Beyond marketing, an explanation of Advanced Persistent Threat

Advanced Persistent Threat is one of the most talked-about topics in the information security field – and one of the least understood. On Tuesday, September 13, Peter Morin – a member of our Atlantic Canada chapter, and conference treasurer – will discuss the anatomy of Advanced Persistent Threats including the various stages of attack, common attack vectors used, and examples of high-value targets (i.e. SCADA).

We asked Peter to elaborate on his topic, as well as to tell us a little more about his HTCIA experiences:

HTCIA: Why did you choose this topic — what about APT is misunderstood or needs better dialogue?

PM: Although attendees may not be with the government or a top secret facility or popular .com website, that they are at risk. It is important that people realize that the threat landscape has changed dramatically over the last couple of years. Attacks are being carried out with very specific goals and for very different reasons than before (i.e. “hacktivism”). We now have to focus more on concepts such as intellectual property theft, disclosure of stolen data by attackers, attacks that may be conducted over a long period of time, the role of malware in APT attacks, etc.

HTCIA: What do you want participants to know or be able to do when they go home?

PM: What are the various attack vectors and phases of a typical APT campaign? What security-related indicators to look for and how to improve the defenses they may already have in place? Also, tips, tools and techniques used in performing incident response related to some of the common attacks being seen today.

HTCIA: What you want to see out of students during the class?

PM: Interaction would really make the class worthwhile. I try not to provide a speech to students or simply read PowerPoint slides; hearing about their experiences, comments, etc. really makes for an enjoyable interactive session.

HTCIA: On a slightly more personal note, what do you enjoy about teaching?

PM: I enjoy the interaction with others, being able to mentor and share experiences and meet interesting people.

HTCIA: You’re volunteering as conference Treasurer as well as webmaster. How do you make time for everything?

PM: I think balancing work, family and volunteering is important. The people that make up the various committees, board, etc are fabulous and well worth the time!

[In general] the HTCIA has always been an important organization for me [because of] the interactions with other forensic and incident response communities. I am not in the law enforcement field, but because of the HTCIA, I am able to interact with members of law enforcement to share experiences, processes, tools, etc. So, when I was asked to return as conference treasurer, I jumped at the chance!

Questions for Peter? Please comment below, or better yet – come see him in person in Indian Wells next month!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: