Advanced Persistent Threat: Detection and Defence

Abstract: The critical assessment presented within this paper explores existing research pertaining to the Advanced Persistent Threat (APT) branch of cyber security, applying the knowledge extracted from this research to discuss, evaluate and opinionate upon the areas of discussion as well as involving personal experiences and knowledge within this field. The synthesis of current literature delves into detection capabilities and techniques as well as defensive solutions for organisations with respect to APTs. Higher-tier detection and defensive strategies bear greater importance with larger organisations; especially government departments or organisations whose work impacts the public on a large scale. Successful APT attacks can result in the exfiltration of sensitive data, network down time and the infection of machines which allow for remote access from Command-and-control (C2) servers. This paper presents a well-rounded analysis of the Advanced Persistent Threat problem and provides well-reasoned conclusions of how to mitigate the security risk.