Advanced Persistent Threat : products & practices to mitigate

Q1:
What are some of the products out there that best addresses APTs?

In particular, can name specific products from following principals:

a) Symantec
b) Trendmicro
c) HP/TippingPoint
d) McAfee

Q2:
Does Sandboxing covers a great percentage of APTs?

Q3:
What about tools like Tripwire to detect abnormal activities?
Integrity monitoring of sensitive files (eg: password files)?
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Q1 - Tends not be a point solution, meaning no one size fit all provider, but I do suggest looking into areas such as NSS lab shared too breach detection
Blue Coat Security Analytics v7.1.6 and Malware Analysis Appliance v4.2.2
• Check Point 13500 Next Generation Threat Prevention Appliance with Threat Emulation Cloud Service R77.20
• Cisco Advanced Malware Protection v5.2.2015072320
• Fidelis XPS Direct 1000 and Fidelis XPS Internal 1000 v7.7
• FireEye EX-3400 v7.1.6 and NX-4400 v7.5.3
• Fortinet FortiSandbox-1000D v1.43 Build 0120
• Lastline Breach Detection Platform v6.5
• Trend Micro Deep Discovery Inspector v3.7 Build 3.7.1096
https://www.nsslabs.com/news/press-releases/nss-labs-announces-results-breach-detection-systems-test

Also check out AlienVault USM and the OTX contributions
https://www.alienvault.com/who-we-are/press-releases/alienvault-named-best-advanced-persistent-threat-apt-solution-of-the-year-in-2015-computing-security-awards


Q2 - Yes I will say so since APT is a big "scope" of threat and actor we are defending against... Sandboxing is in fact more of detection and response coverage in areas of "payload analysis" and part of the content filter which offload to further deep inspect (on top of AV scan).

And also Gartner's suggested areas to safeguard using Network Traffic analysis, Network forensic, payload analysis, Endpoint behavior analysis and Endpoint forensic.
Candidates can include BlueCoat (Solera), RSA ECAT/SA, FireEye, LastLine, McAfee ADS, ThreatGrid, Cisco (Adv Threat), Palo Alto TRAPS, Bromium, Encase Guidance, Fidellis Resolution1, Bit9, Tripwire

Gartner also has paper on the APT handing
https://www2.fireeye.com/Garter-Best-Practices-for-Detecting-and-Mitigating-APTs.html


Q3 - This is from the preventive or pre-emptive measures for continuous monitoring. The good baseline will surface anomalous activities and including indicator of compromise (IoC) and Indicator Of Attack (IoA) symptoms. As mentioned in Q2, this is covered in the  "Endpoint behavior analysis "

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.