How to Deal With the Cyber Kill Chain
Many cyber-security teams have turned to a well-understood military concept, the kill chain, which details how adversaries structure their attacks.
Monitor threat intelligence on known actors when communications indicate possible recon attempts from those acting against your assets.
Set alerts and immediately act on any stolen credentials, personally identifiable information and confidential company information that becomes available on the internet.
Monitor and gain visibility into actor-based threat intelligence feeds that provide insight into Trusted Third Parties and malware Indicators of Compromise that may target your business or assets.
Capture and analyze any network traffic payloads for malware indicators.
Ensure all ingress and egress network connections have inline inspection based on signature and non-signature mechanisms, including within encrypted payloads.
Ensure inline inspection has full Layer 7 inspection, not just network layer.
Integrate threat intelligence to understand potential threats and vulnerabilities.
Automate the detection of vulnerabilities within owned assets and network infrastructure to ensure quick detection of attacks.
Automate vulnerability to signature creation within network inspection capabilities to ensure quick detection of network-based vulnerability attacks.
Deploy an endpoint protection system (EPS) to provide inspection of all pre-installation of applications.
Connect the EPS to a threat intelligence system with up-to-date malware hash information.
Gather and monitor threat intelligence feeds that identify all known C2 servers worldwide.
Use your threat intelligence platform to select and prioritize which systems to protect.
Connect the threat intelligence to your threat mitigation gateways to automate protection against C2 communications.
Ensure investigation and analysis of internal lateral movement of communications after infection so that other infected hosts are found.
To counter attacker’s steps inside the network:
Monitor internal network flow data and analyze to your asset ownership/compromise indicator intelligence.
Ensure your threat mitigation gateway is informed with up-to-date threat intelligence about known data exfiltration sites.
Inspect network traffic for unauthorized egress of corporate data.