Cyber Kill Chain can be a great tool to improve network defence. Is it perfect and can it be the only tool to rely on? No.
The traditional Cyber Kill Chain or Lockheed Martin Cyber Kill Chain was last modified in 2011, which, if you remember, is the date of its establishment. The absence of updates and modifications creates security gaps.
The traditional Cyber Kill Chain was designed to secure the network perimeter and protect against malware threats. But the cybersecurity threats have developed drastically nowadays, and adversaries are combining multiple TTP (tactics, techniques, and procedures) to achieve their goal. Adversaries are capable of defeating threat intelligence by modifying the file hashes and IP addresses. Security solutions companies are developing technologies like AI (Artificial Intelligence) and different algorithms to detect even slight and suspicious changes.
Since the main focus of the framework is on malware delivery and network security, the traditional Cyber Kill Chain will not be able to identify Insider Threats. According to CISA, "The Insider Threat is the potential for an insider to use their authorized access or understanding of an organization to harm that organization."
We recommend not only relying on the traditional Cyber Kill Chain model but also referring to MITRE ATT&CK as well as Unified Kill Chain to apply a more comprehensive approach to your defence methodologies.
Comments
Post a Comment