's incident remediation services, which involve helping Mandiant clients effectively recover from intrusions. In the past 12 months, Jim led the remediation activities for a dozen targeted threat intrusions. Nearly all these cases involved APT threat actors.