How to Deal With the Cyber Kill Chain

Many cyber-security teams have turned to a well-understood military concept, the kill chain, which details how adversaries structure their attacks.

In the quest to stay ahead of cyber-threats, many cyber-security teams have turned to a well-understood military concept, the kill chain, which details how adversaries structure their attacks. They are working to implement their own defenses in order to anticipate and react to where the attacks are coming from. But Chris Coleman, CEO of LookingGlass, said that most common security architectures do not address the complete concept of the cyber kill chain and instead just defend their organization's perimeter. "Organizations are faced with threats that are continuously evolving to avoid detection before and after their targets are exploited. Ideally, threats are mitigated early in the cyber kill chain. This avoids the threat actor gaining a foothold within an organization to attack laterally and find higher value assets," said Allan Thomson, CTO of LookingGlass Cyber Solutions, which focuses on addressing threats throughout the life cycle. Below are his tips on how to handle threats during seven stages of the chain: reconnaissance, weaponization, delivery, exploitation, installation, command-and-control, and privileged operations, resource access and exfiltration. The report features Gartner research.