Step 1: Prevent
Companies need to remove their blinkers and get prepared for a genuine emergency. It can hit anyone. They must prepare strategies and emergency plans, and become familiar with their vulnerabilities. After all, they would know exactly how to proceed if a fire breaks out in the building, is that not true?
Note: Risk analysis
Step 2: Implement protective measures
A well-guarded endpoint is the best method to protect against cyber-attacks, or rather APTs. Here, an array of different defense mechanisms should ensure that threats cannot even penetrate the IT network. With increasing frequency this concept is complemented by a coordinated security setup in which a variety of solutions communicate and share context information. This can speed up detection and automate responses.
Step 3: Detect
A large number of different methods for malware identification already exist. Current knowledge must be exploited to make a reasoned decision on which strategy is best for deployment.
Step 4: Respond
Malware needs to be completely removed leaving no residual traces if a network is infected. It is then necessary to guarantee that the endpoint is secure. In order to prevent similar cases in the future, it is imperative to identify when and how the malicious code gained access to the network.
We recommend the following solution to deal completely with items 2–4:
Symantec: Advanced Threat Protection Endpoint, Network & Email
Sophos: Next-Generation Endpoint Protection
Trend Micro: TippingPoint Advanced Threat Protection Family
Step 5: Recover
Suitable backup software should be used to restore the data once the system has been cleaned up.
We endorse the following vendors: