Kill chain

This article deals with the military and information security concept. For the television episode, see NCIS (season 11)#ep246

The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.[1] Conversely, the idea of "breaking" an opponent's kill chain is a method of defense or preemptive action.[2] More recently, Lockheed Martin adapted this concept to information security, using it as a method for modeling intrusions on a computer network.[3] This model has seen some adoption in the information security community.[4] However, acceptance is not universal, with critics pointing to what they believe are fundamental flaws in the model.[5]

Kill Chain Model

Military Model

Computer Security Model

Threats occur in up to seven stages. Not all threats need to use every stage, and the actions available at each stage can vary, giving an almost unlimited diversity to attack sets.[6]

Critiques of the Model as an Information Security Tool

Among the critiques of this model as threat assessment and prevention tool is that many of the steps happen outside the defended network, making it virtually impossible to identify or counter actions at these stages. Similarly, this methodology is accused of focusing on a "perimeter-based" defensive strategy.[7]

References

  1. http://cno.navylive.dodlive.mil/2013/04/23/kill-chain-approach-4/
  2. http://foreignpolicy.com/2013/05/17/breaking-the-kill-chain/
  3. http://www.darkreading.com/attacks-breaches/how-lockheed-martins-kill-chain-stopped-securid-attack/d/d-id/1139125
  4. http://www.darkreading.com/attacks-breaches/leveraging-the-kill-chain-for-awesome/a/d-id/1317810
  5. http://www.csoonline.com/article/2134037/strategic-planning-erm/the-practicality-of-the-cyber-kill-chain-approach-to-security.html
  6. http://www.websense.com/content/seven-stages-recon.aspx
  7. http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542


This article is issued from Wikipedia - version of the Monday, January 04, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.