While the "7 Steps of The Kill Chain" enable organisations to take a step back to trace the movements of an attacker, organisations should not solely rely on the cyber kill chain as it is only perimeter-focused and emphasises malware-prevention.
They should also look at a more proactive strategy, which is correlating and mapping events into the 7 Steps. This will enable them to gather richer forensic evidence, improving post-breach analysis with more data to identify trends and trace back to root causes. This provides valuable information for preventing the reoccurrence of attacks.
Here are some additional technologies that organisations can look into, alongside understanding the Cyber Kill Chain:
- More detailed threat information
This refers to visibility into confidence level, severity, and geo-location of threats, and advanced threat search features based on combo conditions with information aggregation or filtering. This helps administrators take proper and timely action.
- Strong Threat Detection Efficacy
This can include advanced threat detection engines or algorithms with a high detection rate on machine generated domains and encrypted channel identification, and a server protection feature.
- Automated Mitigation
Organisations can consider using an auto-mitigation mechanism with pre-defined templates to manually block and/or slow down sessions or reduce bandwidths.
- Cloud Analytics
This is a fine-tuned model which has automatic daily uploads to the cloud of suspicious events detected by the ATD engine, as well as black and white listing updated daily based on the result of in-depth analysis by experts.
A combination of effective analytics tools and prompt action is key to mitigating cyber security threats and minimising their impact on your IT infrastructure. It will help dissect and cut away at the kill chain, and effectively dismantling the attack part by part.
Sign up for CIO Asia eNewsletters.