This paper explores how cybersecurity practitioners across sectors conceptualize their needs for defending against Advanced Persistent Threats (APTs). Drawing on thematic analysis of 19 semi-structured interviews with experts from national CSIRTs, private SOCs, and critical infrastructure, we identify six overlapping categories of perceived gaps: contextual visibility, threat intelligence, supportive automation, operational readiness, attacker understanding, and executive decision support. While these needs highlight common pain points across domains, our analysis critically questions whether meeting these requests would in fact resolve the strategic challenge posed by APTs. Many proposed solutions reflect domain-specific biases and focus on improving existing capabilities, rather than transforming defensive paradigms. As APT groups evolve with long time horizons, high expertise, and geopolitical intent, fragmented or reactive responses may remain insufficient. We argue that defending against APTs demands not only technical upgrades, but also interdisciplinary and organizational transformation. This study contributes by mapping practitioner perspectives while offering a critical lens on their limitations. The findings urge the community to reconsider assumptions about expertise, tooling, and the complexity of cyber conflict.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Understanding APT Defense Through Expert Eyes: A Critical Exploration of Perceived Needs and Gaps

  • Raymond André Hagen,
  • Kirsi Helkala,
  • Lasse Øverlier

摘要

This paper explores how cybersecurity practitioners across sectors conceptualize their needs for defending against Advanced Persistent Threats (APTs). Drawing on thematic analysis of 19 semi-structured interviews with experts from national CSIRTs, private SOCs, and critical infrastructure, we identify six overlapping categories of perceived gaps: contextual visibility, threat intelligence, supportive automation, operational readiness, attacker understanding, and executive decision support. While these needs highlight common pain points across domains, our analysis critically questions whether meeting these requests would in fact resolve the strategic challenge posed by APTs. Many proposed solutions reflect domain-specific biases and focus on improving existing capabilities, rather than transforming defensive paradigms. As APT groups evolve with long time horizons, high expertise, and geopolitical intent, fragmented or reactive responses may remain insufficient. We argue that defending against APTs demands not only technical upgrades, but also interdisciplinary and organizational transformation. This study contributes by mapping practitioner perspectives while offering a critical lens on their limitations. The findings urge the community to reconsider assumptions about expertise, tooling, and the complexity of cyber conflict.