According to an article in info-security, most security professionals expect an APT attack in the next six months. Within the article, it is quoted:
“The three structures of IT Security used to be ‘prevention’, ‘detection’ and ‘remediation’. However, with prevention an almost impossible task due to the very nature of the way IT is used today, it now falls down to ‘detection’ as the best way to protect systems,”.
Prevention is extremely difficult, however, using a defense in depth will assist – implementing a Unified Threat Management system, endpoint protection, as well as utilizing a NAC solution to see who is on your network, as well as stop communication back to command and control, are great first steps.
Using an Event Log Management system or SIEM will help detect abnormal behaviour, improving detection of not only malware or APTS, but also unusual activity by employees, guests, and other cyber threats. Most ELMs, or SIEMs have the ability to do file integrity monitoring as well – providing you with detailed information on what files were altered and by whom.