Blog: SANS Digital Forensics and Incident Response Blog

Blog: SANS Digital Forensics and Incident Response Blog

Anti-virus is not enough to defeat APT groups

In last week's story about the New York Times breach, you read that thebest-selling anti-virus system failed entirely. Every organization thathas gone through a targeted attack learns that same lesson and - toolate - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.

http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-a-real-world-simulation-created-for-forensic-data-yields-surprising-results
http://www.sans.org/course/advanced-computer-forensic-analysis-incident-response

Post a Comment






* Indicates a required field.