The Kill Chain Taxonomy is a group of cybersecurity tactics for detecting, fighting, and preventing cyberattacks such as ransomware, security breaches, and Advanced Persistent Threats (APTs). The term Kill Chain Taxonomy is based on the idea that attacks occur in phases, which can be turned down through a series of controls established at each phase.
The Kill Chain Taxonomy works through phases, which correspond to each of the seven steps that threats must go through to complete a cyberattack. For instance, between the Reconnaissance and Exploitation phases, there’s only one step: Intrusion, wherein the attacker accesses the system by leveraging malware or security vulnerabilities.
The last five stages - Exploitations, Privilege Escalation, Lateral Movement, Obfuscation / Anti-forensics, Denial of Service, and Exfiltration-point to the complexity of attacking a system. Specifically, the attacker needs to get more privileged access, move laterally to other accounts, cover his tracks, lay false trails, disrupt normal access, etc., to achieve the cyberattack’ s purpose.
There are, of course, variations to this step-by-step method proposed initially by Lockheed Martin. However, this approach offers a more detailed look at an attacker’s process to get into an organization’s system, and hence it is trusted by several security organizations around the world.
As the Kill Chain Taxonomy doesn’t need a real attack to be used, it can also be used as a management tool by an enterprise to continuously improve its network defense. However, it is essential to recognize that any action based on knowledge of Taxonomy will be in vain if the performer doesn't get to know the Kill Chain's proper phases.
Click here to read the original article published by GB Advisors.
Please give your feedback on this article or share a similar story for publishing by clicking here.
