It really is a good thing
The term “kill chain” sounds extremely harsh. Almost as if after something is killed, it gets moved down the chain to be killed again. How dramatic! Indeed, the original definition was to describe how an enemy combatant of the military might attack; that is, the steps they would take to ultimately try and claim victory over the “good guys.” More recently, the term has been conscripted by the cybersecurity world to help businesses and security organizations go on the offensive, ensuring there are no gaps in their mitigation strategies and that their threat-hunting processes are sound.
So the goal is actually to make the lives of security personnel less dramatic. That’s good! Using kill chain fundamentals is key, because even if your controls have been thoroughly vetted over and over again, you’re not really addressing the full life cycle of an attack when creating solid offensive or defensive strategies. Let’s now take a look at some specifics: organizations that have defined ultimate standards in the world of kill chains.
Lockheed Martin Cyber Kill Chain
This framework was developed by the defense contractor behemoth to identify vulnerabilities and breaches as well as examine the effectiveness of existing controls. Phases of this instance:
Reconnaissance is an information-gathering process leveraging any available means like social media channels, press releases, port scanning, and much more.
Weaponization creates a malicious payload using familiar platforms and applications like malware, a compromised document, or a phishing email.
Delivery transmits the payload directly to the target. If it makes it to you or your team, it has actually passed “Go.”
Exploitation means the attackers are in the priming process ..
Support the originator by clicking the read the rest link below.
