For each high visibility targeted attack that has been made public, we really don't know how many have gone either undetected or undisclosed. Like an insect going through metamorphosis from one stage to the next, APT attacks are by definition multi-stage. Defenses must be specifically formulated to thwart APT's at specific stages of its life cycle, with the understanding that at different stages, different defenses will be most effective.
- Protection - stopping the attack before it can even infect the initial target is the most critical phase of APT defense;
- Detection - Even with robust protection, detection abilities play a critical role. Early detection is what will help contain the scope and impact of the attack;
- Remediate - The typical phased of the remediation phase are contain, isolate (until remediation can occur) and fix.