Abstract:
Advanced Persistent Threat (APT) is a targeted attack method used by a sophisticated, determined and skilled
adversary to maintain undetected access over an extended period for exfiltration of valuable data. APT poses high threat levels
to organizations especially government organizations. 60% of the problem is the inability to detect penetration using traditional
mitigation methods. Numerous researches indicate that vulnerabilities exists in most organizations and when exploited will have
major fininacial implications and also affect the organizations reputation. Traditional methods for mitigating threats to information
systems have proved ineffective. This paper aims at evaluating the utilization and effectiveness of Advanced Persistent Threat
Mitigation techniques using existing literature and thereby providing a synopsis of APT. A method-based approach is adopted,
reviewing the researches and a comparative analysis of the methods used in the mitigation of APT. The study compares 25
researches, which proposed methods in mitigating the threat. The research articles are filtered, separating mitigation methods from
review articles, identifying the threats etc. from a wide range of research reports between 2011 and 2017. These 25 researches
were analysed to show the effectiveness of 12 mitigation methods utilized by the researchers. In mitigating APT multiple methods
are employed by 72% of the researchers. The major methods used in mitigating APT are Traffic/data analysis (30%), Pattern
recognition (21%) and anomaly Detection (16%). These three methods work inline with providing effective internal audit, risk
management and cooperate governance as highlighted in COBIT5 an IT management and governance framework by ISACA.