Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization

I would like to start off with the bottom line first. There is a LOT of great information in the book, but the layout of the book makes it a bit hard to find the key points even with the incredibly detailed table of contents. Syngress should adopt call outs, text boxes and other publishing techniques to highlight key information instead of producing one huge "run on" manuscript.In light of that what I would like to do in this review is highlight some of the practical tips in the book. A major theme is that while protection is ideal, detection is a must. Dr. Cole, a practitioner in the field, has learned what we all need to understand. The odds are very high that any organization is already compromised. The key is to detect the information as the attackers try to exfiltrate it.Some other points, that are not to be missed:Page 15 Do not allow HTML mail unless you absolutely need it for your businessPage 16 Do not allow documents with macros unless you absolutely need it for your businessPage 29 Activity does not equal security, tackle the highest priority riskPage 31 Assume the attackers are already in your networkPage 39 Focus on protecting your critical data (data centric security)Page 71 237 rules in your firewall equals ANY ANY ANY ANY - ALLOWPage 91 The advice here will not be popular, but if you do not absolutely need it for your business, get rid of itPage 107 The entire section on data classification is a must read, must implementPage 140 More hard, but valuable advice, do not allow email attachments unless you absolutely need them for your businessPage 176 Repeat after me, users are the target, this is the root of most successful attacksPage 193 Begins a section on the 20 Critical Controls - read, memorize and actPage 212 You cannot fight the cloud (amen)Page 234 The APT Defendable Network section is a must readPage 243 Expands on the points on page 29, glad that got fleshed outChapter 11 talks about some common sense solutions including sandboxing and whitelisting. For the life of me, I cannot understand why more organizations have not adopted bothChapter 12 is essentially a recap. A suggestion to the reader is read chapter 12 first. It is filled with a number of key points that you can pick up when you read the rest of the book.

This book fails on many fronts.It lacks technical details so I think it is meant for a wide audience who may not have a deep understanding of network infrastructure and security. However, in the book, there is not a single diagram to expound on the concept of APT. There are only some screen shots to show simple network commands.I think that discussion of a real case of how APT infiltrates an organization will help the readers appreciate the state of art of the attackers. This however is lacking.As a security professional, I also want to know how do to detect infiltration. The author only points out that detection is needed which does not help much.There are solutions and products on the market to counter APT. The author can also write about what the desirable features are and how to select the products.The book is just a re-hash of security and networking techniques and concepts. Its lack of depth and breadth does not even qualify it as a good book on information security, not to mention on APT. The book wastes a lot of space in repeating the simple concepts advocated by the author and drawing trivial analogies. The editing is bad too, e.g. `security is not hopeless' appears as `security is not helpless'.I learnt more about APT from the APT Wiki and the references contained therein. I also learnt the techniques used by the attackers from the references.I bought the book (Kindle version) because I found that its reviews were all five stars. I noted however that some of the reviewers knew the author personally. This might explain the good but biased rating. The author holds a doctor degree which also raised my expectation. He can do better.

Very good set of ideas & concepts very badly presented. Core ideas and strategic approach to defending against APTs is very good, possibly brilliant. Reader must be willing to fight through horrible structure and terrible editing to extract them, however. Not an easy read. Like mining gold or diamonds, you'll need to bring heavy machinery to get what you want. Buried in this mess is a great book. Somewhere. In the end: worth the work.

I recomend all in Cyber Security to read and understand this book. Very good written.Maybe a good idea users read as well, since APT target users so much.Written so well, I remember most of this book after one cover to cover read.

This book has some interesting content on the APT problem and it is written in a chatty and informal style. Syngress are usually good publishers, but this book clearly hasn't been edited or reviewed before publishing as there are numerous noticeable grammatical mistakes. Furthermore, at times the book is verbose and repetitive. Considering Eric Cole's experience in the field, little of his practical and technical knowledge makes it to paper. All of the mistakes and poor publishing aside, this book is a tolerable introduction to APT, but it's disppointing and lacking technical aspects for a more experienced reader.