An organization is likely to be breached if it has data of value. An attacker is capable in breaching most of the network defenses. Even so, an intrusion does mean it lead to an ultimate data breach. By implement Cyber Kill Chain, it provide an analysis framework that saw further simple attack repellent and explain more each step of an attack. So in this post we will discuss Why Use Cyber Kill Chain?
Cyber Kill Chain act as an indicators where the risk at. Many company experience from an excess of installed security product that generate or collect transaction logs, create plenty of alerts and create visual outputs through some type of dashboard. Every company needs to take the time to transcribe what is ‘normal’ in their setting and make a set of indicators to target cyber analysis. Indicators extent from unknown IP addresses being used to move data to repeated efforts to change access credentials to some sort of a amount infraction on file transfer.
The reason why we need Cyber Kill Chain is an Advance Persistent Threat (APT) attacks are carried out by human. It is crucial to assume cyber threats are basically carried out by human which human can learn a broad scope of technical skills, competence and preference. To handle this kind of threat needs a same persistent defense. To reveal how an attacker looks when move via our network, we need a matching indicator to attack this behavior patterns.
By implementing the Cyber Kill Chain also can make active defense possible. By doing the working interpretation in what we called a ‘normal’ operation and using automated indicators, where human creativity and technical skills are best used when their analysts can be deployed. Being able to diminish even a single step in the Cyber Kill Chain, can rattles an attack and stop the attacker goal.