What is the cyber kill chain? Why it’s not always the right approach to cyber attacks

CERT-LatestNews ThreatsEconomic Uncategorized

As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach to security is and how you might employ it in today’s threat environment.

What is a cyber kill chain?

In military parlance, a “kill chain” is a phase-based model to describe the stages of an attack, which also helps inform ways to prevent such attacks. These stages are referred to as:

  • Find
  • Fix
  • Track
  • Target
  • Engage
  • Assess

The closer to the beginning of the kill chain an attack can be stopped, the better. The less information an attacker has, for instance, the less likely someone else can use that information to complete the attack later.

The cyber kill chain is a similar idea, which was put forth by Lockheed Martin, where the phases of a targeted attack are described. Likewise, they can be used for protection of an organization’s network. The stages are shown in the graphic below.