Mike Cloppert on Defining APT Campaigns

Please stop what you're doing and read Mike Cloppert's latest post Security Intelligence: Defining APT Campaigns. Besides very clearly and concisely explaining how to think about APT activity, Mike includes some original Tufte-esque figures to demonstrate APT attribution and moving up the kill chain.

Comments

Mister Reiner said…
That's a really good article.

One thing I would like to see Mike cover in the future, is what tools he uses and how to mange all of the data required to do this type of analysis over time. The theory is solid - putting it into practice is the hard part. Without the right tools, most people will find this type of analysis impossible to do.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4