这是一篇发表在CSO上的。文章的主旨是强调在面对诸如APT***的时候，与其关注***，不如关注自身的弱点，做好安全意识和技能培训，并且要部署一些取证类的工具。

Gartner的副总John Pescatore建议，defence in depth for those that could afford it, but added that throwing more layers at the perimeter would not necessarily work against determined attackers。Instead, (big) organisations should invest in network and computer forensics, security information event management (SIEM), data leakage prevention and sandboxing. 他说，"The use of specialised threat detection, network forensics and situational awareness technologies can be very effective in quickly detecting and reacting to the first stages of an advanced targeted threat, but require high levels of skilled resources to be effective,""A lean-forward approach to security is going beyond the due diligence level of the standard network security and vulnerability assessment controls, and using tools and processes to continuously look for active threats on the internal networks,” “IT leaders must be prepared to invest in and staff lean-forward processes — and they must be prepared to take action if they find something."