Evolving the kill chain approach to protect cloud-based applications

null

As an information security professional, you’re likely to have heard about the cyber kill chain framework being used for identification and prevention of cyber intrusions.

The model was established by Lockheed Martin and follows the military approach of the same name: describing and tackling each stage of a threat. These stages are referred to as reconnaissance, weaponisation, delivery, exploitation, installation, command and control – and finally, actions on objectives.

While the model fits both physical and cyber threats, it’s important to note that not all steps of the kill chain are used in every cyber attack. For example, the first and last stages ‘Recon’ and ‘Persist’ typically feature only in targeted attacks. The duration of an attack can also vary, depending on its nature. Opportunistic attacks must be executed quickly, and the end value to the malicious actor often hinges on the number of the victims rather than their ‘quality’.

The kill chain terminology has had some criticism in cybersecurity use; some say that it reinforces traditional perimeter-based and malware-prevention based defensive strategies and doesn’t adequately protect against insider threats. However, the model has evolved significantly since its inception, and today it helps us to understand the modus operandi and to combat both targeted attacks carried out by APTs, and opportunistic threats like ransomware, phishing or cryptojacking.

But of course, cyber attacks are evolving as quickly as the technology they target and it’s understandable that infosec professionals are now calling for a greater understanding of the ways in which the kill chain has changed with the advent of cloud applications. If not properly secured, cloud services can increase the attack surface for an organisation – and at multiple phases of the kill chain.

So, let’s take a look at how organisations can use the kill chain approach to tackle this new breed of attacks on their critical cloud applications.

Source: Evolving the kill chain approach to protect cloud-based applications

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s