What is the cyber kill chain? Why it's not always the right approach to cyber attacks

Lockheed Martin's cyber kill chain approach breaks down each stage of a malware attack where you can identify and stop it, but be aware of how attack strategies are changing.

1 2 Page 2
Page 2 of 2

All of this is outside the traditional kill chain of a cyberattack, he said. Another area where the black market ecosystem impacts the cyberattack life cycle is before the attack begins. Attackers share lists of compromised credentials, of vulnerable ports, of unpatched applications. 

That's a treasure-trove of low-hanging fruit, said Nils Swart, head of products at Skyport Systems, Inc. "I'd expect more datasets to become available," he said. 

Beyond the firewall 

The traditional cyberattack life cycle also misses attacks that never touch enterprise systems at all. For example, companies are increasingly using third-party software-as-a-service (SaaS) providers to manage their valuable data. "Compromising credentials into SaaS applications means there are no exploits, no installation," said Johnson. 

Defending against attackers who buy their logins on the black market and never even touch a company's own infrastructure requires a completely different defense strategy, such as switching to a centralized, single sign-on system with two-factor authentication. 

Then there are the attacks against third-party providers -- or even fourth party providers. Law firms, marketing firms, and other vendors may have access to sensitive corporate documents. Financial institutions often use third-party processing systems. Health organizations routinely rely on outside vendors. 

To avoid breaches and regulatory fines, organizations need security processes that reach beyond the boundaries of their own networks. That includes document management systems, third-party audits, and vendor agreements that require providers to main needed security controls and have adequate cyber insurance policies. 

"We need to rethink the attack life cycle to include visibility of data beyond enterprise walls, wherever it travels, and to offer people a better way to control what happens to their data once it leaves the network," said Salvatore Stolfo, professor of computer science at Columbia University and the founder and CTO at Allure Security Technology. 

1 2 Page 2
Page 2 of 2
SUBSCRIBE! Get the best of CSO delivered to your email inbox.