We recently published part 1 of a new series designed to help organizations build resiliency against targeted attacks. In the spirit of Maslow, we designed our Targeted-Attack Hierarchy Of Needs. One factor that significantly drove the tone and direction of this research was Forrester client inquiries and consulting. Many organizations were looking for a malware sandbox to check off their targeted attack/advanced persistent threat/advanced threat protection/insert buzzword needs. Malware analysis has a role in enterprise defense, but focusing exclusively on it is a myopic approach to addressing the problem.
Part 1 of the research is designed to help organizations broaden their perspective and lay the foundation for a resilient security program. Part 2 (currently writing at a non George R.R. Martin pace) will move beyond the basics and address strategies for detecting and responding to advanced adversaries. Here is a preview of the research and the six needs we identified: