What could be a plausible strategy to detect and counter an APT?

By design Advanced Persistent Threats are custom engineered to fly underneath the radar of most traditional security defenses or even leverage insiders, which is why you need to look at the problem and available tools in a slightly different way.  We recommend that companies follow the following steps

• Enable Logging on their internal security systems and save the data so that investigations can be completed when a suspicious act is detected.
• Leverage Application Whitelisting to prevent unknown or untrustworthy applications running on your systems. This works very well on servers or systems with standard images.
• Review and monitor internal access controls to make sure that even insiders have access to the data they need in order to do their jobs.  Threats such as Aurora targeted people inside organization such as IT administrators or QA engineers who had broad access to information sources inside companies. Access controls are needed to know why they are accessing that data.Leverage Data Leakage Prevention (DLP) on the endpoints and networks to detect and prevent data export or theft.
• Rely on partnerships for information sharing.

How can Big Data play an important role in the security space?

Big data is planning a more critical role in threat intelligence and threat prevention, especially with APTs which are typically a multi-stage, multi-factor attack. For example, McAfee’s Global Threat Intelligence (GTI) is a cloud based real time threat identification service which allows us to identify and provide protection against new (zero day) and emerging threats much faster than standard signature or even behavioral based products. GTI consists of four separate, but integrated reputation services based on data generated by more than 100 million devices globally - File Reputation, Web Reputation, Message Reputation, Network Connection Reputation.   In addition to sending products real time reputation data that allows them to make informed decisions about malicious software, spam attacks, network intrusion attacks and other emerging threats, we use the same data to spot emerging trends or changes in attack strategies.

There have been increasing instances of data breaches at the certification authorities (CA). What kind of work are you doing with browser companies to ensure that stolen certificates can easily be identified?

McAfee provides detection and removal of the fake or misused certificates via our security products such as the anti-malware products which can detect and delete threats/malware using these fake certificates.  In addition we work with some of the infrastructure  companies such as CA’s to improve their own security protection to prevent breaches, using our network and host based intrusion technologies, vulnerability risk assessment and remediation management (audits and log analysis).