cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom

 

All,

 

 

Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network.  Reading the following links gives a good high-level overview:

 

 

 

Handling Cybersecurity Threats

 

 

https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2013/05/13/handling...

 

 

 

Cybercriminals infiltrate banks! Hundreds of Millions Lost!  Lessons for the rest of us

 

 

https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2015/02/17/cybercri...

 

 

 

What is an APT?

 

https://thwack.solarwinds.com/docs/DOC-176021

 

 

Cybersecurity – A Practical Approach to Actionable Intelligence

 

http://web.swcdn.net/creative/pdf/Whitepapers/WP_FED_Cybersecurity-A_Practical_Approach_to_Actionabl...

 

 

 

However, I am looking for a more detail guideline.  While I clearly understand each APT/Trojan could operate differently, I am looking for a more gradular guideline or whitepaper to set up LEM to notify my group an APT is on the network.  After I installed LEM I watched the following great video posted by Nicole Pauls!  Her video really helped.  Is there one for setting up LEM to detect APTs?  Or, are there other guidelines/white papers on setting up this listed feature of LEM?

Thank you,

T.J.

 

2 Replies
Level 9

Check out the rules that came with LEM, some of them (especially the ones in the Security section) are oriented towards detecting APTs, for instance SQL injection.

I would like to hear opinion on this from advanced users as well, they might have something more important to share on this matter.

0 Kudos
Level 9

Rufat87,

Thanks for the tip!

T.J.

0 Kudos