As threats evolve, the operator must be able to fully utilize new ways of detecting and combating these newer threats. The key is turning whatever information is gathered into actionable intelligence. While technology can help here, a more comprehensive solution must also address the need for better processes and training of our cyber warriors.
Over the past several years, there has been much discussion about situational awareness — the ability to understand what is happening on a network, from the traffic patterns to the context of changes in those traffic patterns. Indeed situational awareness is hailed as the foundation of network visibility, which is required to identify and combat any threat. Thus, by leveraging behavior analysis--along with partnerships and education--operators can attain situational awareness, and in turn, stop APTs in their tracks.