Cyber kill chain is a conceptual cyber defense model that uses the structure of cyberattack as a model to build a cyber defense strategy in an organization. Furthermore, the stages in an advanced persistent threat are typically used as a framework, with cyber defense strategies considered at each stage. Besides, the cyber kill chain model works on the premise that the earlier in the lifecycle, the better to detect and defeat it with less cost.Moreover, the cyber kill chain model can work better when integrated with other defense in depth strategies.
Cyber kill chain works best for internal organizational network assets, but less effective when applied to deal with information outside of a defended perimeter in an enterprise. And the model emphasize that cyberattacks are much less expensive to deal with when they are identified and analyzed earlier in the cyberattack lifecycle.
Cyber kill chain is framework to identify, detect and prevent intrusions. Moreover, it works by comprehensively understanding the tactics and techniques used by an attacker while compromising an organization security postures. Besides, the frameworks is helpful to study the attack cycle from the initial stage until the intrusion occurs. Furthermore, it is a framework used to evaluate the effeteness of security controls through enhancing the capability of detecting and stopping cyberattacks.
Cyber kill chain framework employs the seven steps listed below:
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control (C&C)
- Actions on Objectives