Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network. Reading the following links gives a good high-level overview:
Handling Cybersecurity Threats
Cybercriminals infiltrate banks! Hundreds of Millions Lost! Lessons for the rest of us
What is an APT?
Cybersecurity – A Practical Approach to Actionable Intelligence
However, I am looking for a more detail guideline. While I clearly understand each APT/Trojan could operate differently, I am looking for a more gradular guideline or whitepaper to set up LEM to notify my group an APT is on the network. After I installed LEM I watched the following great video posted by Nicole Pauls! Her video really helped. Is there one for setting up LEM to detect APTs? Or, are there other guidelines/white papers on setting up this listed feature of LEM?
Check out the rules that came with LEM, some of them (especially the ones in the Security section) are oriented towards detecting APTs, for instance SQL injection.
I would like to hear opinion on this from advanced users as well, they might have something more important to share on this matter.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.