Cyber security industry has debated more on the kill chain model framework developed by Lockheed Martin that is part of their intelligent driven defense model for identification and prevention of cyber intrusion activities.
The seven step process of cyber kill chain are 1) Reconnaissance, 2)Weaponization, 3)Delivery, 4)Exploitation, 5)Installation, 6)Command & Control (C2) and 7)Actions on objectives. This helps business leaders to understand how the bad guys would execute and to prepare for prevention-centric model
The cyber threat to UK business report published last year provides future threats business shall face includes below
- Supply chain compromises
- Internet of things
- Cloud Security
- Cyber crime as a service
- Fake news and information operations
- Data breaches and legislation
The introduction of MITRE ATT&CK in 2013 as a way to describe and categorize adversarial behavior based on real world observations broken into different matrices has slowly made the industry to move away from cyber kill chain framework.
ATT&CK is valuable in a variety of everyday settings. Any defensive activities that reference attackers and their behaviors can benefit from applying ATT&CK’s taxonomy. Beyond offering a common lexicon for cyber defenders, ATT&CK also provides a foundation for penetration testing and red teaming. This gives defenders and red teamers common language when referring to adversarial behaviors. Few examples are
- Mapping defensive controls
- Threat hunting
- Detection & Investigation
- Tool integrations
- Red team activities
If you are planning to have briefing session with your clients on modern SOC., please do not forget to use ATT&CK to map defenses and understand gaps.
By the way – how about your organization.
please feel free to comment your views