The Cyber Kill Chain is a tool that was developed to model adversary behavior and serve as a way to break down the phases of attack.1 Running from left to right, the kill chain begins with reconnaissance—an adversary scoping out a network, testing for any weak links, and readying an attack. The following phases, weaponization and delivery, are a little further along the chain, but the attacker has not yet breached the network.
It’s when you get toward the right side of the cyber kill chain that trouble really begins—the adversary is already in the network, maintaining a presence and exerting control. They go from exploiting a weakness, to controlling and executing code within the network, to maintaining their presence.
For that reason, it is vital for businesses to keep their attackers on the left side of the kill chain, ideally in the Recon phase.
In this video, our Head of Cyber Threat Intelligence, Nahim Fazal, enumerates the many reasons controlling the attackers’ position on this kill chain can give businesses a cutting edge in cyber security. Watch the full video above or by clicking here.
As we’ve mentioned before, deception is an integral part of a holistic approach to cybersecurity. In this instance, however, deception technology is virtually the only tool businesses have that allows them to detect and observe threat actors before they have entered a network.
Detect attackers before they disrupt your business activity. Watch our CSO, Dan Brett, and Nahim talk about how to catch attackers before they breach their network and the benefits of moving your kill chain to the left here.
[1] https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html