The Cyber Kill Chain and You

The Cyber Kill Chain is a framework with which to view the various steps of a successful cyber attack. The Cyber Kill Chain essentially breaks the cyber attack into 7 steps. These steps are:

The chain must be broken at some point in order to prevent the success of the attack.

The Cyber Kill Chain is both preventative and detective. It is preventative in the fact that it outlines the anatomy of how a cyber attack occurs. There is a systematic approach that an attacker takes to exfiltrate data from your network. If we take the kill chain as a platform to assess how well placed we are in each of the key areas of the anatomy of the attack, then we can better identify where we may have weaknesses in our security best practices and methodology. From this analysis we can create best practices and policies that are preventive in nature.

Throughout the framework there is a forensics element in which we are performing analysis on our security framework and from that analysis we will determine the weaknesses. Those weaknesses are discovered through establishing in which juncture of the kill chain framework the attacker is being successful. This is the detective piece of the framework.

Understanding and applying the Kill Chain is fundamental to defense in depth and is both detective and preventative in nature.

As an organization you can assess how well you can detect malicious activity by applying the Cyber Kill Chain framework to your security and compliance program.