SANS Digital Forensics and Incident Response Blog

Anti-virus is not enough to defeat APT groups

In last week's story about the New York Times breach, you read that the best-selling anti-virus system failed entirely. Every organization that has gone through a targeted attack learns that same lesson and - too late - develops an in-house forensics and threat analysis capability. (The commercial incident handling companies charge as much as $1,000 an hour after you get breached). The principal hands-on course that teaches how is SANS FOR508: Advanced Forensics and Incident Response.

SANS did a similar test earlier this year when creating the core incident exercise for FOR508 and had the exact same results with McAfee EPO installed on our network.