Cybersecurity First Principles: intrusion kill chains.
This is part three in a series that Rick Howard, CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.
Resources:
- “Compressing the Kill Chain” By Adam J. Hebert. 1 March 2003
- “Defense-In-Depth Against Computer Viruses” by Fred Cohen, Computers and Security, Volume 11, Issue 6, pp.563-579, ISSN 0167-4048, October 1992
- "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” by Eric Hutchins, Michael Cloppert, Rohan Amin, Lockheed Martin Corporation, 2010
- “Trends In Computer Virus Research” by Fred Cohen, VXHeaven, sponsored by ASP, 1991