Jul 10th, 2018
Reactive or Proactive? Making the Case for New Kill Chains
Classic kill chain models that aim to find and stop external attacks don’t account for threats from insiders. Here what a modern kill chain should include.
The kill chain model is not new to most security professionals. Created in 2011 by Lockheed Martin, the model highlights the seven stages bad actors typically go through to steal sensitive information. In case you need a refresher, the steps include reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objective. The goal for security analysts and investigators is to disrupt the chain early, before sensitive data slips out the door. Although the model works for certain kinds of attacks, in many others, it doesn’t.