#3 Geographic Locations:

Visits to hosts in certain countries can be categorized as risky behavior, especially if there is a significant amount of traffic involved. Identifying such behavior can be combined with a white list approach that identifies legitimate sites in such countries to help identify infected clients.

#4 Session Information:

When a device starts to listen on a port to receive a connection from the outside but does not initiate a connection, an APT infection could be the cause.

#5 Destination Category:

Visiting certain types of websites, such as gambling and adult sites as well as those known to contain malicious code can also be a predictor of APT infection.

“Identifying risky user and application behavior represents the next step in protection against Advanced Persistent Threats.

Also Read: 10 Pioneers Of Cloud Computing

Also Read: IBM to Renew its Biggest Indian IT Contract, Faces Stiff Competition