The CounterTack blog covers topics, ideas and tools on cyber security and tips on how to continuously monitor to detect in-progress attacks.
Current Articles | RSS Feed
William Jackson's recent article in Government Computer News, "The Untimely Death of The Advanced Persistent Threat?" is an interesting read. Apparently RSA and Mandiant no longer like the term "Advanced Persistent Threat." (Aren't they the ones who defined it in the first place?). I share the concern they have with the term, but for a very different, more obvious reason.
Let me ask you a question. When does a "threat" become an "attack?"
It seems to me that a "threat" represents a potential attack. If a burglar is inside your house looking under the sofa for the sterling silver, is there a "threat" of a robbery? Seems a bit more urgent than that. If a well-armed enemy soldier is found wandering around a military base, wouldn't that be considered an attack?
That's my issue with the term "advanced persistent threat." The attacker is inside your network, actively trying to evade detection and steal your data. Seems like you've moved well beyond a "threat." You are under attack. So let's call it what it is. "Active Attack" or "in-progress attack" are more accurate descriptions, don't you think?
Allowed tags: <a> link, <b> bold, <i> italics
