As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is an explanation of the cyber kill chain and how you might employ it in your environment.
Cyber kill chain definition
The cyber kill chain, also known as the cyberattack lifecycle, is a model developed by Lockheed Martin that describes the phases of a targeted cyberattack. It breaks down each stage of a malware attack where defenders can identify and stop it.
In military parlance, a “kill chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks. The closer to the beginning of the kill chain an attack can be stopped, the better. The less information an attacker has, for instance, the less likely someone else can use that information to complete the attack later.