EH-Net

http://www.infoworld.com/d/security/prepare-advanced-persistent-threats-or-risk-being-the-next-rsa-180?page=0,0

I have the same feeling about my company. I think we are in a deep s..t, and that we have to find the whole. Our alerts are too clean, and that's not normal.
Being and insurnace company and haveing a lot of confidential data we should be more searched.

But... they are very comfortable they way things are, and are hoping that the tools will solve the problems (Arcsight, IDS, Firewalls, soon DLP)   ???

I hope I will be able to convince them.

My company recognized the criticalality of APT's last year so we had Mandiant come by for some APT training and we picked up a Mir controller box, best security investment in years!  We can easily identify any suspicious activity on client machines looking for signs of APT's.  I would highly recommend anyone interested in APT's reach out to mandiant those guys practically wrote the book on identification and remediation of APT's they also do some kick ass unknown binary analysis and offer up free versions of most of their tools.

Yawn at APT. I advise you read the following two articles I wrote surrounding failures...

Cyber Warfare Analysis - You're Doing It Wrong
https://www.infosecisland.com/blogview/12529-Cyber-Warfare-Analysis-Youre-Doing-It-Wrong.html

Security Vendors Vow to Defend Against Cyber Boogeyman
https://www.infosecisland.com/blogview/12663-Security-Vendors-Vow-to-Defend-Against-Cyber-Boogeyman.html

<nod>

@R3B005t 
I will look further at what you propose.

@sil
As always, you are a great help. I will look deeper at your articles and I will try to adapt your advices.
My only obstacle is the mentality of others, but I will beat them  :)

Thanks again!