Solution: Implementing the 7 Essential Steps of the Cybersecurity Kill-Chain Process
U.S. ProTech in conjunction with its Partners Lockheed Martin the Sans Institute and UCLA created a seven step Cybersecurity Kill Chain process for the identification, capture, trapping and termination of malware which is currently used throughout government agencies and Contracting companies. This blog will explore the seven step process.
1. RECONNAISSANCE: Identify the Targets
ADVERSARY: The adversaries are in the planning phase of their operation. They conduct research to understand which targets will enable them to meet their objectives.
DEFENDER: Detecting reconnaissance as it happens can be very difficult, but when defenders discover recon – even well after the fact – it can reveal the intent of the adversaries.
2. WEAPONIZATION: Prepare the Operation
ADVERSARY: The adversaries are in the preparation and staging phase of their operation. Malware generation is likely not done by hand – they use automated tools. A “weaponizer” couples malware and exploit into a deliverable payload.
DEFENDER: This is an essential phase for defenders to understand. Though they cannot detect weaponization as it happens, they can infer by analyzing malware artifacts. Detections against weaponizer artifacts are often the most durable & resilient defenses.