2 Replies Latest reply on Mar 18, 2015 10:48 AM by tjreeddoc

    Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom

    tjreeddoc

       

      All,

       

       

       

      Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network.  Reading the following links gives a good high-level overview:

       

       

       

       

       

      Handling Cybersecurity Threats

       

       

       

      https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2013/05/13/handling-cybersecurity-threats

       

       

       

       

       

      Cybercriminals infiltrate banks! Hundreds of Millions Lost!  Lessons for the rest of us

       

       

       

      https://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2015/02/17/cybercriminals-infiltrate-banks-hundreds-of-millions-lost-lessons-for-the-rest-of-us

       

       

       

       

       

      What is an APT?

       

      https://thwack.solarwinds.com/docs/DOC-176021

       

       

       

      Cybersecurity – A Practical Approach to Actionable Intelligence

       

      http://web.swcdn.net/creative/pdf/Whitepapers/WP_FED_Cybersecurity-A_Practical_Approach_to_Actionable_Intelligence.pdf

       

       

       

       

       

      However, I am looking for a more detail guideline.  While I clearly understand each APT/Trojan could operate differently, I am looking for a more gradular guideline or whitepaper to set up LEM to notify my group an APT is on the network.  After I installed LEM I watched the following great video posted by Nicole Pauls!  Her video really helped.  Is there one for setting up LEM to detect APTs?  Or, are there other guidelines/white papers on setting up this listed feature of LEM?

       

       

      Thank you,

       

      T.J.