Share this article on:
Initially coined in military circles, the term ‘kill chain’ is used to describe the various stages of an attack. It covered everything from the initial identification of weaknesses through to destruction of the target.
Back in 2011, security and aerospace company Lockheed Martin issued their definition of a ‘cyber kill chain’ to explain the various steps that occur during a digital attack. According to their definition, a cyber kill chain incorporates:
The role of endpoint defences
For security teams charged with defending core systems and data, understanding the cyber kill chain can help to identify the various layers of defence that need to be put in place. Of these, one of the most important relates to endpoints.
This is because cyber criminals hunt for the weakest point of entry to attack a corporate network, and this is often through endpoint devices such as laptops, tablets and phones, or other IoT and wireless devices.
With large numbers of people continuing to work from home, and therefore outside the traditional perimeter defences most organisations have in place, traditional corporate network security practices are no longer effective. This means that security on endpoints needs to be upgraded as quickly as possible.
Indeed, endpoint protection can detect and prevent many stages of the cyber kill chain, completely preventing most threats or allowing security teams to remediate the most sophisticated ones in later stages.
Endpoint protection must include multiple layers of malware detection, host firewalling and intrusion detection services, exploit detection and prevention capability, endpoint detection and response, web and email security capabilities.
These layers of endpoint security can disrupt the cyber kill chain in a range of ways. These include:
Effective endpoint protection can have a significant and positive impact on an organisation’s ability to withstand a cyber attack.
Interestingly, the kill chain shows that, while cyber criminals need to progress through all phases for success, security teams just need to stop the chain at any step to break it.
Consider how secure your organisation’s endpoints are in this new work-from-home world. Doing what’s required to improve that security will pay dividends in the months and years ahead.
Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands, WatchGuard Technologies.