Mike Cloppert on Defining APT Campaigns
Please stop what you're doing and read Mike Cloppert's latest post Security Intelligence: Defining APT Campaigns. Besides very clearly and concisely explaining how to think about APT activity, Mike includes some original Tufte-esque figures to demonstrate APT attribution and moving up the kill chain.
Comments
One thing I would like to see Mike cover in the future, is what tools he uses and how to mange all of the data required to do this type of analysis over time. The theory is solid - putting it into practice is the hard part. Without the right tools, most people will find this type of analysis impossible to do.