If you’re in the information security sect, you’ve surely heard of the kill chain—a defense model designed to help mitigate advanced network attacks. The kill chain consists of seven phases of an (external) network attack with each phase possessing an opportunity for specific types of defense. They include:
- Reconnaissance – Learning about the target
- Weaponization – Combining your vector of attack with a malicious payload
- Delivery – Actually transmitting the payload via some communications vector
- Exploitation – Taking advantage of some software or human weakness to get your payload to run
- Infection – The payload establishes persistence of an individual host
- Command & Control (C2) – The malware calls home, providing attacker control
- Actions on Objectives – The bad actor steals or does whatever he was planning on doing
It’s important to have defenses for every phase of the kill chain, and understand how each phase differs. One of the kill chain concepts states that the earlier in the kill chain you prevent an attack, the better. While that’s technically true, I suspect it’s also why we spend more time establishing preventative protections early on, and less time on the latter defenses, which still might “defang” successful attacks after the fact.
The truth is, sophisticated attackers will often bypass or evade some of our early stage defenses. If we haven’t focused enough on the latter security controls, like botnet C&C detection, data loss prevention, and internal network segmentation, we’re not seizing our full opportunity to prevent a damaging attack.
Does your business have these kind of tools in place? Have you looked at your data loss prevention plan in a while? It’s important to look at security from all stages and angles in order to implement the best defense for your business needs.Published by BlackPoint IT Services with permission from WatchGuard Technologies.