What is the Kill Chain?
Cyber-attackers executing advanced threats against organizations utilize what’s known as the cyber kill chain. The kill chain is the “high-level framework or workflow that advanced threat actors employ in their efforts to compromise the target,” according to Dell SecureWorks.
“Actors behind advanced threats have a toolbox of exploit techniques at their disposal,” says Dell SecureWorks. “They often combine several intrusion tools and techniques in order to compromise and maintain access to their target.”
How Do I Defeat the Kill Chain?
For organizations looking to prevent cyber-attacks against their sensitive information, they need to disrupt the kill chain. To do that, organizations should first deploy intelligence capabilities that provide actionable information on cyber-attackers.
Next, organizations need to review their current security architecture, Dell SecureWorks says, and recalibrate their security policies to ensure that the right information is being collected and correlated from across their networks, information and assets.
Front-line defenses to disrupt the kill chain include antivirus software, firewalls, patch management, logging, continuous network monitoring, file tampering monitoring and configuration management, says Tenable Security. Organizations should also prioritize the following three critical metrics, Tenable explains, to help in their cyber defenses:
- The number of Internet facing computers/servers that are exploitable;
- The number of Internet browsing computers with exploitable clients;
- The number of internal trusted systems that have exploitable services.
However, there are no silver bullets an organization can utilize to prevent an attack against their systems. “Security professionals should take an introspective look at their organization to determine if the organization is adequately prepared to respond effectively to a breach,” Dell SecureWorks says.
For more on the cyber kill chain, click here: Disrupting the Cyber-Attack Kill Chain.