Aspects of the Cyber Kill Chain Essay (Article)

Exclusively available on Available only on IvyPanda®
This academic paper example has been carefully picked, checked and refined by our editorial team.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment

The threat of cyber attacks on computer networks and data grows simultaneously with technology development. To defend a network, professionals and analysts should constantly monitor and regularly fix the system’s vulnerability. It is also essential to predict possible future adversary campaigns aimed at ultimate data exfiltration or data integrity violation. With the emergence of so-called Advanced Persistent Threats (APTs), the traditional incidence response methods proved ineffective. APT is an attack campaign in which one or a group of intruders gain access to the network to maintain a long-term, illicit presence (Lord, 2018).

The latter is needed to fulfill the objective of data mining and theft. Such intrusions often remain undetected by conventional security measures such as defense-in-depth, antivirus, and firewall solutions. For that reason, Lockheed-Martin’s scientists introduced an intrusion kill framework that helps defend computer networks by breaking down attacks into progressive phases (Hutchins et al., 2011). The main idea behind it is to respond early to the attack instead of focusing on post-compromise phases and effects.

The framework consists of separate steps of an APT campaign: reconnaissance (search for system vulnerabilities), weaponization (creation of remote access weapon), and delivery (weapon transmission). It also requires exploitation (malware program in action), installation (backdoor), command and control (seizure of administration rights), and actions on objective phases (encryption for ransom or data exfiltration) (Hospelhorn, 2020). It seems that for computer scientists, all pre-compromise stages of attack are more attractive due to their decisive role in the successful prevention and mitigation of APTs.

The incidence response approach is deemed ineffective since analyses and defense action often comes too late (Installation and C2 steps). On the contrary, Hutchins et al. (2011) suggest focusing on analysis and detection efforts up the kill chain following all intrusion phases. Naturally, APT and data manipulations become possible only if the adversary manages to pass successfully all the mentioned stages one after another. The defenders have a chance to use intruders’ persistence for their own sake as the former will re-use infrastructure and tools due to economic reasons.

What is more, the kill chain helps to collect information on unsuccessful attempts and reveal new exploits, avoiding any security damages. For instance, if an adversary used a known indicator by sending a targeted malicious email, the latter would be blocked and data theft prevented at the delivery stage (Hutchins et al., 2011). Nevertheless, further analysis of email and targeted chain may give insights on a new backdoor or exploit presence. It limits the success rate of future intrusions going undetected just because of different delivery. Thus, this method allows defenders to set courses of action along the chain, early detect vulnerabilities, mitigate future attacks, and enjoy a tactical advantage over intruders.

The authors also reveal other primary reasons to focus on pre-compromise effects, those before the exploit phase. There are fewer indicators available for exploitation, installation, and C2 that increase the Advanced Persistent Threat’s chances to remain unnoticed by the system (Korolov & Myers, 2018). The adversary may apply a different installer or backdoor that will overcome available mitigations. Hence, defenders’ top priority is to prevent the compromise itself. For that reason, the early phases are more critical and receive more attention from the scientists in the article. The cyber kill chain is an essential security and management tool helping to enhance system defense gradually.

References

Hospelhorn, S. (2020). . Varonis. Web.

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1(1), 113-125.

Korolov, M., & Myers, L. (2018). . CSO. Web.

Lord, N. (2018). . Digitalguardian. Web.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, August 22). Aspects of the Cyber Kill Chain. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/

Work Cited

"Aspects of the Cyber Kill Chain." IvyPanda, 22 Aug. 2022, ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

References

IvyPanda. (2022) 'Aspects of the Cyber Kill Chain'. 22 August.

References

IvyPanda. 2022. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

1. IvyPanda. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.


Bibliography


IvyPanda. "Aspects of the Cyber Kill Chain." August 22, 2022. https://ivypanda.com/essays/aspects-of-the-cyber-kill-chain/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1