Time
21 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, everyone. I'm Instructor Gerry Roberts, and this is introduction to a PT Groups. This video we're gonna talk about how to look for information about a PT groups,
00:12
and then we're gonna talk a little bit about how to implement monitoring in your organization.
00:19
First of all, looking for information finding information on a PT groups can be difficult.
00:24
There are a lot of different
00:27
ah, pieces of misinformation, partial information,
00:31
and sometimes you just can't find the information
00:35
to some places to look.
00:38
First of all, some organizations public regular reports
00:43
on a burger the basis with information about the different groups.
00:48
So a good spot toe look is actually looking for those regular reports.
00:54
Now, some antivirus companies like
00:57
Kaspersky
00:59
actually, dude on a quarterly basis, other organizations due to a yearly basis just depends on the organization. But you wanna look and find those reports. They're very useful. They actually are chock full of information about some of the different groups and the different attacks that are common. So you can actually
01:18
put things in place to help prevent those attacks.
01:22
Instead of just knowing Hey, there's a group out there. You can actually take action
01:29
another thing.
01:30
Some vendor, such a Cisco
01:34
and other vendors publish information on their websites and also have products that will scan your system for known threats.
01:44
This is also useful
01:47
as not only can you get information, but you might be able to find a product to help you defend against such attacks.
01:56
Now, if you don't know specifically what you're looking for,
02:00
you kind of know group name or you might know a group number or something like that. Use your favorite search engine. Yes, I did just tell you to Google that
02:13
No monitoring.
02:15
One of the best things you can do to prevent a PT groups from attacking your organization is monitoring. Remember, these guys work on secrecy,
02:27
so if you're monitoring, you're more likely to find them and more likely to be able to boot them out.
02:34
So a couple of things keep yourself up to date so you know what to look for.
02:39
In some instances,
02:42
you may not have controls in place,
02:46
but you may find something weird like certain computers air using a lot of processing power or things like that. Knowing what to look for helps you identify an issue
02:58
next some vendors after software.
03:01
It's usually updated regularly once they find out about attacks, and they can put information in their software to look for them.
03:08
These usually work like anti virus looks for specific items, traces specific things
03:15
to be ableto find possible attacks.
03:20
You can also customize thes. So look for certain things like spear, phishing emails
03:25
or certain types of attacks.
03:29
Keep everything up to date. Guys.
03:31
I shouldn't have to say this, but you'd be surprised how many times I've gone into an organization and things are not up to date,
03:39
and something that would have been fixed by a patch or a service pack
03:44
has been exploited.
03:46
Vendors like Microsoft, other vendors like Cisco Lennox, all that do have updates on a regular basis to protect against these types of attacks.
03:55
Once these types of attacks have been identified, these vendors are able to put something together to prevent those phone or abilities from being exploited, and in some cases they can even close up of vulnerability.
04:09
The next thing implement threat hunting and pan tastic.
04:14
It is extremely valuable.
04:15
These activities can actually help you locate vulnerabilities
04:19
and sometimes even help you locate attacks in progress.
04:25
That's right.
04:27
If you're doing pen testing,
04:30
you can actually stumble
04:31
upon somebody to an attack,
04:33
and I've seen it happen before.
04:35
So these items, when implemented, can also help you monitor
04:42
and locate
04:44
potential A P T. Attacks.
04:48
All right, that's it for this video. So let's take our post assessment question.
04:54
How can you find information about a PT groups?
04:58
Would you look at published reports? Would you use Google for information?
05:01
Would you look at the vendor's Web sites
05:04
or would you do all of the above?
05:08
I'll give you a moment
05:10
to figure this out.
05:12
You can pause if you want to, and then we'll come back for an answer.
05:19
It's D all of the above. All of these items can be great. Resource is for information about a PT groups and a P T attacks.

APT Group Fundamentals

In this course, you will learn the fundamentals of Advanced Persistent Groups, and the deliniation between them in comparison to popular threat vectors in the security space. This course will cover common characteristics and attack patterns of APT groups, so that you can understand the threats associated.

Instructed By

Instructor Profile Image
Gerrianne Roberts
Professor, Network Engineering Technology
Instructor